[Logwatch] Linux 8 - Logwatch newbie
Tue, 18 Nov 2003 10:24:25 +1100 (EST)
On Tue, 18 Nov 2003, Systems Administrator wrote:
> On Mon, 17 Nov 2003, Allen, Ronda wrote:
> > Can someone please send me directions for installing and configuring
> > Logwatch on Linux 8. I have setup a syslog server on Linux 8 and am
> > trying to get logwatch to monitor PIX firewall logs.
> > Any help would be appreciated.
> A number of things you should be aware of:
> 1. logwatch currently doesn't separate entries by host. I'm using it
> on my syslog server anyway, though.
> 2. Logwatch only recognises log entries for services it has modules
> for. There are currently no cisco modules (I was looking at
> writing some to monitor my modem racks, but haven't had time yet).
> My advice would be:
> 1. Install logwatch, and get it to monitor the logs from both the
> PIXes and the syslog machine itself (because it will recognise
> 2. Write a module recognising the PIX entries. This shouldn't be too
> difficult, hopefully (assuming you know Perl).
I should've also added:
3. Contribute the PIX module back to logwatch, so that when you want
to upgrade logwatch, you don't have to make your PIX module work
with the new version.
Tel: +61 3 5241 1155
Fax: +61 3 5241 6187