On 02/09/2011 12:20 PM, Tim Noeding wrote:
> I have servers that I monitor and was hoping to cut the apache sections
> of the logwatch down a bit. These servers have had website changes which
> leave links that people have made to images come up as failed access
> attempts in logwatch. Most of these are a known issue. I do not want to
> add these to the regex ignore file for logwatch, as they may become a
> real issue in the future. The one consistent bit of information that
> defines the true problems from the false positives is the number of
> times the problem happens. Generally, if the failure happens more than
> 100 times, I want to know about it. The rest I don't want in the e-mail.
Disclaimer: I don't use logwatch so I don't know if you can accomplish
what you want there or not. If I need to flag an event that involves a
certain number of errors in a certain amount of time I will usually use
the simple event correlator -
http://simple-evcorr.sourceforge.net
There's a bit of a learning curve but it's a useful tool.
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss