Logwatch too verbose, don't want 404 messages
I recently installed logwatch on a server, problem is that the report is filled with hundreds of lines "Requests with error response code ,404"
I've searched the docs and all over the Internet, strangely enough only found 1 person with similar problem and the solution provided does not help me. Setting these in etc/logwatch/conf/services/http.conf doesn't change anything: HTTP_IGNORE_ERROR_HACKS = 1 (tried 0 and 1) HTTP_RC_DETAIL-404 = 10 (tried 0,5,10,Low,Med,High) (Adding a wrong entry makes Logwatch spit out an error message, so the file is read.) Detail setting för logwatch is "Low". Any ideas how to stop Logwatch from reporting 404:s? |
Firstly, why are you trying to stop it reporting 404s? That probably means you've got broken links on your site, which you should be fixing ;) you've set the RC_DETAIL-404 to 10, which I'm guessing is higher than your detail setting, so you're only getting a one-line error report. I would lower the RC_DETAIL-404 setting and fix the broken links.
However, I'm aware it might *not* be broken links and it could even be something which leaves you utterly blameless. In which case, I think adding the line Code:
*404* |
Thanks for your reply!
Adding "*404* to /etc/logwatch/conf/ignore.conf does not work, only output from logwatch then is Code:
"Quantifier follows nothing in regex; marked by <-- HERE in m/* <-- HERE 404*/ at /usr/sbin/logwatch line 1199, <TESTFILE> line 2." Why I'm trying to stop it reporting 404s is because I'm not responsible for the websites on this server, my job is just to keep it up & running. I have notified the developers about these 404:s (they are pretty strange as the reported links actually works!) but as long as they keep coming I need to filter them out to get the report readable. I do not want to stop all messages from httpd though! Quote:
Code:
"The following is supported for backwards compatibility, but deprecated" |
Hm, sorry, I didn't realise it was a proper regex. My guess is
Code:
.*404.* I don't know how much you know about regular expressions - I was thinking that '*' would stand for any string (similar to globbing in the bash shell), but it seems to be used in its "proper" sense, which means repeat the previous character any number of times (including none). It was complaining because there was no character before it. And '.' matches any character, not a literal fullstop. |
In a way, that worked!
(I know a little something about regex:s, not very much though. Whenever I need one it always takes me an hour or so to get it right.) But it seems that the file "ignore.conf" only filters the report, taking out the lines containing "404" in the report only - it does not ignore lines in logfiles. This means I now get 298 rows instead of 300... For clarification, here's a snippet: W/o ignore.conf: Code:
Requests with error response codes Code:
Requests with error response codes Hmmm maybe I'll set logwatch up to email the developers every hour, might make them more interrested in solving the actual problems.. ;) |
Hm.... I don't know. My approach would be to try to lower the verbosity of the error reporting so that all of the information for the 404 error was on one line, but I can't find anything to suggest this is possible... Perhaps browsing through /usr/share/doc/logwatch might have some info :)
EDIT: You did say setting 'Detail = Med' didn't work, right? |
I already have Detail=Low for logwatch, tried then various settings for RC_DETAIL-404 but as mentioned earlier it has no effect.
... and I sure have read the docs for logwatch, as well as searched like h..ll for a solution! All I've found is suggestions to set RC_DETAIL-404 higher than l the logwatch detail-level, but as mentioned it doesn't work. |
As far as I am aware, the services/http.conf setting should be
Code:
$HTTP_RC_DETAIL_REP-404 = <level> To suppress output entirely then, filter the resulting summary lines in ignore.conf using Code:
404 Not Found |
Quote:
So it is "HTTP_RC_DETAIL_REP-404" - not "HTTP_RC_DETAIL-404"! A small error then in the default logwatch.conf, I never could have guessed that! Thanks a lot! |
[SOLVED] Logwatch too verbose, don't want 404 messages
Trying to solve this problem and ran across this post. Tried the suggested change in http.conf in the services for logwatch with no success. After looking in the /usr/share/logwatch/default.conf/services directory, found the default http.conf file used by logwatch with a line commented out that was slightly different than the answer given.
Added the following line to the /etc/logwatch/conf/services/http.conf (had to create) $http_rc_detail_rep_404 = 20 After making this change and running logwatch, the output then looked like this: --------------------- httpd Begin ------------------------ Requests with error response codes 404 Not Found SUMMARY - 340 URLs, total: 1044 Time(s) ---------------------- httpd End ------------------------- Just wanted to help others out when encountering this issue. Running logwatch version 7.4.0 on Ubuntu 12.04 LTS 64bit. Regards, Ken E. |
All times are GMT -5. The time now is 04:10 AM. |