# Install logcheck with Homebrew, apk, apt, Nix, zypper

Mail anomalies in the system logfiles to the administrator. Version 1.4.7 via Homebrew; verified from local package data.

## Install

```sh
sudo av install brew:logcheck
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install logcheck
```

  Evidence: local Homebrew formula metadata

### Linux

- apk (92%):

```sh
sudo apk add logcheck
```

  Evidence: Alpine Linux edge package indexes: logcheck from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz

- Debian apt (92%):

```sh
sudo apt install logcheck
```

  Evidence: Debian stable package indexes: logcheck from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz

- Nix (92%):

```sh
nix profile install nixpkgs#logcheck
```

  Evidence: nixpkgs package indexes: pkgs/by-name/lo/logcheck/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1

- zypper (92%):

```sh
sudo zypper install logtail
```

  Evidence: openSUSE Tumbleweed package metadata: logtail from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst

## Package facts

- **Package key:** brew:logcheck
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/logcheck>
- **Version:** 1.4.7
- **Source summary:** Mail anomalies in the system logfiles to the administrator
- **Homepage:** <https://packages.debian.org/sid/logcheck>
- **Repository:** <https://salsa.debian.org/debian/logcheck>
- **Upstream docs:** <https://packages.debian.org/sid/logcheck>
- **License:** GPL-2.0-only
- **Source archive:** <https://deb.debian.org/debian/pool/main/l/logcheck/logcheck_1.4.7.tar.xz>
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- logcheck (cli)
- logcheck-test (cli)
- logtail (cli)
- logtail2 (cli)
- logcheck (alias)
- logcheck-test (alias)
- logtail (alias)
- logtail2 (alias)

## Build dependencies

- gnu-sed

## Install behavior

- Post-install hook: not defined
- Bottle: available on all

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 1.4.7
- Local data: ok
- Upstream repository: https://packages.debian.org/sid/logcheck
- info: No package-manager update timestamp was available.
- info: Release/tag comparison is only available for GitHub repositories.
## Project history and usage

logcheck is a Debian-oriented log monitoring tool that scans system logs for unexpected entries and emails reports to the administrator. It focuses on filtering routine messages out so security violations, attack alerts, and unusual system events stand out.

### Project history

Debian's package page says logcheck was originally part of the Abacus Project security tools and was later rewritten. The Debian repository's change notes describe the Debian package becoming effectively Debian-native after a major overhaul around version 1.1.9.1 because Debian's version had diverged substantially from the old upstream 1.1.1 code.

The current Debian Salsa repository presents logcheck as the maintained source home for Debian packaging, with the project description centered on mailing summaries of log file entries to administrators via cron.

### Adoption history

logcheck's adoption is strongest in Debian-family systems, where its manpages, package page, and logcheck-database rules are first-class distribution artifacts. The supplied package metadata also records package availability in Homebrew, Alpine, Nix, openSUSE, Debian, and Ubuntu.

The package belongs to an older Unix administration style: periodic cron jobs, regex rule directories in /etc, and email to root or an administrator. That style remains useful on servers where a small local checker is preferable to a centralized log pipeline.

### How it is used

The logcheck command runs by default as an hourly cron job and after reboot. It filters messages at paranoid, server, or workstation levels, sorts reports into system events, security events, and attack alerts, and sends email only when messages survive the rules.

Administrators tune it through `/etc/logcheck/logcheck.conf`, monitored-file lists, and rule directories such as cracking.d, violations.d, violations.ignore.d, and ignore.d.*. The logcheck-database documentation emphasizes writing precise extended regular expressions and testing new rules with logcheck-test.

### Why package nerds care

logcheck is a packaging-culture artifact: much of its value lives in distribution-maintained regex databases and package-specific rule files, not in a large binary. It is a useful example of Debian packaging acting as upstream stewardship for a security-administration workflow.

### Timeline

- Pre-1.1.9.1: logcheck originates in the Abacus Project security tools and is later rewritten.
- 1.1.9.1: Debian change notes describe a major overhaul and larger config/rulefile changes.
- 2018: Debian Salsa project page records repository creation on May 13, 2018.
- Current: Debian manpages document hourly cron use, report levels, and /etc/logcheck configuration.

### Related projects

- logtail: used by logcheck workflows to process recent log messages.
- logcheck-database: the companion rules package that supplies regular-expression filters.

### Sources

- <https://manpages.debian.org/testing/logcheck/logcheck.8.en.html>
- <https://packages.debian.org/sid/logcheck>
- <https://salsa.debian.org/debian/logcheck>
- <https://salsa.debian.org/debian/logcheck/-/raw/debian/sid/CHANGES>
- <https://salsa.debian.org/debian/logcheck/-/raw/debian/sid/docs/README.logcheck-database>


## Security Notes

narrow executable package without higher-risk signals.

- **Geiger risk:** green / low
- narrow executable package without higher-risk signals


## Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.


## Configuration files

- Unix: /etc/logcheck/logcheck.conf, /etc/logcheck/*.d/*
## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** logcheck
- **Version Scheme:** 0
- **Revision:** 0
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** stable

## Other Package-Manager Records

- Debian apt - logcheck - 1.4.5+deb13u1: normalized package name match | Debian stable package indexes: logcheck from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | check the system log for unusual entries
- Debian apt - logcheck-database - 1.4.5+deb13u1: normalized package name match | Debian stable package indexes: logcheck-database from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | database of system log rules for logcheck
- Debian apt - logtail - 1.4.5+deb13u1: normalized package name match | Debian stable package indexes: logtail from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz | Identify new lines added to the end of log files
- Nix - logcheck: normalized package name match | nixpkgs package indexes: pkgs/by-name/lo/logcheck/package.nix from https://api.github.com/repos/NixOS/nixpkgs/git/trees/master?recursive=1
- Ubuntu apt - logcheck - 1.4.3: normalized package name match | Ubuntu 24.04 LTS package indexes: logcheck from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | check the system log for unusual entries
- Ubuntu apt - logcheck-database - 1.4.3: normalized package name match | Ubuntu 24.04 LTS package indexes: logcheck-database from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | database of system log rules for logcheck
- Ubuntu apt - logtail - 1.4.3: normalized package name match | Ubuntu 24.04 LTS package indexes: logtail from https://archive.ubuntu.com/ubuntu/dists/noble/main/binary-amd64/Packages.gz | Identify new lines added to the end of log files
- apk - logcheck - 1.4.7-r0: normalized package name match | Alpine Linux edge package indexes: logcheck from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Bash scripts used to monitor system log files for anomalies | https://packages.debian.org/source/sid/logcheck
- apk - logcheck-doc - 1.4.7-r0: normalized package name match | Alpine Linux edge package indexes: logcheck-doc from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Bash scripts used to monitor system log files for anomalies (documentation) | https://packages.debian.org/source/sid/logcheck
- apk - logtail - 3.22-r3: installed executable or alias match | Alpine Linux edge package indexes: logtail from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz | Print new lines in log file since the last run (sf.net logtail-v3 ver) | https://logtail-v3.sourceforge.net/
- zypper - logtail - 0.2.4-21.7: installed executable or alias match | openSUSE Tumbleweed package metadata: logtail from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst | Helper application to analyze logfiles | http://sourceforge.net/projects/logdigest


## Related links

- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [Networking and protocol packages](https://www.automicvault.com/pkg/networking-protocol-tools/) - Matched network, protocol, or remote-service metadata.
- [Security and crypto packages](https://www.automicvault.com/pkg/security-crypto-tools/) - Matched security, identity, cryptography, password, signing, or certificate metadata.
- [Productivity CLI packages](https://www.automicvault.com/pkg/productivity-cli-packages/) - Matched curated productivity category metadata from av.db.
- [gnu-sed](https://www.automicvault.com/pkg/brew/gnu-sed/) - Build dependency declared by Homebrew.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, monitoring, security.
- [fail2ban](https://www.automicvault.com/pkg/brew/fail2ban/) - Shares av.db curated category or tags: cli, log-analysis, security.
- [aircrack-ng](https://www.automicvault.com/pkg/brew/aircrack-ng/) - Shares av.db curated category or tags: cli, security.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: cli, security.
- [anubis](https://www.automicvault.com/pkg/brew/anubis/) - Shares av.db curated category or tags: cli, security.
- [authoscope](https://www.automicvault.com/pkg/brew/authoscope/) - Shares av.db curated category or tags: cli, security.
- [azurehound](https://www.automicvault.com/pkg/brew/azurehound/) - Shares av.db curated category or tags: cli, security.
- [bagel](https://www.automicvault.com/pkg/brew/bagel/) - Shares av.db curated category or tags: cli, security.
- [hopenpgp-tools](https://www.automicvault.com/pkg/brew/hopenpgp-tools/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, security.

## Combined YAML source

View the package source record on GitHub. [combined/logcheck.yml](https://github.com/automic-vault/db/blob/main/combined/logcheck.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated configuration and credential file locations
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
