I'm trying to learn how to configure logwatch to keep track of my logfiles using the Fedora7 Bible. Most of the lessons I read seem to keep out the most basic things.

I read that logwatch flags messages that might reflect a problem and then forwords them each day in an e-mail message to the systems root user.

So heres my question. Would the root users email address be root@localhost.com?
If so would I configure evolution to read them? Also why can't I read the messages as a regular user instead of being root to read them?

Will

Ok, logwatch is sending the reports to the local mail account for root. this is root@hostname, or in your case since you did not set your hostname, root@localhost.com .

If you are not familiar with local mail on a *nix box, all you have to do is as root, go to root's home directory and type "vi .forward" without quotes and put in any user account or real e-mail address and all mail for root will go to that mail account.

So for example, if you have a user joeb on your system

#### .forward ####
joeb@localhost.com

#### End .forward ####

Of course you don't put the # symbols in there, this is just for illustration.
You could also do,

#### .forward ####
someuser@yahoo.com

#### End .forward ####

As long as sendmail is installed it will use smtp and send the e-mail for you. No need to use Evolution/Thunderbird/etc.
Let me know if I lost you somewhere in this explanation or if you have questions.

I did what you said and put in my real opera email address. I also have sendmail installed.

I also put all this in my logwatch.conf file.....

# Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf)

LogDir = /var/log

TmpDir = /var/cache/logwatch

MailTo = root

MailFrom = Logwatch

Print = No

Service = "-zz-network"

Service = "-zz-sys"

Service = "-eximstats"

Range = yesterday

Detail = Low

Service = All

mailer = "sendmail -t"

If all this is right then all I have to do is wait for an event to happen?

Will

I use mailer="/bin/mail"

But yes all you have to do is wait for a logwatch. You can do this to test whether it is working.

From a terminal window, type:
echo "testing" | mail -s "just a test" root@localhost.com

You should receive an e-mail to your opera e-mail address if you configured it correctly. If not we'll need to tail /var/log/maillog and find out whats going on. That's a different subject we can work on if need be

I did "echo "testing" | mail -s "just a test" root@localhost.com"

I didn't receive any notification at my opera email address, however I got something called a dead.letter in my user folder.

My firewall is set to allow smtp. I also checked /var/log/maillog. The file is pretty big but heres a few entries...

Feb 12 16:39:18 dhcppc3 sendmail[4850]: NOQUEUE: tcpwrappers (localhost.localdomain, 127.0.0.1) rejection
Feb 11 16:10:51 dhcppc3 sendmail[3227]: m1BLAm8S003227: to=root, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=33627, relay=[127.0.0.1], dsn=5.0.0, stat=Service unavailable

I was tinkering around a while back and put ALL: ALL in hosts.deny.

Would aliases have anything to do with this?

Will

You're going to need to allow sendmail in /etc/hosts.allow if you have ALL blocked in /etc/hosts.deny. If you run a mail server that accepts mail from anywhere for users on your box you could add this:
Also, I think you mean root@localhost, not root@localhost.com. With sendmail, as well as using a .forward file, you can add an entry to the aliases database. Add a line like the following to /etc/mail/aliases and then run newaliases (change steve to whatever username you want to receive the mail):

for some strange reason I think he has his default hostname set to localhost.com on his box. CXIII, type `hostname` and post the output here. Then do `cat /etc/hosts | grep localhost` and post the output here. Just so we're sure what you're default hostname is set to. But yes, you can use an alias if you wanted to. Make the changes as gilead suggested to /etc/hosts.allow and then run test again.

You can also ensure sendmail is working correctly by sending directly to your external (opera) e-mail address.
In one terminal window do this: tail -f /var/log/maillog
In another terminal window do this:
echo "testing" | mail -s "just a test" user@youroperaemail.com
Switch back to the first and monitor what happens and look for any more errors.

I typed hostname and got this...
dhcppc3

I tailed maillog and got this after doing the tests...

Feb 14 15:15:22 dhcppc3 sendmail[3702]: m1EKFMMa003702: to=root@localhost.com, ctladdr=wf (500/500), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30053, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m1EKFMsm003703 Message accepted for delivery)
Feb 14 15:17:22 dhcppc3 sendmail[3705]: m1EKFMsm003703: to=<root@localhost.com>, delay=00:02:00, xdelay=00:02:00, mailer=esmtp, pri=120300, relay=ghost.localhost.com. [10.11.12.13], dsn=4.0.0, stat=Deferred: Connection timed out with ghost.localhost.com.

I'm gonna set my hostname and see what happens and make the changes gilead suffested and see what happens.

Will

I did 'cat /etc/hosts | grep localhost' and got this...
127.0.0.1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6


Also I got rid of ALL: ALL in my hosts.deny file just to rule out more problems and I'm still not getting a respose when I do the 'echo' commands as suggested.

Just for an example I changed my hostname to 'nebula'. Then did the echo commands and still no response in my email. My hostname nebula won't stick when I reboot and goes back to dhcpp3.

Just thought I'd give an update. I appreciate all the help here and don't mean to be a nagfly or anything. Doing some reading to find a solution to this.

Will

Where is it getting "ghost.localhost.com" from? Did you put the word "ghost" into the .forward file in root's home directory?

No this is whats in the .forward file...
.forward
cxiii@operamail.com
End .forward

It looks like sendmail might be configured wrong and this is no longer a Fedora issue. I'm not very experienced with fixing sendmail perhaps someone else is. You may check if you could move this thread to Forums->Linux Software