[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to get logwatch to ignore something

[Following up to myself]

David Guntner grabbed a keyboard and wrote:
> Since upgrading to Wheezy, I've had the following entries showing up in
> my morning logwatch E-Mail:
>> --------------------- Dovecot Begin ------------------------ 
>>  Dovecot disconnects:
>>     Inactivity: 27 Time(s)
>>     Inactivity (tried to use disallowed plaintext auth): 2 Time(s)
>>     Logged out in=1115 out=13676: 1 Time(s)
>>     Logged out in=12173 out=351935: 1 Time(s)
>>     Logged out in=1272 out=27883: 1 Time(s)
>>     Logged out in=1303 out=25234: 1 Time(s)
>>     Logged out in=1337 out=25064: 1 Time(s)
>>     Logged out in=1419 out=30466: 1 Time(s)
>>     Logged out in=1527 out=13360: 1 Time(s)
>>     [...]
> Now, the way those entries are showing up in the syslog looks like this:
>> Aug 11 09:12:48 janet dovecot: imap({username}): Disconnected: Logged out in=1714 out=32525
>> Aug 11 09:56:55 janet dovecot: imap({username}): Disconnected: Logged out in=2348 out=48815
>> Aug 11 13:06:15 janet dovecot: imap({username}): Disconnected: Logged out in=2566 out=44455
>> [...]
> "{username}" is just me blanking out the username that appeared there.  :-)
> Now, for the topper, here's what's in /etc/logwatch/conf/ignore.conf:
>> dovecot: .*Connection closed in=
>> dovecot: .*Logged out in=
>> dovecot: .*Disconnected for inactivity in=
> So, the $64,000 question is:  Why are those entries showing up in the
> report??  What am I missing here? :-)
> (It's all the "logged out" messages I'm trying to ignore.)

Ok, upon further searching around, I think I found the problem.  It
looks like the config file location for the program moved somewhere
along the way.  It's no longer using /etc/logwatch (I *thought* that
directory seemed kinda empty other than my lone ignore.conf file which
had been there; it probably didn't get removed because it knew I had
modified the file), but is now in /usr/share/logwatch/default.config.
Which strikes me as a rather strange place to put config files....  I'll
put my entries in the ignore.conf file there and see if that takes care
of it.


Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply to: