On 1/8/07, <b class="gmail_sendername">Jonathan Hutchins</b> <<a href="mailto:hutchins@tarcanfel.org">hutchins@tarcanfel.org</a>> wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>It's catching every single 404 from the web server logs. On a site with<br>~40,000 pages, ~150,000 unique URL's, that's heavily crawled by robots on a<br>daily basis, that makes for a pretty large report.
<br><br>Add to that the fact that it's also reporting every bounced spam, and it<br>appears to be reporting all of the NNTP log entries as well, and any useful<br>information is obliterated in a report that's well over a megabyte of text.
<br><br>So I tried to follow the instructions and turn off HTTPD reporting.<br>Apparently, I got the syntax wrong, so now instead of the 1.4 meg report, all<br>I get is an error message.</blockquote><div><br><br>Actually, I've had this very same problem, but I'm using Logsentry, not logwatch...I think they do pretty much the same thing though. The configuration of Logsentry is pretty easy too:
<br><br>There are 2 particular files you're interested in: <br><br>/etc/logcheck/logcheck.ignore<br>/etc/logcheck/logcheck.violations.ignore<br><br>They use a simple regexp to filter out messages you want to ignore. From what I've been able to gather the following works:
<br><br><service-name>.*<text-to-match><br><br>So, to get rid of your 404's try sticking the following line in both of the above files:<br><br>apache.*404<br><br>Just start going through your most recent logcheck email, and when you see a message you don't want it to report, just add a simple regexp (like above) to your ignore files.
<br><br>Hope that helps, I got tired of getting 2Mb to 10Mb emails filled with log message I didn't want to see as well, and indeed makes the report useless.<br></div><br></div>-Lucas<br>