Logcheck analyses the system log for unuexpected entries that could indicate problems or security issues.

Log entries in the system log (produced by systemd-journald, rsyslog or another system-log-dameon) are checked against a customisable database of regular expressions (such as that provided by the logcheck-database package) to identify routine messages: anything that does not identified as routine is reported to the system administrator.

Logcheck was originally part of the Abacus Project of security tools, but has been rewritten.