On Mon 16 Aug 2021 at 16:49:16 (+0100), Adam Weremczuk wrote: > Installation and configuration was straightforward: > > sudo apt install logwatch > > /etc/cron.daily/00logwatch > #execute > /usr/sbin/logwatch --detail low --mailto x...@domain.com > > The master config file /usr/share/logwatch/default.conf/logwatch.conf > left with defaults. > > Only one report per day arrives. Same as for the other dozen of Debian > (mostly older) machines it's installed on and which don't show this > issue.
I presume logwatch is watching your logs, so the first place to check is the actual logs themselves. My guess (it's no more than that) is that one of the other dozen machines that you occasionally log into has a slightly different configuration from this one, perhaps older, with options that are now considered less secure (but no extra lines inserted). The options that are commented out in each machine's config file are the defaults being used by the server, so they /are/ in force. When you connect to a remote machine's server, I'm assuming it gets told what the remote's options are, and it's remonstrating about them. (The fact that options are commented will be irrelevant, therefore.) Note that I may have all this in reverse: the remote machine could be complaining about yours, and sending you the log by email. So, as I say, the first step is to find the log entries that logwatch has watched for. Cheers, David.
