[Logwatch] logwatch too verbose
Gerald Teschl
Gerald.Teschl@univie.ac.at
Fri, 17 Oct 2003 12:58:07 +0200
Hi Kirk,
I just tried the latest version of logwatch (4.3.2) on one of
my servers. But for the following reasons it is way too verbose:
1) iptable logs:
From 131.130.1.11 - 146 packets
To 193.170.117.2 - 146 packets
<sniped 146 lines>
Now it lists all 146 packages and there are about 5 entries like this.
Suggestion: If there are more then 10 packets to different ports,
just print a summary "146 packets to 120 different ports".
2) sendmail
Connections Rejected due to load average::
Load Avg 12: 6 Times(s)
Load Avg 13: 2 Times(s)
Load Avg 14: 2 Times(s)
Load Avg 15: 3 Times(s)
The listing does not give any usefull information. Something like
Connections Rejected due to load average: 13 Time(s)
would suffice IMHO. Moreover, I get 200 lines like
-----------------------
Unknown users:
03eicletq@esi.ac.at
from kiwi1.citicorp.com [192.193.79.20] 1 time(s).
<sniped 200 similar lines>
-----------------------
Again, I suggest to print only something like "Mail to unknown users: 200 Time(s)"
if there are more than 10 items.
BTW, the optimal solution for this, would be to define a sub for generating listings
like
bla bla: x Time(s)
This sub could sort the entries by x and if there are more than 10, print the top10
plus "... more entries omitted"
Keep up the good work,
Gerald