This unfortunately doesn't work by default in ubuntu because the setting for audit.conf in /usr/share/logwatch/services/ points to the 'messages' logfile which is no longer used in ubuntu. It should either be 'syslog' or 'kernel'.
A secondary issue is that if auditd is enabled, events will only go to /var/log/audit/audit.log, and there doesn't appear to be a default configuration file for that. Thanks! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to logwatch in Ubuntu. https://bugs.launchpad.net/bugs/485873 Title: logwatch should report apparmor events To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/485873/+subscriptions -- Ubuntu-server-bugs mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
