[Logwatch] Linux 8 - Logwatch newbie

Systems Administrator sysadmin@sunet.com.au
Tue, 18 Nov 2003 09:47:45 +1100 (EST)


On Mon, 17 Nov 2003, Allen, Ronda wrote:

> Can someone please send me directions for installing and configuring
> Logwatch on Linux 8.  I have setup a syslog server on Linux 8 and am
> trying to get logwatch to monitor PIX firewall logs.
>  
> Any help would be appreciated.  

	A number of things you should be aware of:
1.	logwatch currently doesn't separate entries by host.  I'm using it 
	on my syslog server anyway, though.  
2.	Logwatch only recognises log entries for services it has modules 
	for.  There are currently no cisco modules (I was looking at 
	writing some to monitor my modem racks, but haven't had time yet).  

	My advice would be:
1.	Install logwatch, and get it to monitor the logs from both the 
	PIXes and the syslog machine itself (because it will recognise 
	these).  
2.	Write a module recognising the PIX entries.  This shouldn't be too 
	difficult, hopefully (assuming you know Perl).  

	:)

-- 
Tim Nelson
Systems Administrator
Sunet Internet
Tel: +61 3 5241 1155
Fax: +61 3 5241 6187
Web: http://www.sunet.com.au/
Email: sysadmin@sunet.com.au