On 1/8/07, <b class="gmail_sendername">Jonathan Hutchins</b> &lt;<a href="mailto:hutchins@tarcanfel.org">hutchins@tarcanfel.org</a>&gt; wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>It&#39;s catching every single 404 from the web server logs.&nbsp;&nbsp;On a site with<br>~40,000 pages, ~150,000 unique URL&#39;s, that&#39;s heavily crawled by robots on a<br>daily basis, that makes for a pretty large report.
<br><br>Add to that the fact that it&#39;s also reporting every bounced spam, and it<br>appears to be reporting all of the NNTP log entries as well, and any useful<br>information is obliterated in a report that&#39;s well over a megabyte of text.
<br><br>So I tried to follow the instructions and turn off HTTPD reporting.<br>Apparently, I got the syntax wrong, so now instead of the 1.4 meg report, all<br>I get is an error message.</blockquote><div><br><br>Actually, I&#39;ve had this very same problem, but I&#39;m using Logsentry, not logwatch...I think they do pretty much the same thing though.&nbsp; The configuration of Logsentry is pretty easy too:
<br><br>There are 2 particular files you&#39;re interested in:&nbsp; <br><br>/etc/logcheck/logcheck.ignore<br>/etc/logcheck/logcheck.violations.ignore<br><br>They use a simple regexp to filter out messages you want to ignore.&nbsp; From what I&#39;ve been able to gather the following works:
<br><br>&lt;service-name&gt;.*&lt;text-to-match&gt;<br><br>So, to get rid of your 404&#39;s try sticking the following line in both of the above files:<br><br>apache.*404<br><br>Just start going through your most recent logcheck email, and when you see a message you don&#39;t want it to report, just add a simple regexp (like above) to your ignore files.
<br><br>Hope that helps, I got tired of getting 2Mb to 10Mb emails filled with log message I didn&#39;t want to see as well, and indeed makes the report useless.<br></div><br></div>-Lucas<br>