This guide will explain how to set up ssmtp (a simple SMTP delivery agent) for emailing logs to an email address using logwatch.
Firstly in a terminal, enter
yum install ssmtp
After the ssmtp has installed edit the configuration file with
vim /etc/ssmtp/ssmtp.conf
and edit the configuration file
# # Config file for sSMTP sendmail # # The person who gets all mail for userids < 1000 # Make this empty to disable rewriting. root=!!!insert outgoing email address here!!! # The place where the mail goes. The actual machine name is required no # MX records are consulted. Commonly mailhosts are named mail.domain.com mailhub=smtp.gmail.com:587 # Where will the mail seem to come from? rewriteDomain=!!!enter your domain name here!!! # The full hostname hostname=!!!insert outgoing email address here!!! # Are users allowed to set their own From: address? Not recommended with gmail # YES - Allow the user to specify their own From: address # NO - Use the system generated From: address #FromLineOverride=YES # Username and password for Google's Gmail servers # From addresses are settled by Mutt's rc file, so # with this setup one can still achieve multi-user SMTP AuthUser=!!!email user name!!! AuthPass=!!!email password!!! #Uncomment these settings for use with gmail #UseTLS=YES #UseSTARTTLS=YES #mailhub=smtp.gmail.com:587
You can now test that ssmtp is working with
cat - | /usr/sbin/ssmtp -v <your-email-address>
enter ctrl+D to send the test message
If the message has been received we can go on and configure logwatch
Edit logwatch to change mailer
# vim /etc/logwatch/conf/logwatch.conf mailer = "ssmtp -v <your-email-address>"
To test it works send the security log with
sudo logwatch --logfile secure --detail high --mailto <your-email-address> --range yesterday