[Logwatch] Logwatch on central syslog server

MrC lists-logwatch at cappella.us
Wed Jul 30 10:18:56 MST 2008

MattJoy wrote:
> I've successfully used logwatch on each server and have some post-processing
> on logwatch reports that tie in with my access control system, so I can
> identify users logging on without authorisation, sudo without authorisation,
> etc.
> Now need to process the logs files on my central syslog server, which has
> logs in the following structure:
> /logs/ipaddress/YYYY/MM/DD/YYYY-MM-DD.logfilename.facility.log
> e.g.
> /logs/
> Has anyone configured a central instance of logwatch to process log files in
> a similar custom structure and filename convention and can they share how
> they did it?


See my post in this thread:



More information about the Logwatch mailing list