sys-apps/logwatch is broken. I've tested it on two gentoo boxes, and it seems to produce no output. I've tried 'logwatch --print' and it just returns with no error messages. One box is using metalog, the other sysklogd. USE="-X acpi apache2 crypt imap ldap libg++ libwww maildir -mysql ncurses pam perl postgres python sasl socks5 ssl tcpd x86" Reproducible: Always Steps to Reproduce: 1. emerge metalog 2. try to use it. :) 3.
Any update on this? Can you folks repro it?
works fone for me, and i'm on app-admin/metalog-0.8_pre20031130: (sanitized for privacy) ################### LogWatch 5.2.2 (06/23/04) #################### Processing Initiated: Sun Aug 8 20:28:55 2004 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles for Host: PRIVATE ################################################################ --------------------- samba Begin ------------------------ **Unmatched Entries** nmbd/nmbd_namequery.c:query_name(237) query_name: Failed to send packet trying to query name PRIVATE<1d> : 285 Time(s) nmbd/nmbd_packets.c:send_netbios_packet(163) send_netbios_packet: send_packet() to IP 123.123.123.123 port 137 failed : 285 Time(s) ---------------------- samba End ------------------------- ------------------ Disk Space -------------------- df: `/mnt/thomas': Value too large for defined data type /dev/hda5 9.6G 2.4G 7.2G 26% / /dev/hda6 29G 11G 19G 37% /usr /dev/hda7 29G 13G 17G 44% /var /dev/hda8 35G 16G 19G 47% /home /dev/hda9 9.6G 3.7G 5.9G 39% /tmp /dev/hda1 122M 23M 93M 20% /boot ###################### LogWatch End #########################
I have seen the same thing; the logwatch ebuild doesn't function out of the box for me either, but with Metalog generated logs. The ebuild does function when I take a log file from a RedHat 9 server box that I have and run logwatch on that. I've been playing around a little with the configuration of both Metalog and logwatch. Will re-post if I find a solution.
I use app-admin/metalog-0.8_pre20031130, sys-apps/logwatch-5.2.2 is absolutely stock, metalog is almost stock (a single extra entry for some custom stuff), and this configuration works perfectly.
That's super; though given that logwatch by default looks for /var/log/messages and metalog by default stores everything in /var/log/everything/current I don't see how it could possibly work out of the box for you. However, that isn't the issue as I've modified logwatch's config to read the proper config file and it still produces no output. If it is working for you, could you please post a small attachment from a working log file (or email it to me) so I can try and determine if this is a logwatch issue, a metalog issue, something else (like Perl perhaps?), or a combination of things. I too am using metalog-0.8_pre20031130 and logwatch-5.2.2 and it simply produces blank output. And interestingly enough, I found this posting regarding metalog support within logwatch today: http://www2.list.logwatch.org:81/pipermail/logwatch-devel/2004-April/000504.html So, I think it might actually be an upstream problem.
not a Gentoo bug
I've written a guide to getting metalog and logwatch to work together. You can find it at: http://en.gentoo-wiki.com/wiki/Logwatch_with_Metalog