On 4/13/2012 2:23 PM, Karl Vogel wrote: >>> On Thu, 12 Apr 2012 12:13:14 +0200, >>> Tilman Schmidt<t.schmidt@xxxxxxxxxxxxxxxxxx> said: > T> The most frequent reason for a lot of unmatched entries showing up is > T> that the corresponding logwatch script is out of date wrt the program > T> whose log is being watched. Program maintainers tend to change the > T> wording of messages on a whim, and the logwatch scripts need to be > T> updated to keep up with them. So yes, there is a constant need to update > T> logwatch, specifically its scripts. > > I found the "checksyslog" setup easier to understand and modify. > http://www.hcst.net/~vogelke/src/logfiles/ has some examples. > I was trying to stay with the base centos repo and only grab a few programs off of other repos (like phpymyadmin). Unfortunately, I think it is better, now that I have played with them, to skip the repos and go straight to the source for some thing. phpmyadmin rpm from the source company works 'correctly' over the epel rpm, especially the log in feature...and has 4 less programs needed to run. Logwatch has a new version that is obviously not going to be available and I will probably skip to the source company for that much newer version too. as part of the tutorial I was stressing the importance of staying with the rhel/centos repo builds so you get the backports and proper updates/upgrades...but in these two cases (and a few other addons) I am rethinking that. the new postfix logwatch alone is worth upgrading for...lol. I actually added it as an overwrite in the /etc/logwatch folders for now. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos