Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
I've got logwatch running on my home server (ArchLinux), which is also running NTP... Which throws a whole heap of entries in to my logs about adjusting the local clock such as:
Code:
Apr 23 15:35:37 lapp ntpd[2945]: adjusting local clock by 0.217558s
I have told logwatch to ignore these entries by modifying ignore.conf:
Code:
fukawi2 ~ $ cat /etc/logwatch/conf/ignore.conf
^[A-Z]\{1\}[a-z]\{2\}[ ]\{1,3\}[0-9]\{1,2\} [0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\} lapp ntpd\[[0-9]\{4\}]: adjusting local clock by -*[0-9]\{1,5\}.[0-9]\{6\}s
adjusting local clock by -*[0-9]\{1,5\}.[0-9]\{6\}s
The regex is correct:
Code:
fukawi2 ~ $ sudo grep -f /etc/logwatch/conf/ignore.conf /var/log/everything.log | head
Apr 20 00:04:40 lapp ntpd[2964]: adjusting local clock by -3366.334204s
Apr 20 00:07:53 lapp ntpd[2964]: adjusting local clock by -3366.319881s
Apr 20 00:09:00 lapp ntpd[2964]: adjusting local clock by -3366.275946s
Apr 20 00:12:14 lapp ntpd[2964]: adjusting local clock by -3366.231390s
Apr 20 00:15:25 lapp ntpd[2964]: adjusting local clock by -3366.173226s
Apr 20 00:19:48 lapp ntpd[2964]: adjusting local clock by -3366.135475s
Apr 20 00:22:29 lapp ntpd[2964]: adjusting local clock by -3366.106383s
Apr 20 00:24:37 lapp ntpd[2964]: adjusting local clock by -3366.069773s
Apr 20 00:27:20 lapp ntpd[2964]: adjusting local clock by -3366.039979s
Apr 20 00:29:35 lapp ntpd[2964]: adjusting local clock by -3366.032703s
But I still get hundreds of these entries in my daily logwatch email
Code:
--------------------- XNTPD Begin ------------------------
**Unmatched Entries**
adjusting local clock by -3314.495262s: 1 time(s)
adjusting local clock by -3322.181234s: 1 time(s)
adjusting local clock by -3325.820765s: 1 time(s)
adjusting local clock by -3318.454042s: 1 time(s)
adjusting local clock by -3319.596601s: 1 time(s)
adjusting local clock by 0.268634s: 1 time(s)
adjusting local clock by -3313.718419s: 1 time(s)
adjusting local clock by -3322.058501s: 1 time(s)
<-- SNIP -->
I believe I'm doing the right thing since I read the /usr/share/logwatch/HOWTO-Customize-LogWatch file which states:
Quote:
ignore.conf: This file specifies regular expressions that, when matched by the output of logwatch, will suppress the matching line, regardless of which service is being executed.
Quote:
You can customize the output of logwatch by modifying variables in the /etc/logwatch/conf directory.
I think your regex may be to strict/greedy since AFAIK Logwatch itself has a routine for stripping the date and hostname "^[A-Z]\{1\}[a-z]\{2\}[ ]\{1,3\}[0-9]\{1,2\} [0-9]\{2\}:[0-9]\{2\}:[0-9]\{2\} lapp ntpd\[[0-9]\{4\}]: " part. As far as the message itself is concerned, why would you need "adjusting local clock by -*[0-9]\{1,5\}.[0-9]\{6\}s adjusting local clock by -*[0-9]\{1,5\}.[0-9]\{6\}s"? The constant string is is "adjusting local clock by" which should be way specific enough to filter with.
I tested adding exclusions to /etc/logwatch/conf/ignore.conf (Logwatch 7.3.6). Per-line filters consisting of single words or multiple words separated by spaces work, regexes wouldn't stick whatever I tried. So (w/o outer quotes) a line like "adjusting local clock" should work. If it doesn't you have two choices: hack in a filter something like "($ThisLine =~ /adjusting local clock/) or" in the xntp service file or e-mail the developer...
I note that this thread has been inactive since 2008 but since I was researching the same issue with little success on the internet, I thought that I would share my findings. Logwatch does not appear to use standard regexp syntax in the ignore.conf file. I tried several regular expressions in an attempt to filter some Logwatch output without much success. After changing the syntax of the expressions to that used by perl, I was able to filter out extraneous output.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
