[Logwatch] Suggestion/Request: feature for next version

ken cousin at speakeasy.net
Thu Apr 8 10:57:06 MST 2004


At 11:21 (UTC-0400) on Sun, 4 Apr 2004 NWCWEB Administration said:

= >-----Original Message-----
= >From: logwatch-bounces at logwatch.org 
= >[mailto:logwatch-bounces at logwatch.org] On Behalf Of ken
= >Sent: Wednesday, March 03, 2004 8:26 AM
= >Subject: [Logwatch] Suggestion/Request: feature for next version
= >
= >First, thanks for the effort in creating Logwatch.  I read 
= >these reports every day in my email.  But when I do, I have no clue as to 
= >how to check out what Logwatch is talking about.  To remedy this, I wish that
= >Logwatch would output (in its mailout) the times, names of originating
= >daemons, relevant config files, and other information about the reported
= >events so that the reported activities would be easier to track down in
= >the logs and elsewhere.
= >
= >Thanks again,
= >ken
= 
= Ken,
= 
= 	What is it that you're missing clues on?  Most of what
= Logwatch contains comes from standard locations, so depending
= on the box you have and it's OS you should be able to dig up
= those clues reasonably easy.

It would help greatly if the time field from the logs were left in the 
logwatch output.  Yes, I could search the logs for the event in question 
and find out the time, but if it were simply left in the output, then it 
would save me from having to do the search.  Also, I could see from the 
logwatch output if there was a relationship in time between messages 
reported by logwatch.


= 
= 	You can turn on more verbose details in Logwatch from
= what we've found, but I'd hate to have that level of detail
= every day as it would use up more resources that already 
= exist.

Yes, that is a nice feature and the one that I always use now because it
provides more of the information I am looking for.  It is nice that it
sometimes shows the command being run which produces the logwatch output
and sometimes the logfile from which the output has been culled.  It
would be very nice if, where possible, both the command names and the
logfiles relevant to the logwatch output were reported... these in 
addition to the output date/time field.


= 
= 	Most of what we've seen in Logwatch points to key areas
= that are easily remedied, such as intrusion attempts that need
= to go into the Firewall (and you have to look those up in ARIN,
= etc. to really get the proper answer as to blocking those attempts),
= spam that needs to be blocked in spam filters, etc.  

Thanks for the idea.  I'll look into that.


= 
= 	If you can provide more detail as to what sections are
= confusing or lacking details, I might be able to pass on what
= we've found and do to react to the reports.
= 
= 	HTH!
= 
=       David J. Duffner
=       VP Operations
=       NWC Corporation
=       NWCWEB.com
=       

Thanks very much for your email.


Regards,
ken




More information about the Logwatch mailing list