[Logwatch-Devel] Fwd: suggestion to handle stock Fedora 8 logrotate changed extension on archived log files

MrC lists-logwatch at cappella.us
Mon Feb 11 16:43:10 MST 2008


> ---------- Forwarded message ----------
> From: Damon Hart 
> Date: Mon, Feb 11, 2008 at 5:44 AM
> Subject: suggestion to handle stock Fedora 8 logrotate changed
> extension on archived log files
> To: logwatch-suggestions at logwatch.org
> 
> 
> Following up on some items I found missing in my logwatch daily recap
>  email, I see that events occurring prior to log rotation were not
>  reflected in logwatch. Comparing different machines, it looks like this
>  problem occurs (in my case) only on Fedora 8 (vs earlier Fedora
>  revisions.) Further poking around suggests that the problem arises
>  because of the stock Fedora 8 logrotate convention for naming archived
>  log files. These filenames are now:
> 
>  messages.20080210
>  messages.20080203
>  messages.20080127
>  messages.20080120
> 
>  instead of the prior convention:
> 
>  messages.1
>  messages.2
>  messages.3
>  messages.4
> 
>  and similarly for other log files. The slight wrinkle in handling this
>  from a logwatch programmers point of view is that a filename sort
>  (alphabetical) will result in a oldest to newest ordering instead of
>  newest to oldest.

It's actually more broken than this.  Logwatch assumes that less then 10 
archives are kept.  In debugging this, I just discovered that 16 archive 
files are concatenated as:

   Archive: /var/log/cron.9
   Archive: /var/log/cron.8
   Archive: /var/log/cron.7
   Archive: /var/log/cron.6
   Archive: /var/log/cron.5
   Archive: /var/log/cron.4
   Archive: /var/log/cron.3
   Archive: /var/log/cron.2
   Archive: /var/log/cron.16
   Archive: /var/log/cron.15
   Archive: /var/log/cron.14
   Archive: /var/log/cron.13
   Archive: /var/log/cron.12
   Archive: /var/log/cron.11
   Archive: /var/log/cron.10
   Archive: /var/log/cron.1

The order is obtained by performing a simple reversed glob (from 
scripts/logwatch.pl):

   # We glob to obtain filenames.  We reverse in case
   # we use the decimal suffix (.0, .1, etc.) in filenames
   @TempLogFileList = reverse(glob($dir . $ReadConfigValues[$i]));

This is simply incorrect, the reliance being on the order returned from 
the glob function.  The reverse() should be replaced with a sort(). 
However, the sort comparator function would need to be configurable as 
logfile archive suffixes can be arbitrary.  This sort replacement 
(replacing the reverse call) would solve both more than 9 archives, and 
your date-based case, but is still limited (assumes a dot archive suffix 
delimiter, for example):

    @TempLogFileList = sort{
         ($b =~ /\.(\d+)$/)[0] <=> ($a =~ /\.(\d+)$/)[0]
              ||
          uc($a) cmp  uc($b)
      }(glob($dir . $ReadConfigValues[$i]));

Now we see:
   Archive: /var/log/cron.16
   Archive: /var/log/cron.15
   Archive: /var/log/cron.14
   Archive: /var/log/cron.13
   Archive: /var/log/cron.12
   Archive: /var/log/cron.11
   Archive: /var/log/cron.10
   Archive: /var/log/cron.9
   Archive: /var/log/cron.8
   Archive: /var/log/cron.7
   Archive: /var/log/cron.6
   Archive: /var/log/cron.5
   Archive: /var/log/cron.4
   Archive: /var/log/cron.3
   Archive: /var/log/cron.2
   Archive: /var/log/cron.1

and in your case:

   Archive: /var/log/messages.20080210
   Archive: /var/log/messages.20080203
   Archive: /var/log/messages.20080127
   Archive: /var/log/messages.20080120

MrC







More information about the Logwatch-Devel mailing list