[clug] logcheck or logwatch?

Stephen Granger sgranger at stepsoft.com.au
Wed Jun 1 01:44:43 GMT 2005

...or both?

Just wanted to get a second opinion on whether to go with logwatch
logcheck or both?

For logcheck
Gives an upto date record of what's happening. You can react straight
away to bad happenings.

Against logcheck
I am unable to setup logcheck to ignore certian messages reported by
smartmon tools (kept receiving email on Usage changes ever five minutes)
Sends a heap of emails, most are irrelivant and can be ignored.. which
unfortunately leeds to them being ignored, so.. important ones can be
ignored too.
Sends a lot of emails,
Sends a lot of emails,
Sends a lot of emails, (mainly due to my inability to set it up)
Only comes as a deb (apt-get install) no rpm for RHEL 3.0 by default

For logwatch
has been setup to use the conf.d/application.conf directory setup for
different applications. Loose coupling, easier to manage.
One email per day, nice report on system health/activity
Installs as an rpm on RHEL 3.0 by default, comes as a deb.

Against logwatch
If the syslogs are being collected by one single syslog server all the
information of all the servers being logged is presented in the logwatch
email and you can't tell what messages have come from where.
Only get it once a day, system could have been compromised yesterday!

I am also using nagios to monitor the availability of system services.

Feel free to have a rant, if you think your going to be too off topic
reply off list.

Stephen Granger

More information about the linux mailing list