[Logwatch] central loghost server parsing questions
mgt at stellarcore.net
Wed Sep 2 16:20:56 MST 2009
Dennis Stoker wrote:
> I am a newbe to logwatch. It looks great for watching logs on
> individual servers.
> How do I parse logs with logwatch on a loghost server?
> My central logging server has server logs in the path
> /disk1/syslog-ng/<server_name>/<month>/<day>. These logs do not have
> the sub directory structure that /var/log has. Is there an easy way to
> get logwatch to process these?
> When I run the command: logwatch --logdir
> /disk1/syslog-ng/db1dr/09/2009-09-02 –range today –print
> I get information from my loghost server that is from the /var/log
> directory path. It dose not matter what I put in the --logdir option
> as it seems to just process the local /var/log path.
> Is there a way to fix this without changing the logwatch script?
> Does it need the standard sub directory structure that /var/log uses?
> My loghost server is running Centos with logwatch version 7.3 dated
> If I installed the logwatch 7.3.6 release would that help resolve my
> Thanks in advance for any help you can give me.
> Dennis dbstoker at gmail.com <mailto:dbstoker at gmail.com>
Yes you should update to the version in CVS from the logwatch site. If
you pull down teh cvs you can install directly with the
install_logwatch.sh script. You can isntall over your existing logwatch
install or uninstall the RPM first either way. Once you have the newest
version you should be able to parse those logs correctly with --logdir
--range --output stdout --format text ... The interface changed in the
More information about the Logwatch