How to set up Logwatch to receive high level messages immediately?

Phil asked:

I have set up Logwatch on my (Debian) system. Mailing etc works well.

What I would like to is to get a daily report of the system once a day

And;

To receive any high level (failed login attempts, attacks -if possible- etc) immediately as they happen.

Which settings do I need to modify and modify with what exactly? I am quite a newbie when it comes to working with systems and I did my research on Google but the results only lead me thus far.

Thank you.

My answer:


Assuming you’re using rsyslog, which is the default on Debian squeeze:

Use rsyslog’s mail output module to send yourself email. You can configure which messages get sent to you in the usual way:

*.emerg  :ommail:;mailBody

or by matching text in the log message:

if $msg contains 'hard disk fatal failure' then :ommail:;mailBody

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.