[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

How to get logwatch to ignore something

Since upgrading to Wheezy, I've had the following entries showing up in
my morning logwatch E-Mail:

> --------------------- Dovecot Begin ------------------------ 
>  Dovecot disconnects:
>     Inactivity: 27 Time(s)
>     Inactivity (tried to use disallowed plaintext auth): 2 Time(s)
>     Logged out in=1115 out=13676: 1 Time(s)
>     Logged out in=12173 out=351935: 1 Time(s)
>     Logged out in=1272 out=27883: 1 Time(s)
>     Logged out in=1303 out=25234: 1 Time(s)
>     Logged out in=1337 out=25064: 1 Time(s)
>     Logged out in=1419 out=30466: 1 Time(s)
>     Logged out in=1527 out=13360: 1 Time(s)
>     [...]

Now, the way those entries are showing up in the syslog looks like this:

> Aug 11 09:12:48 janet dovecot: imap({username}): Disconnected: Logged out in=1714 out=32525
> Aug 11 09:56:55 janet dovecot: imap({username}): Disconnected: Logged out in=2348 out=48815
> Aug 11 13:06:15 janet dovecot: imap({username}): Disconnected: Logged out in=2566 out=44455
> [...]

"{username}" is just me blanking out the username that appeared there.  :-)

Now, for the topper, here's what's in /etc/logwatch/conf/ignore.conf:

> dovecot: .*Connection closed in=
> dovecot: .*Logged out in=
> dovecot: .*Disconnected for inactivity in=

So, the $64,000 question is:  Why are those entries showing up in the
report??  What am I missing here? :-)

(It's all the "logged out" messages I'm trying to ignore.)


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply to: