Found it. > From: centos-boun...@centos.org [mailto:centos-boun...@centos.org] On Behalf > Of Albert McCann > Sent: Saturday, November 06, 2010 12:18 PM > To: 'CentOS mailing list' > Subject: [CentOS] Logwatch not working properly > > I having a problem where Logwatch is not showing any events from the > /var/log/secure log file.
The date format used by the default /etc/rsyslogd.conf may be wrong in CentOS 5.5, and I'm guessing RedHat's rsyslog-3.22.1-3. > 2010-11-06T08:59:03.684006-04:00 valhala sshd[23633]: Invalid user bob from 192.168.1.12 I renamed rsyslog.conf to rsyslog.conf.back and reinstalled rsyslog just to make sure I got a good rsyslog.conf file. What it should display as is this (for logwatch to be able to see): Nov 6 21:25:31 valhala sshd[579]: Accepted password for someone from 192.168.1.12 port 61275 ssh2 This provided the clue I needed: http://howtoforge.org/forums/showthread.php?p=242790 I have Fedora 13 running in a VMWare session, and this line from F13's rsyslog.conf, seems to do this trick: $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat Al -- Ate yerz ago i cudent evin spel injuneer. Now i ar one. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
