On 7/19/07, Collins, Kevin [MindWorks] <[EMAIL PROTECTED]> wrote:
sine starting to use RHEL5 (been using primarily RHEL3 for several
years) I have noticed that my logwatch reports seem to be missing some info
on service connections. After further investigation, I find that messages
that were previously logged at the authpriv level by xinetd (which goes to
/var/log/secure) are now logging at another level and ending up in
/var/log/messages. The logwatch script 'secure' is expecting to find them in
/var/log/secure, so it never reports them.
It looks like the default xinetd configuration changed. On RHEL 3 and
4, /etc/xinetd.conf has the following line:
log_type = SYSLOG authpriv
On RHEL 5, it instead has this line:
log_type = SYSLOG daemon info
So this appears to be intentional and looks like it could fairly
easily be changed by changing xinetd.conf.
However, if logwatch is still expecting to find those entries in the
secure log and is failing to report on them if they're in messages,
that sounds like it might be a bug in logwatch as supplied.
Josh Kelley
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
