Hi, I've become quite enamored with epylog as a replacement for logwatch; it's been meeting my needs nicely. I've been working on tweaking my epylog 1.0.3 configuration for a LAMP server, and wanted to share some of my configurations. === /etc/epylog/weed_local.cf ## Ubuntu 10.04 LTS # CRON invocation CRON\[\d+\]: \(root\) CMD \( cd / && run-parts --report /etc/cron.(daily|hourly|weekly|monthly)\) # CRON session open / close for root when invoked by uid=0 CRON\[\d+\]: pam_unix\(cron:session\): session (open|clos)ed for user root( by \(uid=0\))? # Automatic PHP Session garbage collection CRON\[\d+\]: \(root\) CMD \( \[ -x /usr/lib/php5/maxlifetime \] && \[ -d /var/lib/php5 \] && find /var/lib/php5/ -type f -cmin +$\(/usr/lib/php5/maxlifetime\) -print0 | xargs -n 200 -r -0 rm\) # cracklib cracklib: no dictionary update necessary\. # ntdp peer validation ntpd\[\d+\]: peer \d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} now (valid|invalid) === Back in 2007, Jeremy Kindy at WFU posted a few modules, two of which work with Ubuntu; sudo usage logs and user/group reporting (imperfect, I may update it). Note: you'll get some noise about their self-signed certificate. https://lists.dulug.duke.edu/pipermail/epylog/2007-August/000274.html sudo mkdir /usr/local/src/epylog_kindyjd_modules cd /usr/local/src/epylog_kindyjd_modules sudo wget --no-check-certificate http://lists.dulug.duke.edu/pipermail/epylog/attachments/20070821/004982a... sudo tar zxvf epylog_modules.tar.gz # sudo sudo cp sudo_mod.py /usr/share/epylog/modules sudo cp sudo.conf /etc/epylog/modules.d # users sudo cp users_mod.py /usr/share/epylog/modules sudo cp users.conf /etc/epylog/modules.d Edit /etc/epylog/modules.d/sudo.conf and change files to: files = /var/log/auth.log[.#] Edit /etc/epylog/modules.d/users.conf and change files to: files = /var/log/auth.log[.#] === I've been getting a deprecation warning: /usr/lib/pymodules/python2.6/epylog/publishers.py:268: DeprecationWarning: the MimeWriter module is deprecated; use the email package instead import StringIO, MimeWriter http://osdir.com/ml/debian-bugs-dist/2010-11/msg02837.html referred to a patch available at https://fedorahosted.org/epylog/changeset/394/epylog#file8 , but that link is now invalid. To the best of my knowledge, it's a known issue and has been fixed in dev, but not in any releases. Is there any way I can get that patch? === Thanks for all your hard work on this, and to Seth Vidal for picking up development again! Best regards, Jon Peck Owner, FluxSauce.com