Luke R

Hi Bjorn - Thanks for the response. I can update Logwatch but it sounds like it would not be the option for shipping Suricata logs - anything you would recommend instead?

I currently have suricata running on a VM with traffic being mirrored to the VM from my router w/ Pre and Postrouting rules. I am interested in configuring Logwatch to be able to send me a daily feed of the latest logs in the fast.log section, where security alerts are logged, but wanted to make sure I could set up logwatch general settings first. I installed Logwatch via CLI and then edited $ nano /usr/share/logwatch/default.conf/logwatch.conf The following are set and uncommented: LogDir = LogDir...