Not fixing a problem

[Jonathan Hutchins]

I find myself in an interesting dilemma.

I run logwatch the mail and web servers I manage.  It used to give me some 
useful info, but these days, it has problems.

It's catching every single 404 from the web server logs.  On a site with 
~40,000 pages, ~150,000 unique URL's, that's heavily crawled by robots on a 
daily basis, that makes for a pretty large report.

Add to that the fact that it's also reporting every bounced spam, and it 
appears to be reporting all of the NNTP log entries as well, and any useful 
information is obliterated in a report that's well over a megabyte of text.

So I tried to follow the instructions and turn off HTTPD reporting.  
Apparently, I got the syntax wrong, so now instead of the 1.4 meg report, all 
I get is an error message.

Which is really just as useful.  So why fix it?

I know it's theoretically possible to configure and customize logwatch, but 
when I tried to find documentation on it, all I found were incredibly 
detailed and obtuse instructions for building your own custom log filters 
from the ground up.  Not helpful.

I'm posting this for your amusement at the dilemma, and in the vague hope that 
someone, somewhere, has written an intelligible guide to configuring logwatch 
on a very superficial level.  Then again, maybe someone knows of a better 
tool.