Is it possible to improve the quality of reports from logwatch?
Like make it not just report disk usage which doesn't even change much in daily operation, but report significant changes in usage or approaching critical capacity levels?
If I cannot do that with logwatch and instead have to write custom scripts to produce such reports, logwatch appears to be pretty useless, or even dangerous, as many users reportedly grow to ignore emails from it knowing they are so boring.
There are two different aspects here:
Logwatch by default is boring, but its goal is to alert on suspicious patterns on log files. If you don't edit the different rules to make it more interesting, by default it will send mails with what the creator found useful, with his own infrastructure and experience.
It is possible to update the different services, to only include the most relevant, and from these services, the most relevant patterns. On Debian-like systems, the whole configuration is in /usr/share/logwatch, and documentation can be found by running zless /usr/share/doc/logwatch/HOWTO-Customize-LogWatch.gz. However, getting a warning only when disk space reaches some level may be tricky.
On the other hand, to report significant changes in a long extend of time, logwatch will be pretty useless. Its purpose is to warn you about unique events (such as user trying to log with wrong password, apache crashed, how many mails sent this day, trouble having as consequence some process vomiting in log files...). To get information on changing behavior such as disk space, you should use something as cacti (graphics), aka a monitoring tools.
I am interested by this subject, having more or less the same problematic; As following, my answer may not be complete, Hope it helps!