[Logwatch] Logwatch and FreeBSD

Marty Hoff martang at clearcommerce.com
Wed Aug 18 08:00:27 MST 2004


On Tue, 17 Aug 2004, Jason Williams wrote:

> Customizing it was pretty simple. I just needed to make a few 
> adjustments to path locations, as well as specify in logwatch.pl the 
> location of the directory that I set up. I was very pleased to see that 
> there was a Mailscanner filter. I use mailscanner for our company mail 
> gateway server and the idea of getting daily mailscanner logs sent to 
> me was extremely appealing.
>
> Just a few quick questions though.
>
> 1.) I don't need all the services to be scanned on my system. I only
> have a
> few logs thought I would like to be parsed on my mailgateway server.
> These are:
>
> -mailscanner
> -sendmail
> -kernel
> -clamav
> -clam-update
> -sshd, sshd2
> -syslogd
>
> It appears that I can probably just list these in the logwatch.conf 
> file correct? Then, only those will be used when the script is run, is 
> what I am guessing.

Yes, I believe that is correct.

> Secondly, when I initially put this on my test machine, I just ran the 
> script with 'All' specified just to see what was going on. To my 
> surprise, not a whole lot showed up. I did find out that I needed to 
> install gawk from the ports tree, but that was not a problem.

Check what level of detail you have set in logwatch.conf.  This controls 
what sort of messages get reported and in how much detail.

> Anyway, i've tried a few different settings and things and I think for 
> the most part logwatch is written for Linux. When I run the script for 
> 'All' services and 'All' days, here is a sample of the output:
>
> First, if I just run the Logwatch.pl script from the command line, just
> executing ./logwatch.pl, I get this output:
>
> readline() on closed filehandle TESTFILE at ./logwatch.pl line 745.
>
> I then check my mail, and here are a few pieces of it (not sure if this 
> is correct, but it doesn't give output from all the files)

Are you running logwatch as your user or as root?  Many of the logfiles 
are protected from being read by non-root users, so this tool is really 
meant to be run by root.  Either that or make sure that all of your log 
files are readable by which ever you use to run logwatch.

>  --------------------- IMAP Begin ------------------------
>
> /usr/local/etc/logwatch/scripts/services/imapd: permission denied
>
>
>  --------------------- sendmail Begin ------------------------
>
>
>
> Bytes Transferred: 6645482
> Messages Sent:     316
> Total recipients:  316
>
> 2 messages returned after 4 hours
>
> 53 messages returned after 5 days
>
> Top relays (recipients/connections - min 10 rcpts, max 50 lines):
>     308/308: localhost.courtesy.com [127.0.0.1]
>
>  ---------------------- sendmail End -------------------------


Hmm, the stuff below here looks a little fishy.  What type of Linux 
distro are you using?  What version of perl do you have installed?  It 
looks like you are definitely hitting some problem here but I'm betting 
it is related to the version of tools you have installed on your system.

  >
> ls: illegal option -- S
> usage: ls [-ABCFGHLPRTWabcdfghiklnoqrstu1] [file ...]
>
>  --------------------- SSHD Begin ------------------------
>
> Use of uninitialized value in hash element at
> /usr/local/etc/logwatch/scripts/services/sshd line 174, <STDIN> line 1.
> Use of uninitialized value in hash element at
> /usr/local/etc/logwatch/scripts/services/sshd line 174, <STDIN> line 2.
> Use of uninitialized value in hash element at
> /usr/local/etc/logwatch/scripts/services/sshd line 174, <STDIN> line 3.
> Use of uninitialized value in hash element at
> /usr/local/etc/logwatch/scripts/services/sshd line 174, <STDIN> line 4.
>
> Cannot release PAM authentication:
>     : 4 Time(s)
>
> The other bit I noticed is that it did not parse my apache logs (located
> in
> /var/log/httpd- )
>
> Anyway, I was hoping for a little feedback and suggestions on logwatch
> and
> the issues I am working with.
>
> I appreciate the help and look forward to responses.
>
> Cheers,
>
> Jason
>
>
>
>
> _______________________________________________
> Logwatch mailing list
> Logwatch at logwatch.org
> http://www2.list.logwatch.org:81/lists/listinfo/logwatch
>

--------------------------------------------
Marty Hoff                   martang at clearcommerce.com 
UNIX Administrator           ClearCommerce Corp.

Always remember you're unique, just like everyone else.


More information about the Logwatch mailing list