logwatch question
tom pollerman
tompollerman at mail.landolls.com
Fri Mar 12 12:47:01 UTC 2004
On Fri, 12 Mar 2004 11:33:16 -0500
tom pollerman <tompollerman at mail.landolls.com> wrote:
> On Fri, 12 Mar 2004 07:13:27 -0500
> Bill Tangren <bjt at aa.usno.navy.mil> wrote:
>
> > I am having a problem with logwatch. I am trying to get it to only
> >
> > report what happens in the logs for the previous day. At least for
> > some logs, it isn't doing that.
> >
> > An example. I rotate the cron log once a week. When I set
> > 'Detail=Med', I noticed that mrtg was running, and I didn't use
> > it, so I removed it from the system (I am running RH 9 with all
> > the current updates). I found that logwatch still reported it as
> > running. I looked at logwatch.conf, and noticed that I had
> > 'Archives= Yes' and 'Range = yesterday'. The cron log doesn't show
> > any mrtg activity since I removed it from the system. This is what
> > logwatch reported today:
> >
> >
> > --------------------- Cron Begin ------------------------
> >
> > Commands Run:
> > User *system*:
> > personal crontab reloaded: 1 Time(s)
> > User root:
> > /usr/bin/mrtg /etc/mrtg/mrtg.cfg: 24889 Time(s)
> > /usr/lib/sa/sa1 1 1: 12816 Time(s)
> > /usr/lib/sa/sa2 -A: 89 Time(s)
> > run-parts /etc/cron.daily: 89 Time(s)
> > run-parts /etc/cron.hourly: 2136 Time(s)
> > run-parts /etc/cron.monthly: 3 Time(s)
> > run-parts /etc/cron.wednesday: 13 Time(s)
> > run-parts /etc/cron.weekly: 13 Time(s)
> >
> > ---------------------- Cron End -------------------------
> >
> >
> > It appears that logwatch is looking at ALL of my archived cron
> > logs, and reporting everything it finds.
> >
> Bill,
>
> The default setting in Logwatch is to report ALL the services
> listed in /etc/log.d/scripts/services/*. If you don't want mrtg to
> be reported you can remove it from there. Or, you can explicitly
> list the services Logwatch reportes by editing /etc/conf/logwatch
> and changing'Service=ALL' to 'Service=<theservicesyouwant>'. Just
> add additional Service=<?> lines.
> ie.,
>
> Service=modprobe
> Service=init
> Service=cron
> etc......
>
> Tom
>
>
Additionally, you can edit /etc/log.d/conf/logwatch.conf and change
'Archives = Yes' to 'No' if you don't want archived log fies reported.
Tom
More information about the redhat-list
mailing list