Bugtraq mailing list archives
Re: logwatch and logrotate might create a blind spot in reporting
From: The Tibetan Traveller <garnet () aufait net>
Date: Wed, 26 Jan 2005 02:42:04 +0000 (UTC)
On Tue, 25 Jan 2005, Sami Pitko wrote:
There are some ways to make logwatch reports more reliable: * set "Archives = yes" in logwatch.conf. You might also want to tune archive settings in /etc/log.d/conf/logfiles/ to prevent unnecessary processing of really old archives. To cover the blind spot with range 'yesterday' and weekly rotation, it is usually enough to specify for example "Archive = secure.1" in secure.conf * move logwatch and logrotate to happen at midnight * change date matching logic in /etc/log.d/scripts to match for example previous 24 hours
or add the following to the logrotate configuration file: prerotate /full/path/logwatch endscript Then it will run logwatch just before it rotates the file.
Current thread:
- logwatch and logrotate might create a blind spot in reporting Sami Pitko (Jan 25)
- Re: logwatch and logrotate might create a blind spot in reporting The Tibetan Traveller (Jan 26)