[Logwatch] central loghost server parsing questions

Mike Tremaine mgt at stellarcore.net
Wed Sep 2 16:20:56 MST 2009


Dennis Stoker wrote:
>
> I am a newbe to logwatch. It looks great for watching logs on 
> individual servers.
>
> How do I parse logs with logwatch on a loghost server?
>
> My central logging server has server logs in the path 
> /disk1/syslog-ng/<server_name>/<month>/<day>. These logs  do not have 
> the sub directory structure that /var/log has. Is there an easy way to 
> get logwatch to process these?
>
> When I run the command: logwatch  --logdir 
> /disk1/syslog-ng/db1dr/09/2009-09-02 –range today –print
>
> I get information from my loghost server that is from the /var/log 
> directory path. It dose not matter what I put in the --logdir  option 
> as it seems to just process the local /var/log path.
>
> Is there a way to fix this without changing the logwatch script?
>
> Does it need the standard sub directory structure that /var/log uses?
>
> My loghost server is running Centos with logwatch version 7.3 dated 
> 3/24/06.
>
> If I installed the logwatch 7.3.6 release would that help resolve my 
> problem? 
>
> Thanks in advance for any help you can give me.
>
> Dennis  dbstoker at gmail.com <mailto:dbstoker at gmail.com>
>


Yes you should update to the version in CVS from the logwatch site. If 
you pull down teh cvs you can install directly with the 
install_logwatch.sh script. You can isntall over your existing logwatch 
install or uninstall the RPM first either way. Once you have the newest 
version you should be able to parse those logs correctly with --logdir 
--range --output stdout --format text   ... The interface changed in the 
7.3.6 release.

-Mike


More information about the Logwatch mailing list