I've built lots of Debian servers. They hardly ever fail but when they do I've never had a good enough logging system. So I told myself this time would be different.
I've got Apache2 and MySQL happy and working with Name Based Virtual Hosting.
I've got etckeeper and mysqlbackup and an S3 backup script.
I've got my SSL certs locked down and I've just installed Exim4.
Now comes the 2000 emails from Logcheck from five days of having no mail transport.
And now apparently I need to write a whole bunch of custom rules for Logwatch:
Wait what...
Are you for real?: http://logcheck.org/docs/README.logcheck-database
Apr 6 19:30:24 oempc wwwoffled[11763]: WWWOFFLE Online.
Apr 6 19:31:54 oempc wwwoffled[11763]: WWWOFFLE Offline.
...then the local ignore pattern you need is something like this:
^\w{3} [ :0-9]{11} oempc wwwoffled\[[0-9]+\]: WWWOFFLE (On|Off)line\.$
I just want to be a good little sysadmin and get emails I'm going to actually read about you'know, things that matter.
How do I just get Logwatch to send me "MySQL ran out of memory" or "Apache exploded" rather than 50 pages of this every hour?:
This email is sent by logcheck. If you no longer wish to receive
such mail, you can either deinstall the logcheck package or modify
its configuration file (/etc/logcheck/logcheck.conf).
System Events
=-=-=-=-=-=-=
May 26 18:02:22 Debian6-VPS kernel:
**BAZZILION LINES OF NETWORK INFORMATION THAT I DON'T CARE ABOUT**
P.S. There's nothing in /etc/logcheck/logcheck.conf AHAHAHAHAHAHAHAHA Sigh.