[Logwatch] Missing Servers

Mike Tremaine mgt at stellarcore.net
Thu Jul 14 08:43:52 MST 2005


On Thu, 2005-07-14 at 08:28, Phil Bettinson wrote:
> I know that I have to write a filter to catch the "new" events, which I 
> have done. I have tested it by cat /var/log/messages ./ntview which 
> prints all the events from those servers. I know that this filter works, 
> because it also picks up nmbd messages from the unix machines (a bug, I 
> know, but it's only meant to be a test filter).

1) You have read the HOWTO-Make-Filter? You created a new log group for
it and made the .conf files as required?

2) If applydate is being used make sure that the Range matches what is
in the logs. [I've driven myself crazy before running a test only to
remember that there are no logs from "yesterday".]

3) Run in debug mode and look at see exactly what the command line call
is for you script [it will print it at some point]. Then use this by
hand to remove each filter step to figure out the problem.

4) Post a small sample of the logs in question [4 or 5 lines] and maybe
we can spot something funny about them.



-- 
Mike Tremaine
mgt at stellarcore.net
http://www.stellarcore.net



More information about the Logwatch mailing list