0

I've just started implementing NGINX rate limiting, and need to monitor when rate limiting is actually happening on a server. I found out Logwatch will send daily logs by email which sounds perfect. What I would really like to do is just monitor specific http codes, such as 503 service unavailable, and ignore 404 errors which are monitored by other software.

The problem is that Logwatch is always giving me the same log summary, no-matter which level of detail I specify. I get the same output from the following two commands:

sudo logwatch --service http --detail 0
sudo logwatch --service http --detail 10

This means I get every single 404 error, which is just noise. I want to be able to see critical errors, which is what the --detail option normally provides.

Notes:

  • I double checked that other services (e.g. sudo logwatch --service rsnapshot --detail 1 vs 10 do give different levels of detail when using the --detail option, and yes they do.
  • I haven't created any custom service configuration files
  • When I try to look at the http-error log using sudo logwatch --service http-error --detail 10 there is nothing in the report at all, which I wasn't expecting. The file /var/log/nginx/error.log has got plenty of errors covering both today and yesterday.
  • This answer explains how to configure Logwatch services, but I can't get on with that until I understand what the problem is with Logwatch's handling of NGINX logs.
Kit Johnson
  • 131
  • 5
  • Does this answer your question? [Linux: logwatch(8) is too noisy. How can I control the noise level?](https://serverfault.com/questions/293226/linux-logwatch8-is-too-noisy-how-can-i-control-the-noise-level) – djdomi Sep 26 '22 at 05:15
  • @djdomi I had already read that in detail. It's related, but doesn't help understand why Logwatch won't give any report from the NGINX error log, or why it it won't distinguish detail level (no difference between 0 and 10) for the http service. – Kit Johnson Sep 27 '22 at 04:28

0 Answers0