[CentOS] rhel/centos alternative to logwatch?

Sun Apr 8 01:11:07 UTC 2012
Bob Hoffman <bob at bobhoffman.com>

On 4/7/2012 7:49 PM, Joseph L. Casale wrote:
>> Have you tried editing the files in
>> /usr/share/logwatch/default.conf/services/
>> or
>> /usr/share/logwatch/default.conf/ignore.conf
>> ?
> Obvisouly not:) And I hope not either...
> Facilities are provided just for this in /etc/logwatch.
> The location you refer to will get over written on an update...
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
Yes, this is my concern.
I have been putting together extensive step by step notes and how tos 
for everything I am doing. I hope soon to be able to put this in an easy 
to use format or book so others starting from scratch do not take weeks 
or months to do it..or worse, leave hacker openings.

In this regard, the logwatch unmatched are a little much (the imap 
disconnect, some rbl_client stuff). I thought of going through some 
walkthrough in changing it, but that seems a bit overboard to help a new 
person out...but still on the board.

I just assumed there was something newer out there. 2007 was the last 
release notes for the version installed on centos. There is a newer 
version out there, but that would be off of the base repo and not sure 
if I want to go that route in the how-to.

I think it is important to write all this stuff out for others like me. 
I literally spent a month trying to bond and bridge my single server 
into virtual machines. Something was causing a timeout/arp something or 
another and one VM would always disappear.
A whole month. hours a day.
Then I found out that there is a LONG standing bug in rhel and fedora 
that specifically deals with two internal eths bonded together going to 
a bridge in the same computer, with libvirtd..... :(

so, a month wasted. Yikes. Having that little bit of knowledge in a 
how-to manual could save someone the trials and pain I went through. 
(although, on the plus side, I REALLY know alot about bridge and bonds 
inside the server now..lol)

I will take a look and try to see if it will be easy to change the 
postfix and dovecot. More than likely I will just tell them what it is 
and 'good luck' at figuring it out..lol

So, thanks for the input. I will stick with logwatch and give it a go.