Re: Bug in logwatch? (not all archives are checked and --logdir is partially ignored).
On Sun, 29 Apr 2012 14:39:08 +0200, Maarten Derickx wrote:
(...)
→ About the problem of analyzing from the archive
> The strange thing is that when I do:
>
> logwatch --service sshd --archives
>
> I get only 3 logins 2 from "mderickx" and 1 from "sageslave". (see
> Output 1 below)
(...)
> The strange thing is that if I now do:
>
> root@md:/var/log# gzip auth.log.1
>
> and then
>
> logwatch --service sshd --archives
>
> then I do get the expected amount of 10 logins for the user mderickx in
> the logwatch output. So it seems that in contrast to the what the
> documentation suggests the uncompressed archive /var/log/auth.log.1 is
> not checked!
Look at one of the config files that manages sshd (secure.conf), I think
there can be a rule pattern definition error there.
Logwatch seems to be configured to read either from "/var/log/
auth.log" (as the actual file) or "/var/log/auth.log.*.gz" files (for the
archives) but does not handle non "*.gz" files with a different
filename :-?
→ About the problem of setting a different directory for the logs
(...)
I leave this for others to debug :-P
Greetings,
--
Camaleón
Reply to: