[Logwatch] ignore.conf entry

Markus Lude lude at informatik.uni-tuebingen.de
Tue Feb 28 17:42:13 MST 2006


On Tue, Feb 28, 2006 at 05:37:36PM -0600, Cameron B. Prince wrote:

Hello,

> Hi Bjorn,
> 
> Thanks for your reply...
> 
> > Indeed, something is not quite right, because you should not be getting
> > info on the 200 codes.  Is this a stock logwatch, or were there any
> > customizations in /etc/logwatch?
> 
> The installs are completely stock with Fedora Core 4 and this is on 4
> different servers, all share the same symptoms. The only customization was
> the additions in ignore.conf after the upgrade to v7.2.1-2.

are there any files left from an older logwatch version? Somewhere in
the 7.x versions the directory structure was changed.
 
> > > I upgraded to logwatch-7.2.1-2 which gave me the ignore.conf file. I've
> > > tried the following in this file:
> > >
> > > GET.*HTTP.*200
> > > HTTP\/1.1"\s200
> > >
> > > Neither of these are omitting the 200 response lines and I just can't
> > seem
> > > to find a solid example.
> > 
> > That also puzzled me, but it looks like ignore.conf matches against the
> > output of logwatch, not the log entries.  I've modified the
> > HOWTO-Customize-LogWatch to reflect this.
> 
> Do you have any ideas as to what I can do to ignore.conf so that logwatch
> will disregard the 200'?
> 
> If I can do anything to help troubleshoot the problem, please let me know.

Last time I remember seeing 200 http error code lines was back with
logwatch 6.0 under a heading like
  "A total of ... unidentified 'other' records logged"
This was dropped between 6.0.1 and 6.0.2.

Do your 200 response line appear after such a line or in which part of
the http block?

In the summary at the top of the http block, is there a line for
"mod_proxy connection attempts" or "mod_proxy requests"?
The first is from <=6.0.1, the second from >=6.0.2. If no such line
appears, no mod_proxy request appeared on your server.

Regards,
Markus

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 185 bytes
Desc: not available
Url : http://ip70-176-100-107.ph.ph.cox.net/pipermail/logwatch/attachments/20060228/2bbb3dbd/attachment.bin


More information about the Logwatch mailing list