This file is indexed.

/usr/share/logwatch/default.conf/services/evtsecurity.conf is in logwatch 7.4.1-2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
##########################################################################
# $Id: evtsecurity.conf 149 2013-06-18 22:18:12Z mtremaine $
##########################################################################
# $Log: evtsecurity.conf,v $
# Revision 1.1  2007/04/28 22:50:24  bjorn
# Added files for Windows Event Log, by Orion Poplawski.  These are for
# Windows events logged to a server, using Snare Agent or similar.
#
##########################################################################

# You can put comments anywhere you want to.  They are effective for the
# rest of the line.

# this is in the format of <name> = <value>.  Whitespace at the beginning
# and end of the lines is removed.  Whitespace before and after the = sign
# is removed.  Everything is case *insensitive*.

# Yes = True  = On  = 1
# No  = False = Off = 0

Title = "Security Event Log"

# Which logfile group...
LogFile = eventlog

# Only give lines pertaining to the kernel service...
*EventLogOnlyService = security
*RemoveHeaders

# vi: shiftwidth=3 tabstop=3 et