[Logwatch] Logwatch on central syslog server

MrC lists-logwatch at cappella.us
Wed Jul 30 10:18:56 MST 2008


MattJoy wrote:
> I've successfully used logwatch on each server and have some post-processing
> on logwatch reports that tie in with my access control system, so I can
> identify users logging on without authorisation, sudo without authorisation,
> etc.
> 
> Now need to process the logs files on my central syslog server, which has
> logs in the following structure:
> 
> /logs/ipaddress/YYYY/MM/DD/YYYY-MM-DD.logfilename.facility.log
> e.g.
> /logs/10.100.100.1/2008/07/28/2008-07-28.secure.authpriv.log
> 
> Has anyone configured a central instance of logwatch to process log files in
> a similar custom structure and filename convention and can they share how
> they did it?
> 

Matt,

See my post in this thread:

http://thread.gmane.org/gmane.comp.log.logwatch.devel/1496/focus=1497

MrC


More information about the Logwatch mailing list