Logwatch Filtering for Apache

Kevin Fries kfries6 at gmail.com
Wed Feb 9 12:45:59 MST 2011


If it were me I would use something more appropriate to search and filtering
logs like Splunk.

But that is just me?

Kevin

On Feb 9, 2011 12:21 PM, "Tim Noeding" <tim.noeding at gmail.com> wrote:

Good afternoon PLUG,

Let me begin by defining the problem:

I have servers that I monitor and was hoping to cut the apache sections of
the logwatch down a bit. These servers have had website changes which leave
links that people have made to images come up as failed access attempts in
logwatch. Most of these are a known issue. I do not want to add these to the
regex ignore file for logwatch, as they may become a real issue in the
future. The one consistent bit of information that defines the true problems
from the false positives is the number of times the problem happens.
Generally, if the failure happens more than 100 times, I want to know about
it. The rest I don't want in the e-mail.

I have attempted to manipulate the apache configs in logwatch but have
failed to accomplish my goal. This may be due to my lack of perl scripting
skills.

Has anyone else attempted something similar?

Is there a way to manipulate a cache file output before its added to the
e-mail?

I was hoping to do this somewhere inside logwatch, rather than changing the
cron to manipulate it before sending the e-mail.

Thanks in advance!

 - Tim

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110209/5aa48939/attachment.html>


More information about the PLUG-discuss mailing list