I’m using logwatch on my OpenSuse Leap (now 15.5) VPS. Default zypper installation, unchanged.
Works fine, for years, just one nice to have issue:
I’ve set “Detail Level of Output” to 0 (as few as possible), just to get a daily report of the most important events, summarized.
Works fine for HTTPD (Apache), Postfix etc.
BUT Flooding me with:
each and every dropped package for iptables and
each and every denied illegal user etc. for sshd
Any hints to get rid of these a little too granular for level 0 details in logwatch? AFAIK I could prevent at least dropped packages to be logged by iptables, but I would like to keep them logged, just in case, only not listed logwatch.
/etc/logwatch/conf/ignore.conf prevents the lines captured by regex from being included in logwatch’s output, but also adds a line “# Ignored Lines”, many thousands in my case, to inform.
(remark: took me a while to find out that my regex
^.*From.* packe(t|ts) to.*$
will NOT be succesful when tested with “grep” on bash… whyever. Tried also, as some stackexchange threads pointed into this direction, with some backslashes, before (,),|. Nothing works for grep, no matches. But as it worked e.g. on https://regex101.com/, I tried for logwatch, and as said: works perfectly )
I’m really sorry. My bad. I sent you the wrong url, and now I’ve lost the original. I was working on another regexp on the command line to be used in a small script. I was just fiddling around with a grep -E /var/log/messages.