A couple hints so that you get logwatch emails and include other log files you want to monitor.
Logwatch depends on having the email address set for root to forward somewhere, otherwise the emails will sit in the local mailbox for root.
Change this line in /etc/aliases - works for either sendmail or postfix:
# Person who should get root's mail
root: validuser@yourdomain.com
Then run 'newaliases' (for sendmail) so this will be in use.
You may run into issues if the hostname for your box isn't in public DNS because of actions to cut down spam, so set it to masquerade if needed (see last post).
Then to have logwatch check other logfiles besides the defaults, which on my CentOS box are listed in /usr/share/logwatch/default.conf/logfiles
in my case, I'm going to add monitors for the syslog alerts for my network equipment that I have set to go to /var/log/network and also for a newly created mysql backup log file /var/log/mysqlbackup
Defaults are fine, so I created the file /etc/logwatch/conf/logfiles/network.conf
#######################################################
# Defile log file group for /var/log/network
# syslog output for network equipment
# created by JAR 1/16/08
#######################################################
# Actual file
LogFile = network
#EOF
We'll see if this works.
Also a quick note about logrotate - when I configured syslog to accept messages from my network gear, I configured the new log file "network" in logrotate so that it would follow the normal rotation.
I added to the /etc/logrotate.d/syslog file:
/var/log/network
No comments:
Post a Comment