Trouble getting logcheck to run
 

hello LQ members

I've installed logcheck from the pclinuxos repos. I am using version 1.3.7

I ran logcheck without any parameters and the output said to use this
code to run it.
I enter my root password and got a error message below

su: Authentication failure

I know my root password and I know for a fact, I entered it correctly but logcheck seems not able to authenticate it.

I even log in as root and tried to run logcheck and I got this message

logcheck should not be run as root. Use su to invoke logcheck:
su -s /bin/bash -c "/usr/sbin/logcheck" logcheck
Or use sudo: sudo -u logcheck logcheck.

I think it's a bug.

Do you know a similar program I could try? Thanks

Since logcheck didn't work, I've installed logwatch and it work out of the box.

SEC, the Security Event Correlator, for example?

Indeed Logwatch is the "better" choice compared to logcheck. First of all logcheck was created by the same person that created PortSentry (a tool one should not use as it's deprecated) who then sold his product to a large AV company and subsequently logcheck hasn't been updated in 10 years and ergo the default filters it comes with are old ("not good enough" would be an understatement). Logwatch is maintained, comes with a good set of filters, employs black listing (see any "white listing vs black listing" text for why this is important) and it is easy to add new services.

No.
You are authenticating as the user "logcheck" not "root".
But, as above - use logwatch instead.