[Logwatch] logwatch runs for 12-26 hours, exim logs to blame

Kit Gerrits kitgerrits at gmail.com
Wed May 28 08:06:20 MST 2008


Gordon,

Wasn't there a way of 'grepping out' specific terms in the exim.conf?

If not:
Might I suggest moving the most-hit rules to the top of the exim script?
(That way it doesn't spend time on matching to unused lines)

You can even 'ignore' unwanted lines by not having any action associated
with matches.
(do keep a backup of your modified script, as it might get overwritten by a
logwatch update)

Just my 2c.


Regards,

Kit Gerrits
 

> -----Original Message-----
> From: logwatch-bounces at logwatch.org 
> [mailto:logwatch-bounces at logwatch.org] On Behalf Of Gordon
> Sent: woensdag 28 mei 2008 16:30
> To: logwatch at logwatch.org
> Subject: [Logwatch] logwatch runs for 12-26 hours, exim logs to blame
> 
> Any recommended rtfm for making logwatch run faster would be 
> appreciated.  I have hacked a few changes but run time of 20 
> hours is not unusual.  My exim logs are 250MB per day... 
> /var/log/maillog is about the same size (spamassassin detail)
> 
> Am I correct in thinking ignore.conf only stops reporting of, 
> not calculation of these errors?
> 
> I suspect these summations may be to blame.
> 
>   --- Bad Hosts ---
>     Rejected HELO/EHLO: syntactically invalid argument(s) 1228 times
>     SMTP Syntax errors 278 times
>     SMTP Timeout errors 3812 times
>     Sudden disconnect while expecting remote input 99128 times
> 
>   --- SMTP Connection Issues
>     SMTP connection lost when connection reset by peer : 77804 Time(s)
>     SMTP connection closed by QUIT: 115118 Time(s)
>     SMTP connection lost while reading message data: 960 Time(s)
>     SMTP connection lost (non-specific): 58568 Time(s)
>     SMTP connection TCP/IP connection count (warning): 363319 Time(s)
> 
>   --- Failed Reverse Lookups
>   --- 104124  Time(s)
> 
> I am using an RPM for centos5 logwatch-7.3-5
> 
> ps -ef sample taken 10:29 AM (running 9.5 hours)
> 
> root     19416 19297  0 01:04 ?        00:00:00 sh -c ( cat 
> /var/cache/logwatch/logwatch.2J1A9ehy/exim  |  /usr/bin/perl
> /usr/share/logwatch/scripts/services/exim) 2>&1
> root     19417 19416  0 01:04 ?        00:00:00 sh -c ( cat 
> /var/cache/logwatch/logwatch.2J1A9ehy/exim  |  /usr/bin/perl
> /usr/share/logwatch/scripts/services/exim) 2>&1
> root     19418 19417  0 01:04 ?        00:00:01 cat 
> /var/cache/logwatch/logwatch.2J1A9ehy/exim
> root     19419 19417 97 01:04 ?        09:10:36 /usr/bin/perl 
> /usr/share/logwatch/scripts/services/exim
> 
> _______________________________________________
> Logwatch mailing list
> Logwatch at logwatch.org
> http://www2.list.logwatch.org:81/mailman/listinfo/logwatch



More information about the Logwatch mailing list