logwatch is a system log analyzer and reporter which emails daily reports about information in the system log files in /log. On CentOS and Red Hat Enterprise Linux this is usually configured by default to email the root user on a daily basis with the results from the log analysis. This post looks at how to stop logwatch from reporting on a particular service, for example sendmail and postfix.
The configuration files for logwatch on CentOS are stored at /etc/logwatch. The subdirectories and configuration files at this location are empty to start with and override the default settings, so you can safely add your own settings to these files without causing issues to the defaults. Simply remove your changes from these files at a later stage and you will restore the default behaviour.
To prevent logwatch from reporting on a particular service, for example sendmail or postfix, open up the following configuration file:
/etc/logwatch/conf/logwatch.conf
and add the following to the end of it to pevent log analysis of sendmail:
Service = "-sendmail"
or postfix:
Service = "-postfix"
The next time logwatch is run it will no longer report on the services with a "-" entry. You can do a test run of logwatch at any time by running the following on a CentOS or RHEL machine:
/etc/cron.daily/0logwatch
You do not need to restart any services for your configuration changes to take effect; they will be used the next time logwatch is run.
