[Logwatch] logwatch is DOA - need help/suggestions followup with more info

MrC lists-logwatch at cappella.us
Wed Oct 1 18:25:19 MST 2008



Dale Morin wrote:
>> Dale Morin wrote:
>>>> On Oct 1, 2008, at 5:40 AM, Dale Morin wrote:
>>>>> sh      20692 root  txt    REG    8,1   79988  237599 /bin/dash
>>>>>
>>>> dash? I chance that is the problem? I'm not familiar with it so that is 
>>>> why I ask.
>>> Nope, /bin/dash is a lighter-weight version of /bin/bash.
>>>
>>> The default shell /bin/sh is typically a symlink to /bin/dash.  bash can 
>>> be used instead of dash as bash supports everything in dash, but not 
>>> vice versa.
>>>
>>> I don't think this is an issue.
>>>
>>> Still need help!

I see your LogFile list is empty.  I don't have the ability to run
logwatch currently so can't check the debug output and don't recall what
should be listed.

Show the output of the logwatch process (and its children) from:

   ps -eflx

Run logwatch under strace -f to see what logwatch (or its called
programs) is waiting on.


>> You need help indeed. But if it is offered you dismiss it before you
>> even try.
>>
>> Go back to using bash. This is not the first case where I have seen dash
>> fail to do a job properly. So it must be taken out as part of the
>> troubleshooting procedure.
> 
> I altered the /bin/sh symlink to point to /bin/bash instead of 
> /bin/dash.  Here are the relevant lines from /bin:
> 
> 0> ls -l | grep ash
> -rwxr-xr-x 1 root root 702160 2008-05-12 13:33 bash
> -rwxr-xr-x 1 root root  79988 2008-03-12 06:22 dash
> lrwxrwxrwx 1 root root      4 2008-08-25 10:29 rbash -> bash
> lrwxrwxrwx 1 root root      4 2008-10-01 18:03 sh -> bash
> lrwxrwxrwx 1 root root      4 2008-08-25 10:29 sh.distrib -> bash
> 
> Then, I reran the command line I had used before.  There is no 
> difference in the behavior, but for completeness, here is the output:
> 
> 0> logwatch --service named --range yesterday --detail high --print 
> --debug 100
> 
> Command Line Parameters:
>     Log File List:
> 
>     Service List:
> [0] = named
> 
> Config After Command Line Parsing:
> mailer -> /usr/sbin/sendmail -t
> tmpdir -> /tmp
> pathtocat -> cat
> range -> yesterday
> hostname -> ns4
> logdir -> /var/log
> encode -> 0
> print -> 1
> save ->
> archives -> 1
> pathtozcat -> zcat
> html_footer -> /usr/share/logwatch/default.conf/html/footer.html
> debug -> 100
> splithosts -> 0
> mailto -> admins at mustanginternetservices.com
> mailfrom -> root
> pathtobzcat -> bzcat
> output -> unformatted
> html_header -> /usr/share/logwatch/default.conf/html/header.html
> detail -> 10
> html_wrap -> 80
> multiemail -> 0
> numeric -> 0
> Service List:
> [0] = all
> [1] = -boundips
> [2] = -chkrootkit
> [3] = -rkhunter
> [4] = -sec_action
> [5] = -serverload
> [6] = -tripwire
> [7] = -vnstat
> [8] = -zz-network
> [9] = -zz-sys
> [10] = -eximstats
> 
> LogFile List:
> 
> 
> 
> Config After Everything:
> mailer -> /usr/sbin/sendmail -t
> tmpdir -> /tmp
> pathtocat -> cat
> range -> yesterday
> hostname -> ns4
> logdir -> /var/log
> encode -> 0
> print -> 1
> save ->
> archives -> 1
> pathtozcat -> zcat
> html_footer -> /usr/share/logwatch/default.conf/html/footer.html
> debug -> 100
> splithosts -> 0
> mailto -> admins at mustanginternetservices.com
> mailfrom -> root
> pathtobzcat -> bzcat
> output -> unformatted
> html_header -> /usr/share/logwatch/default.conf/html/header.html
> detail -> 10
> html_wrap -> 80
> multiemail -> 0
> numeric -> 0
> Service List:
> [0] = named
> 
> LogFile List:
> 
> 
> THERE IS NO FURTHER OUTPUT.
> 
> 
> Then I ran "ps -efl | grep logw", here is the output:
> 
> 0 R root     22840 22794 42  85   0 -  1889 -      18:15 pts/0 
> 00:00:30 /usr/bin/perl -w /usr/sbin/logwatch --service named --range 
> yesterday --detail high --print --debug 100
> 0 R root     22873 22847  0  78   0 -   764 -      18:16 pts/1 
> 00:00:00 grep logw
> 
> 
> Then I ran "lsof -p 22840", here is the output:
> 
> COMMAND    PID USER   FD   TYPE DEVICE    SIZE   NODE NAME
> logwatch 22840 root  cwd    DIR    8,1    4096 237569 /bin
> logwatch 22840 root  rtd    DIR    8,1    4096      2 /
> logwatch 22840 root  txt    REG    8,1 1080468  41505 /usr/bin/perl
> logwatch 22840 root  mem    REG    8,1 1364388 196917 
> /lib/tls/i686/cmov/libc-2.7.so
> logwatch 22840 root  mem    REG    8,1    9684 196937 
> /lib/tls/i686/cmov/libdl-2.7.so
> logwatch 22840 root  mem    REG    8,1   15580  42341 
> /usr/lib/perl/5.8.8/auto/IO/IO.so
> logwatch 22840 root  mem    REG    8,1   38300 196925 
> /lib/tls/i686/cmov/libcrypt-2.7.so
> logwatch 22840 root  mem    REG    8,1  149328 199013 
> /lib/tls/i686/cmov/libm-2.7.so
> logwatch 22840 root  mem    REG    8,1  112354 199023 
> /lib/tls/i686/cmov/libpthread-2.7.so
> logwatch 22840 root  mem    REG    8,1   12412  42330 
> /usr/lib/perl/5.8.8/auto/Fcntl/Fcntl.so
> logwatch 22840 root  mem    REG    8,1   18008  42332 
> /usr/lib/perl/5.8.8/auto/File/Glob/Glob.so
> logwatch 22840 root  mem    REG    8,1  110836  42355 
> /usr/lib/perl/5.8.8/auto/POSIX/POSIX.so
> logwatch 22840 root  mem    REG    8,1  109152 196927 /lib/ld-2.7.so
> logwatch 22840 root  mem    REG    8,1 1265856  42064 
> /usr/lib/locale/locale-archive
> logwatch 22840 root    0u   CHR  136,0              2 /dev/pts/0
> logwatch 22840 root    1u   CHR  136,0              2 /dev/pts/0
> logwatch 22840 root    2u   CHR  136,0              2 /dev/pts/0
> logwatch 22840 root    3r   DIR    8,1   12288  98929 
> /usr/share/logwatch/default.conf/services
> 
> 
> Any further suggestions?
> 
> Thanks in advance.
> 
> 


More information about the Logwatch mailing list