You are not logged in.
Hello
Ever since systemd-journald replaced rsyslog - the logwatch package had more or less become useless.
Recently logwatch version 7.4.3-3 was released with support for journalctl
Reference: https://bugs.archlinux.org/task/53981
This version however does not implement conf file changes. So default logwatch still remains useless.
rsyslog had 4 main files in /var/log on which rsyslog heavily depended on --> messages, maillog, cron, secure.
I have created 4 conf files - each imitates their rsyslog equivalents.
First create an EMPTY log file called emptylog. (not required since 7.5.0)
touch /var/log/emptylog
This will be fake log file which will be supplied to logwatch.
Now create 4 files under /usr/share/logwatch/dist.conf/logfiles, as below:
/usr/share/logwatch/dist.conf/logfiles/messages.conf
Archive =
LogFile =
LogFile = /dev/null
# Facilities from /usr/include/sys/syslog.h
# default syslog directive for messages is: *.info;mail.none;authpriv.none;cron.none
# list all facilities except mail, authpriv and cron
*JournalCtl = "-q --no-pager -o short -p info SYSLOG_FACILITY=0 SYSLOG_FACILITY=1 SYSLOG_FACILITY=3 SYSLOG_FACILITY=4 SYSLOG_FACILITY=5 SYSLOG_FACILITY=6 SYSLOG_FACILITY=7 SYSLOG_FACILITY=8 SYSLOG_FACILITY=11 SYSLOG_FACILITY=16 SYSLOG_FACILITY=17 SYSLOG_FACILITY=18 SYSLOG_FACILITY=19 SYSLOG_FACILITY=20 SYSLOG_FACILITY=21 SYSLOG_FACILITY=22 SYSLOG_FACILITY=23"
# copied from existing message.conf under default.conf/logfiles directory
*ExpandRepeats
*RemoveService = talkd,telnetd,inetd,nfsd,/sbin/mingetty,netscreen,NetScreen
*ApplyStdDate = "%b %d %H:%M:%S "/usr/share/logwatch/dist.conf/logfiles/maillog.conf
Archive =
LogFile =
LogFile = /dev/null
# Facilities from /usr/include/sys/syslog.h
# default syslog directive for maillog is: mail.*
*JournalCtl = "-q --no-pager -o short SYSLOG_FACILITY=2"
# copied from existing maillog.conf under default.conf/logfiles directory
*ExpandRepeats
*ApplyStdDate = "%b %d %H:%M:%S "/usr/share/logwatch/dist.conf/logfiles/secure.conf
Archive =
LogFile =
LogFile = /dev/null
# Facilities from /usr/include/sys/syslog.h
# default syslog directive for secure is: authpriv.*
*JournalCtl = "-q --no-pager -o short SYSLOG_FACILITY=10"
# copied from existing secure.conf under default.conf/logfiles directory
*ExpandRepeats
*ApplyStdDate = "%b %d %H:%M:%S "/usr/share/logwatch/dist.conf/logfiles/cron.conf
Archive =
LogFile =
LogFile = /dev/null
# Facilities from /usr/include/sys/syslog.h
# default syslog directive for cron is: cron.*
*JournalCtl = "-q --no-pager -o short SYSLOG_FACILITY=9"
# copied from existing cron.conf under default.conf/logfiles directory
*RemoveService = anacronHope this gets implemented by default by package maintainer.
Hope it helps others.
Thank you.
PS: New "git" version of logwatch accepts /dev/null as log file name. (after which emptylog can be replaced with /dev/null)
Update: Update time format as Journalctl outputs leading 0 to date.
Update: emptylog file no more needed.
Last edited by amish (2019-08-07 04:10:08)
Offline
Note:
All of above is implemented in Arch linux since logwatch 7.5.0
Also since 7.5.0
You can replace emptylog conf lines with /dev/null and remove file /var/log/emptylog (from package)
Last edited by amish (2019-08-07 04:10:35)
Offline