[Logwatch] Logwatch is not configured to use logfile

Munroe munroes at cawinet.com
Tue Dec 19 08:06:45 MST 2006


All of a sudden, my logwatch stopped reporting on sshd, imapd, 
saslauthd, I think that is all, I am mainly concerned about the sshd.  
when I try to do:

 logwatch --service sshd

it runs and finishes empty

when I do

logwatch --logfile auth.log

it errors with:

Logwatch is not configured to use logfile


any thoughts would be greatly appreciated

I have poked around /usr/share/logwatch/  and found nothing of 
interest.  I removed from the secure.conf the various services listed 
under $ignore even though the comment said that sshd is listed because 
it is taken care of in the sshd file.  I am out of ideas.  I never 
customized it so it is all of the defaults.

Here are the files I think are important, I am sure I missed a couple

-------------------------------------------------------
/usr/share/logwatch/default.conf/services/sshd.conf

###########################################################################
# $Id: sshd.conf,v 1.17 2005/12/07 04:30:21 bjorn Exp $
###########################################################################

# You can put comments anywhere you want to.  They are effective for the
# rest of the line.

# this is in the format of <name> = <value>.  Whitespace at the beginning
# and end of the lines is removed.  Whitespace before and after the = sign
# is removed.  Everything is case *insensitive*.

# Yes = True  = On  = 1
# No  = False = Off = 0

Title = "SSHD"

# Which logfile group...
LogFile = secure
LogFile = messages

# Only give lines pertaining to the sshd service...
*OnlyService = sshd
*RemoveHeaders

# Variable $sshd_ignore_host is used to filter out hosts that login
# successfully.  This commented-out example filters out reserved local
# addresses (IETF RFC 1918 and RFC 3330).
#$sshd_ignore_host="^10\.|^172\.(1[6-9]|2[0-9]|3[01])\.|^192\.168\.|^127\."

########################################################
# This was written and is maintained by:
#    Kirk Bauer <kirk at kaybee.org>
#
# Please send all comments, suggestions, bug reports,
#    etc, to kirk at kaybee.org.
########################################################

# vi: shiftwidth=3 tabstop=3 et


-----------------------------------------------------------------------------------------------------
/usr/share/logwatch/default.conf/logfiles/secure

##########################################################################
# $Id: secure.conf,v 1.15 2006/03/21 01:47:28 bjorn Exp $
##########################################################################

########################################################
# This was written and is maintained by:
#    Kirk Bauer <kirk at kaybee.org>
#
# Please send all comments, suggestions, bug reports,
#    etc, to kirk at kaybee.org.
########################################################

# What actual file?  Defaults to LogPath if not absolute path....
#LogFile = secure
#LogFile = authlog
LogFile = auth.log
LogFile = auth.log.0

# If the archives are searched, here is one or more line
# (optionally containing wildcards) that tell where they are...
#If you use a "-" in naming add that as well -mgt
Archive = secure.*
Archive = archiv/secure.*
Archive = authlog.*
Archive = auth.log.*.gz

# Expand the repeats (actually just removes them now)
*ExpandRepeats

# Keep only the lines in the proper date range...
*OnlyHost
*ApplyStdDate

# vi: shiftwidth=3 tabstop=3 et
------------------------------------------------------------






More information about the Logwatch mailing list