/etc/cron.daily/00logwatch:
postdrop: warning: uid=0: Illegal seek
sendmail: fatal: root(0): queue file write error
By default, LogWatch rolls up identical kernel messages and displays them like this:
8 Time(s): rtc: lost some interrupts at 2048Hz.
However, under Ubuntu 6.10 and 7.04 (and perhaps other versions, as well as in other distros), the log messages look like:
[1123387.327543] rtc: lost some interrupts at 2048Hz.
[1123387.347538] rtc: lost some interrupts at 2048Hz.
which LogWatch "rolls up" as:
1 Time(s): [1123387.327543] rtc: lost some interrupts at 2048Hz.
1 Time(s): [1123387.347538] rtc: lost some interrupts at 2048Hz.
Not. Very. Helpful.
To get around this, so that even if the VMWare-rtc stuff (or anything else) spams my logs, the resulting LogWatch will still be small enough to be generated and mailed to me without boming-out, I changed my
/usr/share/logwatch/scripts/services/kernel
script file as follows:
while (defined(my $ThisLine = <STDIN>)) {
chomp($ThisLine);
next if ($ThisLine eq '');
+ if ($ThisLine =~ /^\s*\[\s*\d+\.\d+\] (.*)$/) {
+ $ThisLine = "[*.*] " . $1;
+ }
if (
# filter out audit messages - these should be parsed by the audit
# service
Now, if my logs get spammed, LogWatch will simply report:
361 Time(s): [*.*] rtc: lost some interrupts at 2048Hz.
No comments:
Post a Comment