jug...@lavabit.com wrote: > I've read several threads about Logwatch. Many people say it's very > annoying. I think I'll stick with `by hand' approach.
Logwatch isn't a browser program. It is a log scraper that every few minutes processes the log files and emails "interesting" log files to the admin. Interesting is defined as any line that does not match one of the list of regular expressions that are suppressed. Logwatch is annoying out of the box but extremely useful if tuned. It is annoying because there are so many messages logged that will be emailed to you. The default packaged set of rules is not comprehensive. But there are a very large number of possible messages logged and it would be too much to ask of it to suppress all of them across many of the packages. So out of the box it is very noisy. But if you spend the time to augment the rules with additional rules to suppress what is causing noise on your system then the result is very much on target. But this takes some effort. For me the effort is worth it. But I add 320 additional supression rules to make it usable to give you an idea of how much effort is needed. > Anyway, it's not convenient to use `more'. I'd like to try `grep' > instead, but I don't know the right words (like `Exim exploded' for > `/var/log/mail.log' or `PWN3D' for `/var/log/auth.log'). Is there a > list? The syslog file format is three fields of date code followed by the hostname. This is followed by whatever is logged. Usually that will be the process name and process id number followed by whatever. If you are only interested in exim logs then look in the mail.log file for just exim logged messages. I don't use exim, postfix is my preference, but on systems with exim I think exim logs elsewhere too. But normally grep'ing for the process name is enough to extract all messages associated with that process. If you are having problems with exim then you might consider asking it here directly. I can't help though since I don't run it and don't know enough about it to answer questions about it. Bob
signature.asc
Description: Digital signature
