LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 05-25-2012, 03:06 AM   #1
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,577
Blog Entries: 31

Rep: Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197
logwatch: where to configure local ignore patterns?


Where should local ignore patterns be configured for logwatch? Ideally it would be a dedicated file, rather than one of the as-installed files and ideally it would be per-service/daemon rather than all in one file.

Trying a non-ideal solution I tried appending patterns to /etc/logwatch/conf/ignore.conf and restarted logwatch but the filtered messages continued to appear in the logwatch report. Versions: Debian Squeeze, logwatch 7.3.6.

Assuming the patterns should follow the same format as logcheck patterns they were "known good" patterns including
Code:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ovpn-client(.[^.]*)?\[[^:]*\]: NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ ovpn-client(.[^.]*)?\[[^:]*\]: \[[[:alnum:]]*\] Peer Connection Initiated with \[AF_INET\][0-9.]*:1194$
 
Old 05-26-2012, 02:52 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590Reputation: 3590
Quote:
Originally Posted by catkin View Post
Where should local ignore patterns be configured for logwatch?
/etc/logwatch/conf/ignore.conf


Quote:
Originally Posted by catkin View Post
(..) patterns should follow the same format as logcheck patterns (..)
Patterns should be lines like they appear in the Logwatch report and not extended regexes because ignore.conf contents work on Logwatch report output, so:
Code:
NOTE: OpenVPN 2.1 requires \'--script-security 2\' or higher to call user-defined scripts or executables
Peer Connection Initiated with \[AF_INET\]
or:
Code:
NOTE: OpenVPN 2.1 requires
Peer Connection Initiated with
See this (bottom part) and this or search here.
 
1 members found this post helpful.
Old 05-26-2012, 11:04 AM   #3
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,577

Original Poster
Blog Entries: 31

Rep: Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197
Many thanks unSpawn

Those links look informative, better than I found netsearching. It will take me a while to get to it but will update this thread when I have.
 
Old 05-29-2012, 12:52 AM   #4
catkin
LQ 5k Club
 
Registered: Dec 2008
Location: Tamil Nadu, India
Distribution: Debian
Posts: 8,577

Original Poster
Blog Entries: 31

Rep: Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197Reputation: 1197
I decided to abandon logwatch and go with logcheck only. After initial exploration of both, I was vaguely intending to use logwatch for weekly summary reports and logcheck for hourly reports (which would only be generated when there were exceptions).

logwatch's need for verbatim message matches rather than using regexes means a lot of administration work on filtering messages in which the variable component appears early in the lines such as OpenVPN's "[<client name>] Peer Connection Initiated with [AF_INET]<IP address removed>:37319". Every time a new client is added, a new logwatch filter would have to be added.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LogWatch ignore.conf not working fukawi2 Linux - Software 5 07-13-2011 05:36 PM
How to configure Logwatch? Winanjaya Linux - Security 1 03-04-2010 07:00 PM
Configure Logwatch to run montly schlegrun Linux - Newbie 3 01-12-2010 12:19 PM
How can I get logwatch to ignore unmatched entries? abefroman Linux - Software 1 09-09-2009 05:32 AM
How do you configure LogWatch in RH9? jswilson Linux - Newbie 0 01-30-2004 01:52 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 03:21 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration