On Sun, 2005-01-09 at 08:29, Harry Putnam wrote: > Saying it can be made to `report what you want' is quite a big > exaggeration. You can edit the existing filters to prune things you're not interested in. Not as simple as dropping a regex into a config file but it's doable. > Leaving the dates and times out of reported lines is really not what I > want to see either. Something logwatch does by default I guess. > I can't imagine when that would ever be usefull. It's always useful. The goal is to reduce the number of lines you have to read. By eliminating dates and times, logwatch can just return a count of identical lines instead of returning each line. > Assuming logwatch > actually reported something worth my attention, I'm almost certainly > going to want to know EXACTLY when it happened. And Exactly which log > it was reported in. logwatch tells you which log it was in by the header. If there's an entry needing attention you can go to that host and look for it in the logs. You could do what I did and write your own script to pull out the information you want from whatever logs you're interested in. To get started try this: grep -vEf $excl /var/log/messages (where $excl is a file of exclude patterns). or without the v, grep with a file of include patterns. Then you can just add patterns to the exclude/include file until you're getting all and only the information you want. -- Ian