logwatch question
tom pollerman
tompollerman at mail.landolls.com
Fri Mar 12 14:55:23 UTC 2004
On Fri, 12 Mar 2004 13:34:23 -0500
Bill Tangren <bjt at aa.usno.navy.mil> wrote:
> tom pollerman wrote:
> > On Fri, 12 Mar 2004 11:33:16 -0500
> > tom pollerman <tompollerman at mail.landolls.com> wrote:
> > Additionally, you can edit /etc/log.d/conf/logwatch.conf and
> > change
> > 'Archives = Yes' to 'No' if you don't want archived log fies
> > reported.
> >
> > Tom
> >
> >
>
> The issue is not THAT logwatch is reporting on mrtg, it is that it
> is reporting on mrtg for MORE THAN 'yesterday'. I want logwatch to
> use the archives if necessary, because there will be days when a log
> is archived before logwatch has a change to read it.
>
> I just don't understand why it is reporting what it finds in logs
> going back several years, instead of just what was entered
> yesterday.
>
>
>
Bill,
I don't run mrtg, so don't know how it is logged. If Logwatch has
an "mrtg" entry in /etc/log.d/scripts/services then it should have a
corresponding /etc/log.d/conf/logfiles/ entry.
But, this may give you some ideas...
/etc/log.d/conf/logfiles/* contains the types of archived files
that Logwatch anaylizes for the services in
/etc/log.d/scripts/services/*.
In each of the /etc/log.d/conf/logfiles/*.conf file there is an
'Archive = xxx.*' and 'Archive = xxx.*.gz line.
So, for example for cron, it would look in ALL the cron.<anything>
and cron.<anything>.gz. If your archived cron files are, say: cron.1,
cron.2, cron.3, cron.4, ...etc and you only want cron.1 and cron.2,
you can try editing /etc/log.d/logfiles/cron.conf and changing the
'Archive = cron.* to 'Archive = cron.1' and add the additional
'Archive = cron.2'.
But, if all you want is for Logwatch to look at particular current
active logfile and its most recent logrotated logfile, you would have
'Archive = Yes' in /etc/log.d/conf/logwatch.conf and edit the
particular /etc/log.d/conf/logfiles/* , and change 'Archive = xxx.*'
to 'Archive = xxx.1' and comment out the 'Archive = xxx.*.gz' line.
Best,
Tom
More information about the redhat-list
mailing list