Logwatch/xinetd configuration mismatch
Issue
-
Log type is incorrect for xinetd
-
Logwatch is not logging xinetd properly:
RHEL 5 and RHEL 6:
[root@server1] etc [3:47] grep log_type xinetd.conf
log_type = SYSLOG daemon info
RHEL 4 and RHEL 3:
[root@server2] etc [3:485] grep log_type xinetd.conf
log_type = SYSLOG authpriv
Logwatch's xinetd logs are checked by /usr/share/logwatch/scripts/services/secure, which in turn uses /usr/share/logwatch/default.conf/logfiles/secure.conf, which only checks:
LogFile = secure
LogFile = authlog
LogFile = auth.log
LogFile = auth.log.0
"daemon" logs are in /var/log/messages while "authpriv" logs are in /var/log/secure, this results xinetd logs not showing in logwatch report on RHEL5 and RHEL6 systems.
Environment
-
Red Hat Enterprise Linux 6 (RHEL 6)
-
Red Hat Enterprise Linux 5 (RHEL 5)
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.