Hi if you have a handful of servers around each with LogWatch installed and generating a daily summary mail for you, how do you retrieve these mails?
At the moment I only have Dovecot installed on one of the boxes, from which I can download via Outlook the daily LogWatch mail. However, I'm not doing the same for the rest of my servers.
Am interested in how the rest of you manage this. I'm also setting up a mail server using Zimbra. Is there a way for all these servers to forward these mails to one single account? What do I need to setup or install? Thanks.
Use a Central Email Account
I recommend you use a centralized, dedicated email account for the notices from all of your servers and configure your servers to forward root emails to this account.
Since servers can generate a lot of email when there are issues, I recommend a dedicated account and not mix it with some other email account.
Also, note that the email may not be 100% secure in transit, so review the contents of the email and see if there's anything sensitive being sent.
Forward Root The easiest way to do this is just update the email alias for root on each server to go to your email. This way you will get cron notices and other systems notices.
Logwatch Only
If you just want to forward logwatch emails, then you can update logwatch's configuration file.
Check the cron job entry (usually in /etc/crond.daily/) and see where the configuration file lives. You can then update this config file with your email.
Centralized Logging
Note that as the number of systems grow, email will become unmanageable. You can then look into centralized logging (nr-syslog and others) as well as IDS/NIDS systems with centralized monitoring capabilities.