[Logwatch] Services List Description
tmetro+logwatch at gmail.com
Wed Jul 11 09:14:57 MST 2007
eupabf at clix.pt wrote:
> the following services usually come on my report...
> I would like to know if is there any Logwatch Services List that
> explains what does report each default service script. What kind of
> information and where it colects it.
I asked a similar question a few weeks back. After some experimentation,
I determined the answer.
Here's how to figure out what logwatch is reporting on:
Start by looking at /usr/share/logwatch/default.conf/logwatch.conf.
Examine the lines that look start with "Service = ". You'll likely see
one that looks like, "Service = All", meaning that logwatch should
attempt to generate reports for all services for which there are
configuration files. You may then see a few lines that look like
'Service = "-<service>"' where <service> is some service logwatch is
being told to skip.
(1. Everywhere you see a path listed for a logwatch config file, you
actually need to check potentially 3 locations. See section "3.
Directory Structure" in
Next examine each file in /usr/share/logwatch/default.conf/services/ and
look for a line like "LogFile = <group>". There is typically one such
line, but there may be multiple. These identify the log group
configuration file that defines where the data comes from for this service.
Next look in /usr/share/logwatch/default.conf/logfiles/ for a file named
<group>.conf corresponding to the above "LogFile" directive. In this log
file group config file you'll find more lines that look like "LogFile =
<file>" and lines like "Archive = <file>". These identify the actual log
files examined for the above service. If the file name has no path or a
relative path, then it is relative to the path set by "LogDir" in
There may be a debug switch for logwatch that will speed up the above
process by printing the list of log files that were successfully opened
and for which services. If there isn't, there should be.
At this point you know what services logwatch is attempting to report
on, and what files it is examining for each service.
You also need to know that logwatch does not produce any reports for a
service if 1. the log files referenced in the log file group config file
don't exist, 2. the log files are empty, 3. the log files have no data
relevant to the particular service, or 4. the service filter determined
that there was nothing worth reporting for the specified detail level.
This is why despite having probably 80+ services in your
default.conf/services/ directory you only see reports from a dozen or
As for the *what* gets reported, I'm aware of no documentation
describing what the individual filters report. You'll have to determine
that through experimentation and examining the service filter code.
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Logwatch