On Wed, Feb 11, 2004 at 02:22:19AM +0000, Jay Berkenbilt wrote: > > Logwatch is a collection of perl scripts that analyze system logs and > email summaries to system administrators. It can provide a very > useful early-warning system, especially for people who may not read > through all their system logs every day.
Yes, but that's quite similar a function to what logcheck does. It would be nice if you could describe any benefit of using logwatch vs. logcheck too (in the Description). > > I've been using logwatch for some time on Red Hat-based systems and > would like to use it on my Debian systems as well. If no one else is (...) > up somewhere and request a sponsor on debian-mentors. I have not yet > done any work on this; I have merely observed that logwatch does not > appear to be present in Debian and has not apparently been requested > either. That's probably because most users use logcheck [1] which provides an extensible mechanism to mail just parts of the syslog. It does not do summaries of information (as logwatch does), however. Shouldn't it be better to integrate this functionality in logcheck? In any case, I would gladly accept suggestions on the current (brief) description of log-analysis checking and tools in the Securing Debian Manual: http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-log-alerts Regards Javi [1] http://popcon.debian.org shows that logcheck is ranked quite high vs other alternatives such as syslog-summary, log-analysis, logtool, log2mail or even fw specific: fwlogwatch, fwanalog, logwatch...
signature.asc
Description: Digital signature