Custom Named Logwatch Script

Home » CentOS » Custom Named Logwatch Script
CentOS 3 Comments

Hello,

I am using multiple files for logging activities for named daemon. The files are in /var/named/chroot/var/log/named/, for example
/var/named/chroot/var/log/named/general.log.

I am trying to make logwatch look into them. I have created
/usr/share/logwatch/default.conf/logfiles/named.conf like this:

LogFile = /var/named/chroot/var/log/named/general.log
*ExpandRepeats
*OnlyHost
*ApplyStdDate

Then I have changed /usr/share/logwatch/default.conf/services/named.conf like this:

Title = “Named”
LogFile = named
$named_ip_lookup = No
*RemoveHeaders

When I run “logwatch –detail High –debug High –print –range All”, I
can see the log file is proceeded, but I don’t see any reports.

Can anyone point me to where my mistake is?

Regards,

3 thoughts on - Custom Named Logwatch Script

  • First, you are creating overrides, or site specific definitions in the platform directory. Don’t do that, the distro owns and maintains this. Put your new code in /etc/logwatch, man 8 logwatch for explanation.

    Finally, you don’t show is the script that actually does the parsing. The “service”
    and “log” definition represent 2 of 3 component’s, you also need to tell logwatch how to read and extract the parts of the logfile you want, as well as the applicable severity etc…

    jlc

  • Also watch out for selinux permissions. Logwatch does not have selinux permissions in all directories.

  • Thanks, I created the files in /etc/logwatch. I need to make a script to parse the logs, since they are a bit different from the usual output in
    /var/log/messages.

    So far no errors in SELinux.

    Regards,