[Logwatch-Devel] Fwd: suggestion to handle stock Fedora 8 logrotate changed extension on archived log files

Bjorn L. bl_logwatch2 at mblmail.net
Mon Feb 11 18:32:42 MST 2008


Would this work?

      @TempLogFileList = sort{
         (stat($a))[9] <=> (stat($b))[9];
        }(glob($dir . $ReadConfigValues[$i]));

where stat returns an array, the ninth index of which is the modified time.

Then the issue of which files to sort on is left to the config file, 
which is currently messages.* for the "messages" logfile, or cron.* for 
the cron logfile.

Also, a question:  is the new format only for archived log files, or 
does it also apply to the current log file?



MrC wrote:
>> ---------- Forwarded message ----------
>> From: Damon Hart 
>> Date: Mon, Feb 11, 2008 at 5:44 AM
>> Subject: suggestion to handle stock Fedora 8 logrotate changed
>> extension on archived log files
>> To: logwatch-suggestions at logwatch.org
>>
>>
>> Following up on some items I found missing in my logwatch daily recap
>>  email, I see that events occurring prior to log rotation were not
>>  reflected in logwatch. Comparing different machines, it looks like this
>>  problem occurs (in my case) only on Fedora 8 (vs earlier Fedora
>>  revisions.) Further poking around suggests that the problem arises
>>  because of the stock Fedora 8 logrotate convention for naming archived
>>  log files. These filenames are now:
>>
>>  messages.20080210
>>  messages.20080203
>>  messages.20080127
>>  messages.20080120
>>
>>  instead of the prior convention:
>>
>>  messages.1
>>  messages.2
>>  messages.3
>>  messages.4
>>
>>  and similarly for other log files. The slight wrinkle in handling this
>>  from a logwatch programmers point of view is that a filename sort
>>  (alphabetical) will result in a oldest to newest ordering instead of
>>  newest to oldest.
> 
> It's actually more broken than this.  Logwatch assumes that less then 10 
> archives are kept.  In debugging this, I just discovered that 16 archive 
> files are concatenated as:
> 
>    Archive: /var/log/cron.9
>    Archive: /var/log/cron.8
>    Archive: /var/log/cron.7
>    Archive: /var/log/cron.6
>    Archive: /var/log/cron.5
>    Archive: /var/log/cron.4
>    Archive: /var/log/cron.3
>    Archive: /var/log/cron.2
>    Archive: /var/log/cron.16
>    Archive: /var/log/cron.15
>    Archive: /var/log/cron.14
>    Archive: /var/log/cron.13
>    Archive: /var/log/cron.12
>    Archive: /var/log/cron.11
>    Archive: /var/log/cron.10
>    Archive: /var/log/cron.1
> 
> The order is obtained by performing a simple reversed glob (from 
> scripts/logwatch.pl):
> 
>    # We glob to obtain filenames.  We reverse in case
>    # we use the decimal suffix (.0, .1, etc.) in filenames
>    @TempLogFileList = reverse(glob($dir . $ReadConfigValues[$i]));
> 
> This is simply incorrect, the reliance being on the order returned from 
> the glob function.  The reverse() should be replaced with a sort(). 
> However, the sort comparator function would need to be configurable as 
> logfile archive suffixes can be arbitrary.  This sort replacement 
> (replacing the reverse call) would solve both more than 9 archives, and 
> your date-based case, but is still limited (assumes a dot archive suffix 
> delimiter, for example):
> 
>     @TempLogFileList = sort{
>          ($b =~ /\.(\d+)$/)[0] <=> ($a =~ /\.(\d+)$/)[0]
>               ||
>           uc($a) cmp  uc($b)
>       }(glob($dir . $ReadConfigValues[$i]));
> 
> Now we see:
>    Archive: /var/log/cron.16
>    Archive: /var/log/cron.15
>    Archive: /var/log/cron.14
>    Archive: /var/log/cron.13
>    Archive: /var/log/cron.12
>    Archive: /var/log/cron.11
>    Archive: /var/log/cron.10
>    Archive: /var/log/cron.9
>    Archive: /var/log/cron.8
>    Archive: /var/log/cron.7
>    Archive: /var/log/cron.6
>    Archive: /var/log/cron.5
>    Archive: /var/log/cron.4
>    Archive: /var/log/cron.3
>    Archive: /var/log/cron.2
>    Archive: /var/log/cron.1
> 
> and in your case:
> 
>    Archive: /var/log/messages.20080210
>    Archive: /var/log/messages.20080203
>    Archive: /var/log/messages.20080127
>    Archive: /var/log/messages.20080120
> 
> MrC
> 
> 
> 
> 
> 
> _______________________________________________
> Logwatch-Devel mailing list
> Logwatch-Devel at logwatch.org
> http://www2.list.logwatch.org:81/mailman/listinfo/logwatch-devel


More information about the Logwatch-Devel mailing list