[Logwatch] Question about logwatch

Iustin Pop iusty@ags.ro
29 Apr 2002 06:41:40 +0300


Could you please explain me the architecture of logwatch? From what I

source-file1|        /- matches service 1  |
source-file2|------>/ - matches service 2  |
....        |       \ - ........           |-- output
source-filen|        \- matches service n  |

Is this correct? If yes, that means that log lines which don't match any
service are simply discareded? The reason I ask is that I (begin to) use
snort with its syslog output and logwatch doesn't show me anything from
it. Also I wonder what other messages I miss from syslog.

Thanks in advance,
Iustin Pop