[CentOS] Logwatch not working properly

Albert McCann mac358 at newsguy.com
Sat Nov 6 21:55:23 EDT 2010

Found it.

> From: centos-bounces at centos.org [mailto:centos-bounces at centos.org] On
> Of Albert McCann
> Sent: Saturday, November 06, 2010 12:18 PM
> To: 'CentOS mailing list'
> Subject: [CentOS] Logwatch not working properly
> I having a problem where Logwatch is not showing any events from the
> /var/log/secure log file. 

The date format used by the default /etc/rsyslogd.conf may be wrong in
CentOS 5.5, and I'm guessing RedHat's rsyslog-3.22.1-3.

> 2010-11-06T08:59:03.684006-04:00 valhala sshd[23633]: Invalid user bob

I renamed rsyslog.conf to rsyslog.conf.back and reinstalled rsyslog just to
make sure I got a good rsyslog.conf file.

What it should display as is this (for logwatch to be able to see):

Nov  6 21:25:31 valhala sshd[579]: Accepted password for someone from port 61275 ssh2

This provided the clue I needed:


I have Fedora 13 running in a VMWare session, and this line from F13's
rsyslog.conf, seems to do this trick:

$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

Ate yerz ago i cudent evin spel injuneer. Now i ar one.

More information about the CentOS mailing list