[Logwatch-Devel] Proposal/Suggestion for filter REs

Mike Tremaine mgt at stellarcore.net
Fri Dec 16 13:19:05 MST 2005


On Fri, 2005-12-16 at 12:01 -0800, Bjorn L. wrote:
> logwatch at mikecappella.com wrote:
> 
> > I would like to propose that sample (sanitized) log entries are provided
> > with each filter and patches, perhaps as a comment within the if-then
> > clauses.  The comment should minimally indicate platform, and software
> > version, something like:
> > 
> >   LOG: Fedora3: Postfix 2.2.6: ... myhost postfix/smtpd[11128]: disconnect
> > from unknown[111.222.111.222]
> 
> I don't mind log collection, but I would prefer it not be included in
> the source, for two reasons:
> 
> a) It just clutters it.
> b) People might think that the filter corresponds to the log entry.
>     The source code of the application generating the log entries is the
>     only reliable place to find out how the log entries are generated.
> 
The unspoken solution is that every so often someone who cares enough
needs to go through the filter and remove the bloat and clean up the RE.
Sounds painful huh? I'll point out that Bjorn did just this with the
Sendmail filter this year. A huge task but the end was result was very
good.

-Mike



More information about the Logwatch-Devel mailing list