Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 93240 - sys-apps/logwatch doesn't analyze all logs generated by "hardened" syslog-ng
Summary: sys-apps/logwatch doesn't analyze all logs generated by "hardened" syslog-ng
Status: RESOLVED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Hardened (show other bugs)
Hardware: All Linux
: High enhancement (vote)
Assignee: The Gentoo Linux Hardened Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-05-19 12:54 UTC by Felix Tiede
Modified: 2009-12-31 02:14 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Patch to logwatch-6.0.2 config, using "hardened" syslog-ng's log-files (logwatch-6.0.2-conf.patch,6.04 KB, patch)
2005-05-19 13:09 UTC, Felix Tiede 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Tiede 2005-05-19 12:54:20 UTC 
With update to 1.6.7 syslog-ng learned about "hardened" and with this USE-flag
active, it produces a lot more logfiles than just /var/log/messages.
Unfortunately, some of them are not analyzed by logwatch, such as
/var/log/mail.*, since logwatch doesn't know about them.

I see two ways to work around it: Either hardened syslog-ng uses logfiles known
to logwatch or logwatch learns about the files used by hardened syslog-ng.

I chose the latter way for my installation, a patch will follow.

My request is, that logwatch also gets a hardened USE-flag so it can analyze
log-files produced by hardened syslog-ng. Maybe a patch will be applied to
logwatch depending on whether hardened is set or unset.

Reproducible: Always
Steps to Reproduce:
1. Install >=syslog-ng-1.6.7 with USE="hardened"
2. Install >=logwatch-6.0.2
3. Produce some log, e.g. postfix in mail.log
4. Run logwatch
Actual Results:  
mail.log is not analyzed, no information about postfix' activities are printed.

Expected Results:  
logwatch should analyze mail.log and print information about what postfix has
done in the specified range of time.
Comment 1 Felix Tiede 2005-05-19 13:09:54 UTC 
Created attachment 59318 [details, diff]
Patch to logwatch-6.0.2 config, using "hardened" syslog-ng's log-files

This is the patch which gets my installation of logwatch-6.0.2 to work with my
installation of "hardened" syslog-ng-1.6.7.

Since logwatch is not very well documented (or I simply didn't find the
documentation) someone should take a look at it and correct it, before using.
Especially the part about daemon.conf and kern.conf is based on guessing.
Comment 2 solar (RETIRED) gentoo-dev 2005-05-19 13:30:29 UTC 
I've never used this program but I've got a question about 
/etc/log.d/conf/logfiles/kern.conf 
do you really need to filter talkd and a few of these other ones? 
only stuff that should be in kern.log is whatever goes dmesg 3
Comment 3 Felix Tiede 2005-05-19 13:34:46 UTC 
That's why I said it's based on guessing - I've copied message.conf, changed
what I thought was necessary to change and left everything else untouched.
Comment 4 Daniel Webert 2007-01-03 13:15:01 UTC 
can we close this one because there is no more logwatch-6.x in-tree?
Comment 5 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2007-01-15 21:18:24 UTC 
this is still an issue with logwatch 7.x.
Comment 6 Jory A. Pratt gentoo-dev 2009-12-31 01:50:27 UTC 
(In reply to comment #5)
> this is still an issue with logwatch 7.x.
> 

If this is still an issue speak up so we can prioritize bugs to get them resolved. If not please close or request bug be closed.
Comment 7 Rajiv Aaron Manglani (RETIRED) gentoo-dev 2009-12-31 02:14:10 UTC 
i dont use hardened anymore.