[Logwatch] Only Get secure-log Output

Mike McCandless Mike McCandless" <michael@prismbiz.com
Sat, 18 Jan 2003 21:57:10 -0500


I am running logwatch 2.6, on a RH7.2 box.  For some time, I have
noticed that I get very little output in my daily logwatch report.  It's
been on my mental to-do list to investigate this more, and am just now
getting around to it.  BTW, logwatch is invoked daily through
/etc/cron.daily

I don't understand Perl, and I think that's why I'm having difficulty
debugging.

The problem I observe is that the only output I get is the following,
even though if I look in /var/log/messages, there are plenty of other
items, namely things that begin with sshd(pam_unix) and su(pam_unix).  I
have no reason to believe that my systems have been compromised, but if
they were, I don't think I'd see the failed login attempts reported in
logwatch, either.

What do I need to do to get more information included in the logwatch
output?

################## LogWatch 2.6 Begin #####################

 ---------------- Connections (secure-log) Begin -------------------

Connections:
   Service pop3:
      192.168.x.y: 1 Time(s)
      192.168.x.y: 36 Time(s)
      192.168.x.y: 141 Time(s)


 ----------------- Connections (secure-log) End --------------------



 ###################### LogWatch End #########################


--------------------------------------------------------
Mike McCandless
michael@prismbiz.com