As the title says, I've setup a central RHEL rsyslog server with a couple of RHEL clients forwarding all their logs to it. The logs are being forwarded correctly because when I look at the content of /var/log/*
logs on the server, all the client events show up.
However, when I run...
perl /usr/share/logwatch/scripts/logwatch.pl
...on the server, one of the clients does not show up on the report. Don't know if this has anything to do with this at all but, the client that's not showing up used to have logwatch configured at some point. Currently though, I have disabled the functionality and removed all the logwatch files from it.
The content of /usr/share/logwatch/default.conf/logwatch.conf
is as follows.
LogDir = /var/log
TmpDir = /var/cache/logwatch
Output=mail
Format=html
MailTo = [email protected]
MailFrom = [email protected]
Print =
Range = yesterday
Detail = Med
Service = All
mailer = "sendmail -t"
HostLimit = no
SplitHosts = yes
MultiEmail = no
Service = -zz-disk_space
So here are my questions:
- Why is this host being excluded?
- And secondly, somewhat related, what's the best way to customize the report formatting?
Thank you!
Never mind. Looks like I had to give it a day for the logs to accumulate. All the hosts are now showing up on the reports.