[Logwatch] reason for ignore?

jabbott at abbotts.org jabbott at abbotts.org
Fri Feb 24 10:52:31 MST 2006


On Fri, 24 Feb 2006, Markus Lude wrote:

> On Fri, Feb 24, 2006 at 11:21:01AM -0600, jabbott at abbotts.org wrote:
> > 
> > With my ignore.conf setup like this:
> > 
> > su: from root to db2tds at /dev/tty??
> > su: from root to db2util at /dev/tty??
> > Accepted password for theMan from 10.1.1.79
> > subsystem request for sftp
> > 
> > Can you tell me why these lines in the messages file are also being ignored?
> > Feb 24 00:05:26 10.1.1.42 Message forwarded from A339: bootpd[36716]: hardware a
> > ddress not found: 000AB7ED966D
> > Feb 24 01:45:10 10.1.1.42 Message forwarded from A339: rcp[25504]: IMPORT file from host tdsB cmd is rcp -f /usr/proj/tds_db/*, local user root.
> > Feb 24 02:30:02 10.1.1.44 Message forwarded from B339: DB2[21676]: Open of log f
> > ile "/home/db2tds/sqllib/db2/db2diag.log" failed with rc 0x840F0001
> > 
> > I have the logwatch.conf setup to run today's data.  I have the date set right on the box and here is the header on my logwatch run.
> > 
> > bash-3.00# date
> > Fri Feb 24 11:11:16 CST 2006
> > 
> >  ################### LogWatch pre7.2 (01/16/06) #################### 
> >         Processing Initiated: Fri Feb 24 11:00:06 2006
> >         Date Range Processed: today
> >                               ( 2006-Feb-24 )
> >                               Period is day.
> >       Detail Level of Output: 0
> >               Type of Output: unformatted
> >            Logfiles for Host: XXXXXXXXXXXXXXXXXXXXXXXXX
> >   ################################################################## 
> > 
> > Maybe I don't understand how this works but I thought that any line that did not match my ignore.conf would show up in the report.  Any idea why these lines are not showing up?
> > 
> > --ja
> 
> Each service script ignore some messages from that service. There are
> some services for which log entries aren't handled by logwatch at all.
> 
> Your log entries seems to be ignored because there is no service script
> to handle bootpd, rcp, DB2. You may write your own to handle those
> specific services.
> 
> Regards,
> Markus
> 

OK, I must have missed that in the docs.  Are there examples somewhere of what these scripts look like?

A bigger question though, how can I use logwatch to notifiy me of unexpected events showing up in the logs then???  That is really what I setup this program for.  To catch anomolies.  How can I anticipate every possible event?

--ja


-- 



More information about the Logwatch mailing list