[Logwatch] Question about logwatch

Iustin Pop iusty@ags.ro
29 Apr 2002 06:41:40 +0300


Hello,

Could you please explain me the architecture of logwatch? From what I
see:

source-file1|        /- matches service 1  |
source-file2|------>/ - matches service 2  |
....        |       \ - ........           |-- output
source-filen|        \- matches service n  |


Is this correct? If yes, that means that log lines which don't match any
service are simply discareded? The reason I ask is that I (begin to) use
snort with its syslog output and logwatch doesn't show me anything from
it. Also I wonder what other messages I miss from syslog.

Thanks in advance,
Iustin Pop