[Logwatch] Suggestion/Request: feature for next version
cousin at speakeasy.net
Thu Apr 8 10:57:06 MST 2004
At 11:21 (UTC-0400) on Sun, 4 Apr 2004 NWCWEB Administration said:
= >-----Original Message-----
= >From: logwatch-bounces at logwatch.org
= >[mailto:logwatch-bounces at logwatch.org] On Behalf Of ken
= >Sent: Wednesday, March 03, 2004 8:26 AM
= >Subject: [Logwatch] Suggestion/Request: feature for next version
= >First, thanks for the effort in creating Logwatch. I read
= >these reports every day in my email. But when I do, I have no clue as to
= >how to check out what Logwatch is talking about. To remedy this, I wish that
= >Logwatch would output (in its mailout) the times, names of originating
= >daemons, relevant config files, and other information about the reported
= >events so that the reported activities would be easier to track down in
= >the logs and elsewhere.
= >Thanks again,
= What is it that you're missing clues on? Most of what
= Logwatch contains comes from standard locations, so depending
= on the box you have and it's OS you should be able to dig up
= those clues reasonably easy.
It would help greatly if the time field from the logs were left in the
logwatch output. Yes, I could search the logs for the event in question
and find out the time, but if it were simply left in the output, then it
would save me from having to do the search. Also, I could see from the
logwatch output if there was a relationship in time between messages
reported by logwatch.
= You can turn on more verbose details in Logwatch from
= what we've found, but I'd hate to have that level of detail
= every day as it would use up more resources that already
Yes, that is a nice feature and the one that I always use now because it
provides more of the information I am looking for. It is nice that it
sometimes shows the command being run which produces the logwatch output
and sometimes the logfile from which the output has been culled. It
would be very nice if, where possible, both the command names and the
logfiles relevant to the logwatch output were reported... these in
addition to the output date/time field.
= Most of what we've seen in Logwatch points to key areas
= that are easily remedied, such as intrusion attempts that need
= to go into the Firewall (and you have to look those up in ARIN,
= etc. to really get the proper answer as to blocking those attempts),
= spam that needs to be blocked in spam filters, etc.
Thanks for the idea. I'll look into that.
= If you can provide more detail as to what sections are
= confusing or lacking details, I might be able to pass on what
= we've found and do to react to the reports.
= David J. Duffner
= VP Operations
= NWC Corporation
Thanks very much for your email.
More information about the Logwatch