Scalix Forums

Hi,

Our Scalix server is running fine, but we get a 30MB LogWatch mail delivered to root each day, mainly listing several lines regarding the SIS service.

I would like to either stop the LogWatch completely, or taylor it so it doesn't bring back the lines regarding the SIS (which I assume is doing its thing as the searches are working fine).

What have others done in this situation?

Thanks.
Andrew.

Hi Andrew,

What version of logwatch are you using?
What detail level of logging do you have set in the conf file?

try reading the first one and editing the second one.

If that does not help try

at "Detail = Med" you only see 404/500 and other errors in the http section of the logwatch emails. Although this tones down all the gory details from all the other inputs to the Logwatch emails.

William.

Hi,

I already have detail set to low in the conf files. I think the issue is that the HTTPD is returning a different result for the SIS entries, because the messages are not found, or there is something else going on - this is dealt with by the service, but is in the HTTPD log.

Using default RHEL4 Logwatch, files located in /etc/log.d

Thanks.
Andrew.

do you have example log entries?

We have RHEL4 also.
I think we got the updated rpm from here:
http://www2.logwatch.org:81/

the solution for the logwatch issue is described here: http://www.scalix.com/forums/viewtopic.php?t=5497&highlight=httpignoreerrorhacks

If you want to disable the SIS logging completely you have to tweak your httpd.conf like this:



HTH
Dirk

Hi,

I am not overly keen on deviating from the standard Redhat packaging. So, I followed the post in the other forum thread, and disabled the logging of errors into the Logwatch scripts. The addition to the HTTPD.conf file regarding not logging the SIS events is quite interesting, because this would enable us to log the possible hack attempts whilst not having so many entries in the emailed output. Our output has now gone down from around 30MB to just under 300K.

Andrew.