On Sun, 29 Apr 2012 14:39:08 +0200, Maarten Derickx wrote: (...)
→ About the problem of analyzing from the archive > The strange thing is that when I do: > > logwatch --service sshd --archives > > I get only 3 logins 2 from "mderickx" and 1 from "sageslave". (see > Output 1 below) (...) > The strange thing is that if I now do: > > root@md:/var/log# gzip auth.log.1 > > and then > > logwatch --service sshd --archives > > then I do get the expected amount of 10 logins for the user mderickx in > the logwatch output. So it seems that in contrast to the what the > documentation suggests the uncompressed archive /var/log/auth.log.1 is > not checked! Look at one of the config files that manages sshd (secure.conf), I think there can be a rule pattern definition error there. Logwatch seems to be configured to read either from "/var/log/ auth.log" (as the actual file) or "/var/log/auth.log.*.gz" files (for the archives) but does not handle non "*.gz" files with a different filename :-? → About the problem of setting a different directory for the logs (...) I leave this for others to debug :-P Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jnjl13$5ol$1...@dough.gmane.org
