[Logwatch] Logwatch on central syslog server

MattJoy mjoyce at jnjconsulting.co.uk
Wed Jul 30 02:48:53 MST 2008


I've successfully used logwatch on each server and have some post-processing
on logwatch reports that tie in with my access control system, so I can
identify users logging on without authorisation, sudo without authorisation,
etc.

Now need to process the logs files on my central syslog server, which has
logs in the following structure:

/logs/ipaddress/YYYY/MM/DD/YYYY-MM-DD.logfilename.facility.log
e.g.
/logs/10.100.100.1/2008/07/28/2008-07-28.secure.authpriv.log

Has anyone configured a central instance of logwatch to process log files in
a similar custom structure and filename convention and can they share how
they did it?

-- 
View this message in context: http://www.nabble.com/Logwatch-on-central-syslog-server-tp18729768p18729768.html
Sent from the Logwatch - General mailing list archive at Nabble.com.



More information about the Logwatch mailing list