logwatch question

tom pollerman tompollerman at mail.landolls.com
Fri Mar 12 12:47:01 UTC 2004 

On Fri, 12 Mar 2004 11:33:16 -0500
tom pollerman <tompollerman at mail.landolls.com> wrote:

> On Fri, 12 Mar 2004 07:13:27 -0500
> Bill Tangren <bjt at aa.usno.navy.mil> wrote:
> 
> > I am having a problem with logwatch. I am trying to get it to only
> > 
> > report what happens in the logs for the previous day. At least for
> > some logs, it isn't doing that.
> > 
> > An example. I rotate the cron log once a week. When I set
> > 'Detail=Med', I noticed that mrtg was running, and I didn't use
> > it, so I removed it from the system (I am running RH 9 with all
> > the current updates). I found that logwatch still reported it as
> > running. I looked at logwatch.conf, and noticed that I had
> > 'Archives= Yes' and 'Range = yesterday'. The cron log doesn't show
> > any mrtg activity since I removed it from the system. This is what
> > logwatch reported today:
> > 
> > 
> > --------------------- Cron Begin ------------------------
> > 
> > Commands Run:
> >     User *system*:
> >        personal crontab reloaded: 1 Time(s)
> >     User root:
> >        /usr/bin/mrtg /etc/mrtg/mrtg.cfg: 24889 Time(s)
> >        /usr/lib/sa/sa1 1 1: 12816 Time(s)
> >        /usr/lib/sa/sa2 -A: 89 Time(s)
> >        run-parts /etc/cron.daily: 89 Time(s)
> >        run-parts /etc/cron.hourly: 2136 Time(s)
> >        run-parts /etc/cron.monthly: 3 Time(s)
> >        run-parts /etc/cron.wednesday: 13 Time(s)
> >        run-parts /etc/cron.weekly: 13 Time(s)
> > 
> >   ---------------------- Cron End -------------------------
> > 
> > 
> > It appears that logwatch is looking at ALL of my archived cron
> > logs, and reporting everything it finds.
> >
>   Bill,
> 
>      The default setting in Logwatch is to report ALL the services
> listed in /etc/log.d/scripts/services/*. If you don't want mrtg to
> be reported you can remove it from there. Or, you can explicitly
> list the services Logwatch reportes by editing /etc/conf/logwatch
> and changing'Service=ALL' to 'Service=<theservicesyouwant>'. Just
> add additional Service=<?> lines. 
>   ie.,
> 
> Service=modprobe
> Service=init
> Service=cron
> etc......
> 
>                                                   Tom
> 
> 
  Additionally, you can edit /etc/log.d/conf/logwatch.conf and change
'Archives = Yes' to 'No' if you don't want archived log fies reported.

                                                   Tom

More information about the redhat-list mailing list