Let’s say you’ve got a logwatch report and the report throws 100’s of lines that aren’t really important, say ftp sessions opened by a application you know and have configured yourself.
Well the way to exclude these from the report is to edit the /etc/logwatch/conf/ignore.conf file!
Simply enter the matching string (i.e. IP address) in this file and the 100’s of lines will be history.
Simple