I have an RH9 box running a mail server at home (login required for
pop access).

Right now, all the pop logins & logouts are logged into both
/var/log/secure & /var/log/maillog.

My questions are:

1. how should I config it, so it only logs to maillog or secure?

2. assuming I can make it to log to maillog, do I need to do anything
for logwatch to generate login/logout reports based on maillog? As of
now, logwatch seems to generate the login/logouts reports based on
secure log.