Hi,
Our Scalix server is running fine, but we get a 30MB LogWatch mail delivered to root each day, mainly listing several lines regarding the SIS service.
I would like to either stop the LogWatch completely, or taylor it so it doesn't bring back the lines regarding the SIS (which I assume is doing its thing as the searches are working fine).
What have others done in this situation?
Thanks.
Andrew.
LogWatch on Scalix server
Moderators: ScalixSupport, admin
-
William
- Posts: 314
- Joined: Fri Jun 02, 2006 8:28 am
- Location: British Isles
Hi Andrew,
What version of logwatch are you using?
What detail level of logging do you have set in the conf file?
try reading the first one and editing the second one.
If that does not help try
at "Detail = Med" you only see 404/500 and other errors in the http section of the logwatch emails. Although this tones down all the gory details from all the other inputs to the Logwatch emails.
William.
What version of logwatch are you using?
What detail level of logging do you have set in the conf file?
try reading the first one and editing the second one.
Code: Select all
/usr/share/doc/logwatch-7.3/README
/usr/share/logwatch/default.conf/logwatch.conf
If that does not help try
Code: Select all
/usr/share/logwatch/default.conf/services/http.conf
at "Detail = Med" you only see 404/500 and other errors in the http section of the logwatch emails. Although this tones down all the gory details from all the other inputs to the Logwatch emails.
William.
-
adhodgson
- Posts: 176
- Joined: Thu Mar 02, 2006 8:09 am
Hi,
I already have detail set to low in the conf files. I think the issue is that the HTTPD is returning a different result for the SIS entries, because the messages are not found, or there is something else going on - this is dealt with by the service, but is in the HTTPD log.
Using default RHEL4 Logwatch, files located in /etc/log.d
Thanks.
Andrew.
I already have detail set to low in the conf files. I think the issue is that the HTTPD is returning a different result for the SIS entries, because the messages are not found, or there is something else going on - this is dealt with by the service, but is in the HTTPD log.
Using default RHEL4 Logwatch, files located in /etc/log.d
Thanks.
Andrew.
-
William
- Posts: 314
- Joined: Fri Jun 02, 2006 8:28 am
- Location: British Isles
do you have example log entries?
We have RHEL4 also.
I think we got the updated rpm from here:
http://www2.logwatch.org:81/
We have RHEL4 also.
I think we got the updated rpm from here:
http://www2.logwatch.org:81/
Last edited by William on Thu Jun 28, 2007 8:26 am, edited 1 time in total.
-
ls-al
- Scalix Star
- Posts: 510
- Joined: Tue Jun 29, 2004 8:28 am
- Location: Leipzig, Germany
- Contact:
the solution for the logwatch issue is described here: http://www.scalix.com/forums/viewtopic.php?t=5497&highlight=httpignoreerrorhacks
If you want to disable the SIS logging completely you have to tweak your httpd.conf like this:
HTH
Dirk
If you want to disable the SIS logging completely you have to tweak your httpd.conf like this:
Code: Select all
# CustomLog logs/access_log combined
SetEnvIfNoCase Request_URI ^/sis/indexer/? ban
SetEnvIfNoCase Request_URI ^/sis/admin/? ban
CustomLog logs/access_log combined env=!ban
HTH
Dirk
-
adhodgson
- Posts: 176
- Joined: Thu Mar 02, 2006 8:09 am
Hi,
I am not overly keen on deviating from the standard Redhat packaging. So, I followed the post in the other forum thread, and disabled the logging of errors into the Logwatch scripts. The addition to the HTTPD.conf file regarding not logging the SIS events is quite interesting, because this would enable us to log the possible hack attempts whilst not having so many entries in the emailed output. Our output has now gone down from around 30MB to just under 300K.
Andrew.
I am not overly keen on deviating from the standard Redhat packaging. So, I followed the post in the other forum thread, and disabled the logging of errors into the Logwatch scripts. The addition to the HTTPD.conf file regarding not logging the SIS events is quite interesting, because this would enable us to log the possible hack attempts whilst not having so many entries in the emailed output. Our output has now gone down from around 30MB to just under 300K.
Andrew.
Who is online
Users browsing this forum: No registered users and 1 guest