Not fixing a problem

[sirsky]

On 1/8/07, Jonathan Hutchins <hutchins at tarcanfel.org> wrote:
>
>
> It's catching every single 404 from the web server logs.  On a site with
> ~40,000 pages, ~150,000 unique URL's, that's heavily crawled by robots on
> a
> daily basis, that makes for a pretty large report.
>
> Add to that the fact that it's also reporting every bounced spam, and it
> appears to be reporting all of the NNTP log entries as well, and any
> useful
> information is obliterated in a report that's well over a megabyte of
> text.
>
> So I tried to follow the instructions and turn off HTTPD reporting.
> Apparently, I got the syntax wrong, so now instead of the 1.4 meg report,
> all
> I get is an error message.



Actually, I've had this very same problem, but I'm using Logsentry, not
logwatch...I think they do pretty much the same thing though.  The
configuration of Logsentry is pretty easy too:

There are 2 particular files you're interested in:

/etc/logcheck/logcheck.ignore
/etc/logcheck/logcheck.violations.ignore

They use a simple regexp to filter out messages you want to ignore.  From
what I've been able to gather the following works:

<service-name>.*<text-to-match>

So, to get rid of your 404's try sticking the following line in both of the
above files:

apache.*404

Just start going through your most recent logcheck email, and when you see a
message you don't want it to report, just add a simple regexp (like above)
to your ignore files.

Hope that helps, I got tired of getting 2Mb to 10Mb emails filled with log
message I didn't want to see as well, and indeed makes the report useless.

-Lucas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://kclug.org/pipermail/kclug/attachments/20070207/25343e8e/attachment.htm