Logwatch Filtering for Apache
Jason Holtzapple
ml at bitflip.net
Wed Feb 9 12:52:17 MST 2011
On 02/09/2011 12:20 PM, Tim Noeding wrote:
> I have servers that I monitor and was hoping to cut the apache sections
> of the logwatch down a bit. These servers have had website changes which
> leave links that people have made to images come up as failed access
> attempts in logwatch. Most of these are a known issue. I do not want to
> add these to the regex ignore file for logwatch, as they may become a
> real issue in the future. The one consistent bit of information that
> defines the true problems from the false positives is the number of
> times the problem happens. Generally, if the failure happens more than
> 100 times, I want to know about it. The rest I don't want in the e-mail.
Disclaimer: I don't use logwatch so I don't know if you can accomplish
what you want there or not. If I need to flag an event that involves a
certain number of errors in a certain amount of time I will usually use
the simple event correlator - http://simple-evcorr.sourceforge.net
There's a bit of a learning curve but it's a useful tool.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 554 bytes
Desc: OpenPGP digital signature
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110209/6410b123/attachment.pgp>
More information about the PLUG-discuss
mailing list