[Logwatch] logwatch is DOA - need help/suggestions followup with more info

Dale Morin dale at mustanginternetservices.com
Wed Oct 1 16:18:38 MST 2008


> Dale Morin wrote:
>>> On Oct 1, 2008, at 5:40 AM, Dale Morin wrote:
>>>> sh      20692 root  txt    REG    8,1   79988  237599 /bin/dash
>>>>
>>> dash? I chance that is the problem? I'm not familiar with it so that is 
>>> why I ask.
>> Nope, /bin/dash is a lighter-weight version of /bin/bash.
>>
>> The default shell /bin/sh is typically a symlink to /bin/dash.  bash can 
>> be used instead of dash as bash supports everything in dash, but not 
>> vice versa.
>>
>> I don't think this is an issue.
>>
>> Still need help!
> 
> You need help indeed. But if it is offered you dismiss it before you
> even try.
> 
> Go back to using bash. This is not the first case where I have seen dash
> fail to do a job properly. So it must be taken out as part of the
> troubleshooting procedure.

I altered the /bin/sh symlink to point to /bin/bash instead of 
/bin/dash.  Here are the relevant lines from /bin:

0> ls -l | grep ash
-rwxr-xr-x 1 root root 702160 2008-05-12 13:33 bash
-rwxr-xr-x 1 root root  79988 2008-03-12 06:22 dash
lrwxrwxrwx 1 root root      4 2008-08-25 10:29 rbash -> bash
lrwxrwxrwx 1 root root      4 2008-10-01 18:03 sh -> bash
lrwxrwxrwx 1 root root      4 2008-08-25 10:29 sh.distrib -> bash

Then, I reran the command line I had used before.  There is no 
difference in the behavior, but for completeness, here is the output:

0> logwatch --service named --range yesterday --detail high --print 
--debug 100

Command Line Parameters:
    Log File List:

    Service List:
[0] = named

Config After Command Line Parsing:
mailer -> /usr/sbin/sendmail -t
tmpdir -> /tmp
pathtocat -> cat
range -> yesterday
hostname -> ns4
logdir -> /var/log
encode -> 0
print -> 1
save ->
archives -> 1
pathtozcat -> zcat
html_footer -> /usr/share/logwatch/default.conf/html/footer.html
debug -> 100
splithosts -> 0
mailto -> admins at mustanginternetservices.com
mailfrom -> root
pathtobzcat -> bzcat
output -> unformatted
html_header -> /usr/share/logwatch/default.conf/html/header.html
detail -> 10
html_wrap -> 80
multiemail -> 0
numeric -> 0
Service List:
[0] = all
[1] = -boundips
[2] = -chkrootkit
[3] = -rkhunter
[4] = -sec_action
[5] = -serverload
[6] = -tripwire
[7] = -vnstat
[8] = -zz-network
[9] = -zz-sys
[10] = -eximstats

LogFile List:



Config After Everything:
mailer -> /usr/sbin/sendmail -t
tmpdir -> /tmp
pathtocat -> cat
range -> yesterday
hostname -> ns4
logdir -> /var/log
encode -> 0
print -> 1
save ->
archives -> 1
pathtozcat -> zcat
html_footer -> /usr/share/logwatch/default.conf/html/footer.html
debug -> 100
splithosts -> 0
mailto -> admins at mustanginternetservices.com
mailfrom -> root
pathtobzcat -> bzcat
output -> unformatted
html_header -> /usr/share/logwatch/default.conf/html/header.html
detail -> 10
html_wrap -> 80
multiemail -> 0
numeric -> 0
Service List:
[0] = named

LogFile List:


THERE IS NO FURTHER OUTPUT.


Then I ran "ps -efl | grep logw", here is the output:

0 R root     22840 22794 42  85   0 -  1889 -      18:15 pts/0 
00:00:30 /usr/bin/perl -w /usr/sbin/logwatch --service named --range 
yesterday --detail high --print --debug 100
0 R root     22873 22847  0  78   0 -   764 -      18:16 pts/1 
00:00:00 grep logw


Then I ran "lsof -p 22840", here is the output:

COMMAND    PID USER   FD   TYPE DEVICE    SIZE   NODE NAME
logwatch 22840 root  cwd    DIR    8,1    4096 237569 /bin
logwatch 22840 root  rtd    DIR    8,1    4096      2 /
logwatch 22840 root  txt    REG    8,1 1080468  41505 /usr/bin/perl
logwatch 22840 root  mem    REG    8,1 1364388 196917 
/lib/tls/i686/cmov/libc-2.7.so
logwatch 22840 root  mem    REG    8,1    9684 196937 
/lib/tls/i686/cmov/libdl-2.7.so
logwatch 22840 root  mem    REG    8,1   15580  42341 
/usr/lib/perl/5.8.8/auto/IO/IO.so
logwatch 22840 root  mem    REG    8,1   38300 196925 
/lib/tls/i686/cmov/libcrypt-2.7.so
logwatch 22840 root  mem    REG    8,1  149328 199013 
/lib/tls/i686/cmov/libm-2.7.so
logwatch 22840 root  mem    REG    8,1  112354 199023 
/lib/tls/i686/cmov/libpthread-2.7.so
logwatch 22840 root  mem    REG    8,1   12412  42330 
/usr/lib/perl/5.8.8/auto/Fcntl/Fcntl.so
logwatch 22840 root  mem    REG    8,1   18008  42332 
/usr/lib/perl/5.8.8/auto/File/Glob/Glob.so
logwatch 22840 root  mem    REG    8,1  110836  42355 
/usr/lib/perl/5.8.8/auto/POSIX/POSIX.so
logwatch 22840 root  mem    REG    8,1  109152 196927 /lib/ld-2.7.so
logwatch 22840 root  mem    REG    8,1 1265856  42064 
/usr/lib/locale/locale-archive
logwatch 22840 root    0u   CHR  136,0              2 /dev/pts/0
logwatch 22840 root    1u   CHR  136,0              2 /dev/pts/0
logwatch 22840 root    2u   CHR  136,0              2 /dev/pts/0
logwatch 22840 root    3r   DIR    8,1   12288  98929 
/usr/share/logwatch/default.conf/services


Any further suggestions?

Thanks in advance.


-- 
Dale Morin, Mustang Internet Services, Inc.



More information about the Logwatch mailing list