I spent this morning trying to figure out why logwatch 7.3 mailings were only showing exim entries on a newly deployed Centos server. It turns out that Centos 5.5 now ships with rsyslogd, which by default logs entries with a different timestamp format than traditional syslog. There is a bug report filed at
https://bugzilla.redhat.com/show_bug.cgi?id=583621
The fix was to edit /etc/rsyslog.conf and modify each line to have a trailing
;RSYSLOG_TraditionalFileFormat
For example :
authpriv.* /var/log/secure;RSYSLOG_TraditionalFileFormat
Restarting the rsyslog daemon resulted in a working logwatch.
0 Responses to “Logwatch 7.3 missing entries in Centos 5.5”