[Logwatch] LogWatch and TomCat applications.

Davide Bianchi db at sentia.nl
Wed Nov 11 02:20:57 MST 2009


I am in the situation of mantaining several TomCat servers.
Unfortunately, since Java servlets most of the time don't have
extensions, all the requests processed by Apache and redirected to
tomcat does not appear in the logs with a known document type (is not
HTML, CSS etc.) so they are all marked as 'others'.

This generate the problem of receiving a report where almost all the
requests are reported as 'other', making real 'problems' more difficult
(or impossible) to spot.

I thin that the major problem is that all the 'other' records are
detailed in the report if not yet reported as known hacks, maybe it
would be better to _not_ reports all the records instead by default and
only reports the one that _are_ recognized as 'hacks'.

The change is one simple line in the scripts/services/http script:

$ diff -u scripts/services/http /etc/log.d/scripts/services/http
--- scripts/services/http       2009-11-10 14:34:04.000000000 +0100
+++ /etc/log.d/scripts/services/http    2007-09-10 13:40:34.000000000
@@ -317,7 +317,7 @@
    } else {
       $other_count += 1;
       $other_bytes += $field{bytes_transfered};
-      if ($isahack ) {
+      if (!$isahack ) {
          if ( !$ignore_error_hacks ) {
             $needs_exam{$field{request}} .= $field{http_rc}." ";
          } elsif ( $field{http_rc} >= 400 ) {


Met vriendelijke groeten,

Davide Bianchi
Sentia B.V.

t: +31-(0)20-7505733
f: +31-(0)20-7505787
w: http://www.sentia.nl

More information about the Logwatch mailing list