[Logcheck-users] Recursing logdirectories?

[Daniel Cross]

Howdy all,

Having a bit of an issue with my logcheck setup, and any help would be
greatly appreciated.

I'm wanting to give logcheck a directory, and have it recurse through
that directory looking at logfiles.

For instance, I have syslog-ng to gather logs from a number of servers,
which end up in a directory structure of:

/var/log/HOSTS/$HOSTNAME/$YEAR/$MONTH/$DAY/

So my logcheck.logfiles looks like:
/var/log/syslog
/var/log/auth.log
/var/log/HOSTS/

But in the logcheck report I get:
E: File could not be read: /var/log/HOSTS/

Running in debug mode shows:
D: [1158102621] logoutput called with file: /var/log/syslog
D: [1158102621] Running logtail: /var/log/syslog
D: [1158102622] logoutput called with file: /var/log/auth.log
D: [1158102622] Running logtail: /var/log/auth.log
D: [1158102622] logoutput called with file: /var/log/HOSTS/
D: [1158102622] Sorting logs
D: [1158102622] Setting the Intro
D: [1158102622] Checking for security alerts
D: [1158102622] greplogoutput: logcheck
D: [1158102622] greplogoutput: returning 1
D: [1158102622] Checking for security events
D: [1158102622] greplogoutput: logcheck
D: [1158102622] greplogoutput: Entries in checked
D: [1158102622] Applying Logcheck override files

So that appears like logtail is having the issue here, confirmed by:
# logtail /var/log/HOSTS
 File /var/log/HOSTS cannot be read.

But if I specify a specific file under this dir, it works fine.
Permissions are all good.

So I guess the question is "How does one get logtail to recurse?"

I've seen this working in the past, so know it can be done, I just seem
to be a bit stumped. 

Thanx

- Daniel