I have done only changes is the mailto and Detail = High
in this file /usr/share/logwatch/default.conf. The problem now is that I am running nginx with modsecurity but I dont see webserver logs to be part of daily logwatch which is emailed to me.

That's a directory on my server, containing a file named logwatch.conf

From man logwatch
Logwatch conf files are typically well-documented within, but it always helps to read the directions.
Perhaps nginx log files are not where logwatch is looking for them?

Hi Sean,
I am not too sure on the settings on this file . I actually have this /var/log/nginx with both access.log and error.log in side this folder. Also in this folder /var/log/modsec I have this files audit.log. I thought logwatch will collect everything from /var/log ?

I'm not sure either, that's why I pointed you to the documentation that should be in
...have you read that?

Hi Sean,
I have read the link you gave me and further to that I found this link too and this to be working now so other could benefit from this too but I am still looking into how to bring modsecurity logs into logwatch. I saw something like below output.
I am wondering how come in a short span it shows 781 responses could it being attack? I dont quite this mod_proxy thing?

Is that the first part of the httpd section? For yesterday, mine says:
That means the web server responded to 14239 httpd requests, of which 10006 were found, 1092 were redirects, 3139 were not found (this is where requests for phpmyadmin would be counted) and 2 were forbidden.

I seldom peruse the detail listings of the "Requests with error response codes" -- only if something is not working as it should.

Hi Sean,
What do you mean by. So how will this logs help ? Do you have people attemping the mod_proxy ? Anything else I should be on the look out and to be alerted via this nginx logs?

Exactly what I said. (Presuming still that we're talking about the httpd section of the Logwatdh email...you didn't answer that question) In that example there are 3141 "Requests with error response codes" 3139 of those are "not found" errors. Those are typically some lowlife attempting to find access to file or directory that doesn't exist, like a phpmyadmin directory or a wp-admin file on a non-WordPress site. There is A) No real harm in those responses and B) nothing to be done to prevent them, short of unplugging the CAT-5 cable, so I seldom even look at them. If something's not working as it should, then the answer might be in that listing, but in those cases, I've probably already used the httpd error logs to figure out the problem, so reading the entries in the Loqwatch report the next day is also (to me) unnecessary.

Now, I know these things because I used to read the entire email every day. I'm not saying you shouldn't do that. I"m just saying you need to understand that a reported cracking attempt or "error response" listing in Logwatch is not necessarily an indicator of a problem that needs your attention.

Hi Sean,
Yes we are still talking about httpd section but in this case its nginx.
. I dont get you which question you mean I did not answer you sorry maybe I might miss something there.
How do you do this cause there are many entries what tool you use to highlight or alert on this ?