[Logwatch] Linux 8 - Logwatch newbie

Systems Administrator sysadmin@sunet.com.au
Tue, 18 Nov 2003 10:24:25 +1100 (EST)


On Tue, 18 Nov 2003, Systems Administrator wrote:

> On Mon, 17 Nov 2003, Allen, Ronda wrote:
> 
> > Can someone please send me directions for installing and configuring
> > Logwatch on Linux 8.  I have setup a syslog server on Linux 8 and am
> > trying to get logwatch to monitor PIX firewall logs.
> >  
> > Any help would be appreciated.  
> 
> 	A number of things you should be aware of:
> 1.	logwatch currently doesn't separate entries by host.  I'm using it 
> 	on my syslog server anyway, though.  
> 2.	Logwatch only recognises log entries for services it has modules 
> 	for.  There are currently no cisco modules (I was looking at 
> 	writing some to monitor my modem racks, but haven't had time yet).  
> 
> 	My advice would be:
> 1.	Install logwatch, and get it to monitor the logs from both the 
> 	PIXes and the syslog machine itself (because it will recognise 
> 	these).  
> 2.	Write a module recognising the PIX entries.  This shouldn't be too 
> 	difficult, hopefully (assuming you know Perl).  

	I should've also added:

3.	Contribute the PIX module back to logwatch, so that when you want 
	to upgrade logwatch, you don't have to make your PIX module work 
	with the new version.  

> 
> 	:)
> 
> 

-- 
Tim Nelson
Systems Administrator
Sunet Internet
Tel: +61 3 5241 1155
Fax: +61 3 5241 6187
Web: http://www.sunet.com.au/
Email: sysadmin@sunet.com.au