[Logwatch] Logwatch and FreeBSD

Jason Williams jwilliams at courtesymortgage.com
Tue Aug 17 16:10:54 MST 2004

Hello everyone.

I just happened to get my hands on Kirk Bauer's Automating UNIX and Linux 
Administration. Saw the title and knew immediately that book was for me. :)

I stopped by logwatch.org today and searched around a bit. I was very 
curious about logwatch itself. I proceeded to download it and put it on a 
test machine so I can see how it works.

Customizing it was pretty simple. I just needed to make a few adjustments 
to path locations, as well as specify in logwatch.pl the location of the 
directory that I set up.
I was very pleased to see that there was a Mailscanner filter. I use 
mailscanner for our company mail gateway server and the idea of getting 
daily mailscanner logs sent to me was extremely appealing.

Just a few quick questions though.

1.) I don't need all the services to be scanned on my system. I only have a 
few logs thought I would like to be parsed on my mailgateway server. These are:

-sshd, sshd2

It appears that I can probably just list these in the logwatch.conf file 
correct? Then, only those will be used when the script is run, is what I am 

Secondly, when I initially put this on my test machine, I just ran the 
script with 'All' specified just to see what was going on. To my surprise, 
not a whole lot showed up. I did find out that I needed to install gawk 
from the ports tree, but that was not a problem.

Anyway, i've tried a few different settings and things and I think for the 
most part logwatch is written for Linux. When I run the script for 'All' 
services and 'All' days, here is a sample of the output:

First, if I just run the Logwatch.pl script from the command line, just 
executing ./logwatch.pl, I get this output:

readline() on closed filehandle TESTFILE at ./logwatch.pl line 745.

I then check my mail, and here are a few pieces of it (not sure if this is 
correct, but it doesn't give output from all the files)

  --------------------- IMAP Begin ------------------------

/usr/local/etc/logwatch/scripts/services/imapd: permission denied

  --------------------- sendmail Begin ------------------------

Bytes Transferred: 6645482
Messages Sent:     316
Total recipients:  316

2 messages returned after 4 hours

53 messages returned after 5 days

Top relays (recipients/connections - min 10 rcpts, max 50 lines):
     308/308: localhost.courtesy.com []

  ---------------------- sendmail End -------------------------

ls: illegal option -- S
usage: ls [-ABCFGHLPRTWabcdfghiklnoqrstu1] [file ...]

  --------------------- SSHD Begin ------------------------

Use of uninitialized value in hash element at 
/usr/local/etc/logwatch/scripts/services/sshd line 174, <STDIN> line 1.
Use of uninitialized value in hash element at 
/usr/local/etc/logwatch/scripts/services/sshd line 174, <STDIN> line 2.
Use of uninitialized value in hash element at 
/usr/local/etc/logwatch/scripts/services/sshd line 174, <STDIN> line 3.
Use of uninitialized value in hash element at 
/usr/local/etc/logwatch/scripts/services/sshd line 174, <STDIN> line 4.

Cannot release PAM authentication:
     : 4 Time(s)

The other bit I noticed is that it did not parse my apache logs (located in 
/var/log/httpd- )

Anyway, I was hoping for a little feedback and suggestions on logwatch and 
the issues I am working with.

I appreciate the help and look forward to responses.




More information about the Logwatch mailing list