[Logwatch] kernel physical device errors

Kenneth Porter shiva@sewingwitch.com
Wed, 13 Nov 2002 10:29:01 -0800

--On Tuesday, November 12, 2002 4:22 PM -0500 Lance Lovette
<lance.listserv@optimost.com> wrote:

> Yes, the server is running RedHat 7.2. It makes me wonder what else
> LogWatch won't report. Maybe it's better to turn off LogWatch and have
> the logs mailed to me daily so I can manually scan for problems. The
> notices from LogWatch are empty most of the time anyway.

The problem is that the kernel log is so noisy that the default logwatch
script drops anything not recognized. I think the better solution is to log
everything not recognized, and incorporate a more extensive "noise filter".

One approach would be to create an auxiliary file of regex's that represent
noise. A stock file would catch most of the cases, and a second
site-specific site could provide local customization and new patterns to be
submitted back to the distribution. This should probably be done in a
general way to be used by all the service scripts.