[Logwatch] Missing Servers

Phil Bettinson phil.bettinson at llgc.org.uk
Thu Jul 14 08:28:47 MST 2005


Dear All,

I'm new to this mailing list, and indeed new to logwatch, and I have a 
small problem.

I seem to loose 2 servers when I run logwatch, and I'm not quite sure 
where.

Let me elaborate. I'm using a single server as my "admin" and "logging" 
server, sending all the relevant syslogs to it. This works fine, and log 
watch has been doign a brilliant job. I had to write a filter to check 
for netvault activity, other than that it's been plain sailing. 
Recently, I found ntsyslog, a program that send NT events to syslog over 
the network, and thought that this would be a great oportunity to 
finally centralise all administration, and use logwatch to keep an eye 
on the event viewer. The NT Syslog works fine, it sends the data to the 
logging server, and I can see it arrive in the syslog (cat 
/var/log/messages, or tail -f /var/log/messages and wait). However, they 
don't show up when running logwatch.

I know that I have to write a filter to catch the "new" events, which I 
have done. I have tested it by cat /var/log/messages ./ntview which 
prints all the events from those servers. I know that this filter works, 
because it also picks up nmbd messages from the unix machines (a bug, I 
know, but it's only meant to be a test filter).

The problem gets stranger.. when I cat /var/log/messages through 
/etc/log.d/scripts/shared/hostlist I find the servers, but when I check 
the temp file made when running logtwatch, they seem to have vanished... 
Any ideas?

Phil


More information about the Logwatch mailing list