In this section, we will see how to install and configure Logcheck so that we can use it, as per our requirements:

1. The first step is to install the package using the following command:

2. During installation, a window will open showing information about selecting the mail server configuration type, as shown in the following screenshot:

Press Ok to continue.

3. In the next window, select Internet Site and then select Ok to continue:

4. After the installation has completed, we need to make changes in the configuration file /etc/logcheck/logcheck.conf.
5. The first thing we can edit in the configuration file is the format of the date/time stamp which is used in the subject of the mail sent by Logcheck:

6. Next, we can change the value for the REPORTLEVEL variable to control the level of filtering of the logs, as per our requirements. We have three options available, and by default, the value is set to server:

The workstation value filters most of the messages and is less verbose. The paranoid value is useful for systems that have high security, are running as less services as possible, and are more verbose.

1. After this, we will change the value for the variable SENDMAILTO and provide our email address so that we can receive the logs on our email ID:

8. The mail generated by Logcheck uses different subject lines for different events. If we wish to modify these subject lines, we can edit the value for the variables, like so:

9. Logcheck, by default, uses the /etc/logcheck/logcheck.logfiles file for maintaining a list of log files to be monitored. If we wish to use any other file to define the list, and if it is in another location, we can edit the RULEDIR variable to define the new path:

10. If we want Logcheck to monitor any particular file apart from what is already defined in the /etc/logcheck/logcheck.logfiles file, we can add the following entry in it:

In the preceding file, we have added the following line: /var/log/boot.log.