mafflog

A logcheck ignore pattern to filter out shorewall REJECT and DROP entries (net is defined as eth0). /etc/logwatch/ignore.d.server/shorewall:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? Shorewall:net2([a-z0-9]*):(REJECT|DROP)

Test if the regex works for your config:

sed -e 's/[[:space:]]*$//' /var/log/syslog | egrep '^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? Shorewall:net2([a-z0-9]*):(REJECT|DROP)'