Red Hat Enterprise Linux 5 Administration Unleashed

420CHAPTER 20Monitoring System ResourcesEven though the /usr/share/logwatch/ directory contains the configuration files, theones in this directory are the defaults and should not be modified. To customize theLogwatch configuration, instead edit the files in /etc/logwatch/, which contains twodirectories: conf/ and scripts/. The /etc/logwatch/conf/ directory contains the files tocustomize the configuration files. The /etc/logwatch/scripts/ directory does notcontain any files by default, but custom scripts can be added to it as explained in the“Customizing the Logwatch Scripts” section later in this chapter.The configuration files use the following conventions:. If a line begins with #, the entire line is a comment.. If a line begins with $, the rest of the word is a variable.. If a line begins with *, what follows is an executable.All the variables set in the files in the /etc/logwatch/conf/ directory and subdirectoriesoverride the values from the /usr/share/logwatch/default.conf/ directory and subdirectories.To modify a value in logwatch.conf, copy it in the /etc/logwatch/conf/logwatch.conf file while preserving any subdirectories and modify its value. The nexttime Logwatch is executed by the daily cron job, the new values will be used instead ofthe defaults.To change a value in any of the files in the logfiles/ or services/ directory, create thesame file, including subdirectories in the /etc/logwatch/conf/ directory, and, in the file,declare the variables you want to change. For example, the /usr/share/logwatch/default.conf/services/iptables.conf file contains the lines from Listing 20.12 todefine a variable that blocks hosts with less than a certain number of hits between allports.LISTING 20.12IPTables Variable from Logwatch# Set this to enable a filter on iptables/ipchains displays# This will block out hosts who have less than the specified# number of hits between all ports. Defaults to 0.$iptables_host_min_count = 0To change this value, create the /etc/logwatch/conf/services/iptables.conf file. Copythese lines into the newly created file, and change the value of 0 to a different integer.The next time Logwatch is executed by the daily cron job, the new value will be usedinstead of the default.TIPAlternatively, copy the entire file from the /usr/share/logwatch/default.conf/ fileand modify the values of the variables. This method is useful if many variables withina file need to be modified.