On 4/7/2012 3:55 PM, Mail Lists wrote: > On 04/07/2012 10:09 AM, Bob Hoffman wrote: >> Logwatch file shows last upgrade to the code was 2007. >> The unmatched entries are killing me in the reports. >> I figure there must be a newer utility centos has in the repo but I >> cannot find one. >> >> Is logwatch the only one that is included? >> >> thanks >> _______________________________________________ >> CentOS mailing list >> CentOS at centos.org >> http://lists.centos.org/mailman/listinfo/centos >> > Have you tried editing the files in > > /usr/share/logwatch/default.conf/services/ > > or > > /usr/share/logwatch/default.conf/ignore.conf > > ? Using customizations to logwatch helps greatly with unmatched entries. I was spending too much time looking through the logwatch email due to unmatched entries that I did not need to see. So, I used customizations to eliminate or consolidate into one line the unmatched entries. Customizations are placed in /etc/logwatch under the appropriate directory (e.g. conf or scripts). Logwatch will use both the default and the custom configurations. Settings in the custom file override default settings. A custom script will be executed in place of the default (standard) script. For customizations, I included one custom setting to direct logwatch to ignore entries from specific hosts. I created a new configuration file in /etc/logwatch/conf/logfiles for the service (dovecot.conf in my case), adding the one setting I needed ($dovecot_ignore_host in my case.) For scripts, I copied the default script from /usr/share/logwatch/scripts/services (dovecot in my case) into the /etc/logwatch/scripts/services directory, then modified it to meet my requirements. (I added elsif clauses to check for the unmatched entries and handle them as needed.) Also, updates to logwatch do not remove my custom changes. It took a couple of hours for me to get it working.