Note: Take a look at [Default server/Logwatch] document before continuing.

Nginx

_$: cp /usr/share/logwatch/scripts/services/http /etc/logwatch/scripts/services/nginx
_$: cp /usr/share/logwatch/scripts/services/http-error /etc/logwatch/scripts/services/nginx-error
_$: cp /usr/share/logwatch/default.conf/services/http /etc/logwatch/conf/services/nginx
_$: cp /usr/share/logwatch/default.conf/services/http-error /etc/logwatch/conf/services/nginx-error

/etc/logwatch/conf/services/nginx:
----------------------------------
...
###########################################################################
# Configuration file for nginx filter
###########################################################################

Title = nginx

# Which logfile group...
LogFile = nginx

/etc/logwatch/conf/services/nginx-error:
----------------------------------------
#
# Service definition for nginx error log
#
# File to be placed in
#   /etc/logwatch/conf/services/nginx-error.conf
#

Title = nginxerrors

# Which logfile group...
LogFile = nginx-error

# PHP notices should be fixed
Detail = High

/etc/logwatch/conf/logfiles/nginx.conf:
---------------------------------------
LogFile = /var/log/nginx/access.log
LogFile = /var/log/nginx/access.log.1

#Archive = /home/website/logs/old/access.*.log.*.gz

# Expand the repeats (actually just removes them now)
*ExpandRepeats

# Keep only the lines in the proper date range...
*ApplyhttpDate

/etc/logwatch/conf/logfiles/nginx-error.conf:
---------------------------------------------
LogFile = /var/log/nginx/error.log
LogFile = /var/log/nginx/error.log.1

# Expand the repeats (actually just removes them now)
*ExpandRepeats

# Keep only the lines in the proper date range...
*ApplyhttpDate

_$: /usr/sbin/logwatch --output stdout | grep nginx
 2013-02-08 17:00:42,438 fail2ban.jail   : INFO   Jail 'nginx' uses Gamin
 --------------------- nginx Begin ------------------------
 ---------------------- nginx End -------------------------

Also check that you are receiving the e-mails.

 _$: /etc/cron.daily/00logwatch

Web applications

For every web application that we deploy we must configure its logfiles and its services.

Logfiles

_$: cp /etc/logwatch/conf/logfiles/nginx.conf \
       /etc/logwatch/conf/logfiles/nginx-webapp.conf

/etc/logwatch/conf/logfiles/nginx-webapp.conf:
----------------------------------------------
LogFile = /var/log/nginx/webapp/access.log
Archive = /var/log/nginx/webapp/access.log.*

LogFile = /var/log/nginx/webapp/error.log
Archive = /var/log/nginx/webapp/error.log.*

# Expand the repeats (actually just removes them now)
*ExpandRepeats

# Keep only the lines in the proper date range...
*ApplyhttpDate

Services

_$: cp /etc/logwatch/conf/services/nginx.conf \
       /etc/logwatch/conf/services/nginx-webapp.conf

/etc/logwatch/conf/services/nginx-webapp.conf:
----------------------------------------------
###########################################################################
# Configuration file for nginx filter
###########################################################################

Title = "nginx: webapp"

# Which logfile group...
LogFile = nginx-webapp
...

_$: ln -s /etc/logwatch/scripts/services/nginx nginx-webapp