logcheck is a utility similar to logsentry, but has larger set of rules and is a bit easier to configure (preset reporting levels - workstation, server and paranoid). I suggest app-admin/logcheck.
Created attachment 68367 [details] logcheck-1.2.41.ebuild
Please fix the following and reopen: * http://dev.gentoo.org/~ciaranm/docs/mw-faq/toolong.txt * http://dev.gentoo.org/~ciaranm/docs/mw-faq/redundant.txt (src_unpack) * no need to cd ${S} in src_install * http://dev.gentoo.org/~ciaranm/docs/mw-faq/spacing.txt (lots of blank lines between variables) * http://dev.gentoo.org/~ciaranm/docs/mw-faq/quoting.txt (${D})
Created attachment 68761 [details] logcheck-1.2.41.ebuild Ok, these problems should be fixed now. By the way I've added a dependency on lockfile-progs, see bug 106393.
reopening, see attachment above
Why did you add a src_compile? This shouldn't be needed. Please reopen with a fixed ebuild.
Well, it wouldn't emerge with default src_compile (access violation). There's a problem with the package's build system. Its makefile's default target is install, so when default src_compile calls emake, make install is assumed. But no DESTDIR= is passed (which is normal of course), and make fails with access violation. I don't see any other solution than overriding default src_compile.
Yuck. Ok, could you stick a comment in the ebuild explaining it?
Created attachment 69432 [details] logcheck-1.2.41.ebuild ok, here's the ebuild
A couple of things: The ebuild appears to work for logcheck-1.2.42 (change the filename, change the SRC_ID to 1233) I would bring to your attention the following from the INSTALL file : -Extract logcheck and run make install. -Add an unpriviliged user for running logcheck. (typicallly named "logcheck") -chown -R logcheck /etc/logcheck /var/lock/logcheck [as well as /var/lib/logcheck -j] -Be sure this user can access your log files -Edit logcheck configuration files in /etc/logcheck. Most importantly logcheck.conf. logcheck.logfiles contains a list of logfiles to be scanned. -Install logcheck cron job. There is a sample in debian/logcheck.cron.d To test your installation run "logcheck -ot" While much of this is the user's responsibility, certain things can be done in the ebuild. Others are unclear - is there a policy on permissions for logfiles? My 'default' install (basic gentoo with syslog-ng), the default logfiles of syslog and auth.log do not exist. And most of the log files in /var/log are root:root - not friendly to an unprivileged user. One thing that I think would be of use would be to add an appropriate file to /etc/cron.hourly/ (as logsentry has) or cron.daily - whatever. This package is of little use if it is not actively utilised. Whatever you decide to be in the ebuild (or not), a note should appear at the end of the installation detailing the things the user needs to do to get a working, useful setup.
Well, I am really sad about this package, still not present in portage. Actually the new package 1.2.45 is aviable http://alioth.debian.org/projects/logcheck/download/. Comparing to logsentry, this one is much usefull and more configurable.
Created attachment 120752 [details] app-admin/logcheck-1.2.56.ebuild * this ebuild takes care to create 'logcheck' unpriv user and group * through the pkg_postinst() informs the user about syslog-ng and cron configuration * it offers a sample crontab file for the new logcheck user * it offers, using pck_config(), a tool to setup a basic read-only priv for the logcheck group. Basically when owner and group are the same for a log file it change the group in "logcheck" and grant the read priv, otherwise the user must set the correct priv manually. * minor fixes
Created attachment 120753 [details] files/logcheck.cron.d
(this is an automated message based on filtering criteria that matched this bug) 'EBUILD' is in the KEYWORDS which should mean that there is a ebuild attached to this bug. This bug is assigned to maintainer-wanted which means that it is not in the main tree. Heuristics show that no Gentoo developer has commented on your ebuild. Hello, The Gentoo Team would like to firstly thank you for your ebuild submission. We also apologize for not being able to accommodate you in a timely manner. There are simply too many new packages. Allow me to use this opportunity to introduce you to Gentoo Sunrise. The sunrise overlay[1] is a overlay for Gentoo which we allow trusted users to commit to and all users can have ebuilds reviewed by Gentoo devs for entry into the overlay. So, the sunrise team is suggesting that you look into this and submit your ebuild to the overlay where even *you* can commit to. =) Because this is a mass message, we are also asking you to be patient with us. We anticipate a large number of requests in a short time. Thanks, On behalf of the Gentoo Sunrise Team, Jeremy. [1]: http://www.gentoo.org/proj/en/sunrise/ [2]: http://overlays.gentoo.org/proj/sunrise/wiki/SunriseFaq
Working on it, stay tuned.
And... happily marking as fixed. Ebuild added to the tree, app-admin/logcheck. Enjoy!