With update to 1.6.7 syslog-ng learned about "hardened" and with this USE-flag active, it produces a lot more logfiles than just /var/log/messages. Unfortunately, some of them are not analyzed by logwatch, such as /var/log/mail.*, since logwatch doesn't know about them. I see two ways to work around it: Either hardened syslog-ng uses logfiles known to logwatch or logwatch learns about the files used by hardened syslog-ng. I chose the latter way for my installation, a patch will follow. My request is, that logwatch also gets a hardened USE-flag so it can analyze log-files produced by hardened syslog-ng. Maybe a patch will be applied to logwatch depending on whether hardened is set or unset. Reproducible: Always Steps to Reproduce: 1. Install >=syslog-ng-1.6.7 with USE="hardened" 2. Install >=logwatch-6.0.2 3. Produce some log, e.g. postfix in mail.log 4. Run logwatch Actual Results: mail.log is not analyzed, no information about postfix' activities are printed. Expected Results: logwatch should analyze mail.log and print information about what postfix has done in the specified range of time.
Created attachment 59318 [details, diff] Patch to logwatch-6.0.2 config, using "hardened" syslog-ng's log-files This is the patch which gets my installation of logwatch-6.0.2 to work with my installation of "hardened" syslog-ng-1.6.7. Since logwatch is not very well documented (or I simply didn't find the documentation) someone should take a look at it and correct it, before using. Especially the part about daemon.conf and kern.conf is based on guessing.
I've never used this program but I've got a question about /etc/log.d/conf/logfiles/kern.conf do you really need to filter talkd and a few of these other ones? only stuff that should be in kern.log is whatever goes dmesg 3
That's why I said it's based on guessing - I've copied message.conf, changed what I thought was necessary to change and left everything else untouched.
can we close this one because there is no more logwatch-6.x in-tree?
this is still an issue with logwatch 7.x.
(In reply to comment #5) > this is still an issue with logwatch 7.x. > If this is still an issue speak up so we can prioritize bugs to get them resolved. If not please close or request bug be closed.
i dont use hardened anymore.