[Logwatch] Missing Servers
phil.bettinson at llgc.org.uk
Thu Jul 14 08:28:47 MST 2005
I'm new to this mailing list, and indeed new to logwatch, and I have a
I seem to loose 2 servers when I run logwatch, and I'm not quite sure
Let me elaborate. I'm using a single server as my "admin" and "logging"
server, sending all the relevant syslogs to it. This works fine, and log
watch has been doign a brilliant job. I had to write a filter to check
for netvault activity, other than that it's been plain sailing.
Recently, I found ntsyslog, a program that send NT events to syslog over
the network, and thought that this would be a great oportunity to
finally centralise all administration, and use logwatch to keep an eye
on the event viewer. The NT Syslog works fine, it sends the data to the
logging server, and I can see it arrive in the syslog (cat
/var/log/messages, or tail -f /var/log/messages and wait). However, they
don't show up when running logwatch.
I know that I have to write a filter to catch the "new" events, which I
have done. I have tested it by cat /var/log/messages ./ntview which
prints all the events from those servers. I know that this filter works,
because it also picks up nmbd messages from the unix machines (a bug, I
know, but it's only meant to be a test filter).
The problem gets stranger.. when I cat /var/log/messages through
/etc/log.d/scripts/shared/hostlist I find the servers, but when I check
the temp file made when running logtwatch, they seem to have vanished...
More information about the Logwatch