Oh, DUH! I thought I had looked at one of my RHEL3 systems xinetd.conf for that, but I ended up looking at another RHEL5 by mistake.
I think I'll just update xinetd.conf and be done with it, unless anyone thinks there is a reason not to? Thanks, Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Josh Kelley Sent: Friday, July 20, 2007 7:16 AM To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list Subject: Re: [rhelv5-list] xinetd log levels & logwatch On 7/19/07, Collins, Kevin [MindWorks] <[EMAIL PROTECTED]> wrote: > sine starting to use RHEL5 (been using primarily RHEL3 for several > years) I have noticed that my logwatch reports seem to be missing some info > on service connections. After further investigation, I find that messages > that were previously logged at the authpriv level by xinetd (which goes to > /var/log/secure) are now logging at another level and ending up in > /var/log/messages. The logwatch script 'secure' is expecting to find them in > /var/log/secure, so it never reports them. It looks like the default xinetd configuration changed. On RHEL 3 and 4, /etc/xinetd.conf has the following line: log_type = SYSLOG authpriv On RHEL 5, it instead has this line: log_type = SYSLOG daemon info So this appears to be intentional and looks like it could fairly easily be changed by changing xinetd.conf. However, if logwatch is still expecting to find those entries in the secure log and is failing to report on them if they're in messages, that sounds like it might be a bug in logwatch as supplied. Josh Kelley _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
