Logwatch is a modular log analyser that runs every night and mails you the results. It can also be run from command line.
The output is by service and you can limit the output to one particular service. The subscripts which are responsible for the output, mostly convert the raw log lines in structured format. Logwatch generally ignores the time component in the output, that means, you will know that the reported event was logged in the requested range of time, but you will have to go to the raw log files to get the exact details.
To check our webserver logs we fired up logwatch with this command:
logwatch –servicehttp –range all –detail high –print
Since we frequently run vulnerability scanners on our test webserver all the time the file is preety big.Linux Tools logwatch Security