Logwatch - and NT Servers
Here's a very odd, and interesting problem... it appears that Logwatch is bypassing Syslog Entries by two NT servers that I have.
I guess I need to explain a bit more. Using a program called ntsyslog (available from sourceforge) I managed to get the Event viewer to send to our logging server. This logging server runs logwatch nightly, and merrily produces output for all our servers. That bit works fine.
The information is arriving at the Logging server, and I have written a "service" script to pick up all the services run by those two and add them to the email (currently it'll just produce a mess, but that'll be a start). This script runs when I cat the message log through it, but fails when I run it with logwatch. Well, actually, it fails to output anything by the two servers when I run it with logwatch, it picks up NMBD errrors sent out by unix servers, thus happily proving that at least part of the script is running.
I'm wondering if the events are being pulled out by logwatch (as I notice that it automatically pulls out a lot of stuff), and I was just wondering if it is possible that the Event Log messages are part of it.
Having scoured the logwatch code, I can't find where it's pulling the messages out, however I have a feeling that I've been staring at the code so long that it's staring me in the face.