On 19/04/2015 09:20 PM, Bill Gee wrote: > On Sunday, April 19, 2015 15:46:29 Joseph L. Casale wrote: >> > Can anyone point me to where my mistake is? >> >> First, you are creating overrides, or site specific definitions in the >> platform directory. Don't do that, the distro owns and maintains this. >> Put >> your new code in /etc/logwatch, man 8 logwatch for explanation. >> >> Finally, you don't show is the script that actually does the parsing. >> The >> "service" and "log" definition represent 2 of 3 component's, you also >> need >> to tell logwatch how to read and extract the parts of the logfile you >> want, >> as well as the applicable severity etc... >> >> jlc > > Also watch out for selinux permissions. Logwatch does not have selinux > permissions in all directories. Thanks, I created the files in /etc/logwatch. I need to make a script to parse the logs, since they are a bit different from the usual output in /var/log/messages. So far no errors in SELinux. Regards,