** Description changed:
+ [Impact]
+
+ Since the changeover to rsyslogd, logwatch has been looking in the wrong
+ places for the logfiles it's supposed to monitor.
+
+ Logs that used to go to /var/log/daemon.log, /var/log/cron.log, and
+ /var/log/messages, are now being logged to /var/log/syslog. This commit
+ changes configurations in dist.conf/logfiles/ to point to
+ /var/log/syslog.
+
+ [Test Case]
+
+ # lxc launch ubuntu-daily:cosmic tester
+ # lxc exec tester bash
+ # dhclient
+ # apt update
+ # apt dist-upgrade -y
+ # apt install -y logwatch
+
+ # echo "Sep 12 01:41:51 xxxxx named[838]: received control channel command
'refresh example.com'
+ Sep 12 03:34:10 xxxxx smartd[30161]: Monitoring 4 ATA and 0 SCSI devices
+ Sep 12 03:34:11 xxxxx smartd[30161]: Device: /dev/hdc, 463 Currently
unreadable (pending) sectors
+ Sep 12 03:34:11 xxxxx smartd[30161]: Device: /dev/hdc, 1210 Offline
uncorrectable sectors
+ Sep 12 03:34:11 xxxxx smartd[30161]: Device: /dev/hdd, 1430 Currently
unreadable (pending) sectors
+ Sep 12 03:34:11 xxxxx smartd[30161]: Device: /dev/hdd, 1429 Offline
uncorrectable sectors
+ Sep 12 09:00:00 xxxxx afpd[2383]: login noauth" > /var/log/syslog
+
+ # logwatch --detail medium --range all --service named
+ # logwatch --detail medium --range all --service smartd
+ # logwatch --detail medium --range all --service afpd
+
+ * None of these commands will display anything.
+
+ [Regression Potential]
+
+ This has been broken since at least 2011. Logwatch currently doesn't
+ report anything that isn't already pointing to syslog, so there should
+ be no regression potential.
+
+ [Original Description]
+
Binary package hint: logwatch
This on Ubuntu 10.04.2 LTS, logwatch version
7.3.6.cvs20090906-1ubuntu2.1. The default logwatch configuration expects
to find afpd log messages in the 'messages' log file (as per
/usr/share/logwatch/default.conf/services/afpd.conf). afpd is logging to
'syslog', 'daemon' and 'auth' log files on Ubuntu so a Ubuntu-specific
afpd configuration file should be present
(/usr/share/logwatch/dist.conf/services/afpd.conf). That file should
list the correct log files. Here's an example:
Title = "afpd"
- LogFile = syslog
- LogFile = daemon
- LogFile = auth
+ LogFile = syslog
+ LogFile = daemon
+ LogFile = auth
*OnlyService = afpd
*RemoveHeaders
** Changed in: logwatch (Ubuntu)
Status: Confirmed => In Progress
** Description changed:
[Impact]
Since the changeover to rsyslogd, logwatch has been looking in the wrong
places for the logfiles it's supposed to monitor.
Logs that used to go to /var/log/daemon.log, /var/log/cron.log, and
/var/log/messages, are now being logged to /var/log/syslog. This commit
changes configurations in dist.conf/logfiles/ to point to
/var/log/syslog.
[Test Case]
# lxc launch ubuntu-daily:cosmic tester
# lxc exec tester bash
# dhclient
# apt update
# apt dist-upgrade -y
# apt install -y logwatch
# echo "Sep 12 01:41:51 xxxxx named[838]: received control channel command
'refresh example.com'
Sep 12 03:34:10 xxxxx smartd[30161]: Monitoring 4 ATA and 0 SCSI devices
Sep 12 03:34:11 xxxxx smartd[30161]: Device: /dev/hdc, 463 Currently
unreadable (pending) sectors
Sep 12 03:34:11 xxxxx smartd[30161]: Device: /dev/hdc, 1210 Offline
uncorrectable sectors
Sep 12 03:34:11 xxxxx smartd[30161]: Device: /dev/hdd, 1430 Currently
unreadable (pending) sectors
Sep 12 03:34:11 xxxxx smartd[30161]: Device: /dev/hdd, 1429 Offline
uncorrectable sectors
- Sep 12 09:00:00 xxxxx afpd[2383]: login noauth" > /var/log/syslog
+ Sep 12 09:00:00 xxxxx afpd[2383]: login noauth" >> /var/log/syslog
- # logwatch --detail medium --range all --service named
- # logwatch --detail medium --range all --service smartd
- # logwatch --detail medium --range all --service afpd
+ # logwatch --detail medium --range all --service named
+ # logwatch --detail medium --range all --service smartd
+ # logwatch --detail medium --range all --service afpd
* None of these commands will display anything.
[Regression Potential]
This has been broken since at least 2011. Logwatch currently doesn't
report anything that isn't already pointing to syslog, so there should
be no regression potential.
[Original Description]
Binary package hint: logwatch
This on Ubuntu 10.04.2 LTS, logwatch version
7.3.6.cvs20090906-1ubuntu2.1. The default logwatch configuration expects
to find afpd log messages in the 'messages' log file (as per
/usr/share/logwatch/default.conf/services/afpd.conf). afpd is logging to
'syslog', 'daemon' and 'auth' log files on Ubuntu so a Ubuntu-specific
afpd configuration file should be present
(/usr/share/logwatch/dist.conf/services/afpd.conf). That file should
list the correct log files. Here's an example:
Title = "afpd"
LogFile = syslog
LogFile = daemon
LogFile = auth
*OnlyService = afpd
*RemoveHeaders
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/752172
Title:
Logwatch looks for afpd output in "messages", not in log files that
afpd writes to
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/752172/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
