Excluding entries from logwatch reports
I use logwatch on all of my RHEL/CentOS hosts to mail daily digests of important log activity for eyeballing.
However, on my mail server, I run freshclam from cron, and this appears to confuse the clam-update logwatch script plugin. So, this leaves the question – how do you disable a specific plugin?
First, you can list the available script plugins:
# ls /usr/share/logwatch/scripts/services
In my case, the plugin I wanted to disable was clam-update (the script name will match the appropriate headed block within your logwatch output).
To disable, I added the following to /etc/logwatch/conf/logwatch.conf
1 2 | # Added 05/11/2009 - KW Service = "-clam-update" |
Once done, re-run logwatch. You should see the offending log block removed from your email.
# /etc/cron.daily/0logwatch
Cheers,
Kevin
Categories: CentOS/RHEL, Logwatch