Only by looking at threads like
this you will realise that by making Logwatch actually display logged errors you can take action. In short: keeping errors from being displayed defeats the purpose of logging and using Logwatch.
What you should do is create a service configuration. Using the "up2date" service (since it's a small config) as example, you see it comprises of:
- a service declaration in /usr/share/logwatch/default.conf/logfiles/up2date.conf,
- a logfile declaration in /usr/share/logwatch/default.conf/services/up2date.conf,
- log preprocessing scripts log in /usr/share/logwatch/scripts/logfiles/ and
- the actual service processing script /usr/share/logwatch/scripts/services/up2date.
In the scripts/services/up2date script, at around like 27 it starts the "ignore" section in which you can add all lines that are of the informational level or purpose:
Code:
22 while (defined($ThisLine = <STDIN>)) {
23 if ( $Debug >= 5 ) {
24 print STDERR "DEBUG($DebugCounter): $ThisLine";
25 $DebugCounter++;
26 }
27 if ( ( $ThisLine =~ /^updating login info$/ ) or
and further down, at around 60, actions that should be tallied, and at around 78 lines that fit no classification that you should be informed about anyway. The point is that by creating a "cpanel service" configuration you can give back to Logwatch by extending and improving it. If you want help creating the service config attach a file with a sufficient amount of usable log lines.
Your other option is adding regexes to /etc/logwatch/conf/ignore.conf, one item per line (gets matched through "$logline =~ m/$ignore/;"), like:
which would greedy-match all lines including that text, or more specifically:
Code:
Pushing "733
terminated without error
* I'm not sure the "733 needs to be escaped as \"733. Run it to find out and post back if it works or not.