trimming the logging

Denis Beauchemin Denis.Beauchemin at USHERBROOKE.CA
Mon Dec 12 15:06:57 GMT 2005

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Craig White wrote:

>I get LogWatch every day and because of the mail volume, it is
>punitively large.
>**Unmatched Entries**
> I get thousands of these types of entries (undoubtedly 1 for each email
>   4D7A424F84A.3BCBB to C57F424F84B : 1 Time(s)
>and one of these for each email (postfix MTA - mail pulled down by
>**Unmatched Entries**
>E6D0124F84C: hold: header Received: from unknown by CryptoWall via
>esmtpp (Version id /var/KryptoWall/smtpp/kwzNGUFt;
>Sat Dec 10 01:59:47 2005 from localhost.localdomain[];
>to=<craig at> proto=ESMTP helo=<localhost>
>and thus today's LogWatch was 9.1 megabytes which is painful to look at.
>Are there any suggestions to minimize all this?

Logwatch is just a bunch of Perl scripts.  I have customized many to my 
liking.  MS' resides in /etc/log.d/scripts/services/mailscanner.  Most 
scripts have an "ignore this" section near the top of the main look.  
Just add some regex there to ignore your log entries or duplicate some 
code that counts your log entries.

After any modification I check the code for typos:
perl -I /etc/log.d/lib/ -c /etc/log.d/scripts/services/mailscanner


  °v°   Denis Beauchemin, analyste
 /(_)\  Université de Sherbrooke, S.T.I.
  ^ ^   T: 819.821.8000x2252 F: 819.821.8045

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki ( and
the archives (

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list