[OpenIndiana-discuss] Logwatch equivalent...

John Doe jdmls at yahoo.com
Wed Apr 24 15:41:30 UTC 2013


From: Jim Klimov <jimklimov at cos.ru>
> ...or servers/services/scripts do their own logging. In the latter case,
> crontab logs (/var/cron/log) and SMF logs (/var/svc/log/*) might be of
> interest.
> But for an automated solution I'd parse syslog setup as well as setups
> of log-rotation utilities (if the OS or admin cared to set up certain
> logs there, it is likely they exist and may contain useful data).

It is a standard new install, zfs pools, plus started: IPMI, NTP, NFS

I have the default syslog.conf:
  *.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages
  mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)
  user.err                                        /var/adm/messages

I know where the logs are for:
 - cron => /var/log/cron
 - inetd / compiled nrpe => /var/log/syslog
 - packaged Lighttpd + compiled php => own log files

I guess the server is too passive to log much stuff right now.

Ok, I downloaded the latest logwatch and tried to install it...
and I guess badly failed (with such gems as "README installed as /etc/rc2.d/README"):

# sh install_logwatch.sh
#################################
Preparing to install Logwatch
Enter the path to the Logwatch BaseDir [/usr/share/logwatch] : 
### Using /usr/share/logwatch
Enter the path for the Logwatch ConfigDir [/etc/logwatch] : 
### Using /etc/logwatch
Enter the dir name to be used for temp files [/var/cache/logwatch] : 
### Using /var/cache/logwatch
Enter the location of perl [/usr/bin/perl] : 
### Using /usr/bin/perl
Enter the dir name to used for the manpage [/usr/share/man] : 
### Using /usr/share/man
### Installing
directory /usr/share/logwatch created
directory /usr/share/logwatch/dist.conf created
directory /usr/share/logwatch/dist.conf/logfiles created
directory /usr/share/logwatch/dist.conf/services created
directory /usr/share/logwatch/default.conf created
directory /usr/share/logwatch/default.conf/logfiles created
directory /usr/share/logwatch/default.conf/services created
directory /usr/share/logwatch/default.conf/html created
directory /usr/share/logwatch/scripts created
directory /usr/share/logwatch/scripts/logfiles created
directory /usr/share/logwatch/scripts/services created
directory /usr/share/logwatch/scripts/shared created
directory /usr/share/logwatch/lib created
find: stat() error /usr/share/logwatch/README: No such file or directory
README installed as /etc/rc2.d/README
find: stat() error /usr/share/logwatch/HOWTO-Customize-LogWatch: No such file or directory
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: HOWTO-Customize-LogWatch was not found anywhere!
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: ignore.conf was not found anywhere!
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: autorpm.conf was not found anywhere!
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: afpd.conf was not found anywhere!
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: footer.html was not found anywhere!
find: stat() error /usr/share/logwatch/scripts/logwatch.pl: No such file or directory
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: logwatch.pl was not found anywhere!
directory /usr/share/logwatch/scripts/logfiles/autorpm created
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: applydate was not found anywhere!
directory /usr/share/logwatch/scripts/logfiles/cron created
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: applydate was not found anywhere!
directory /usr/share/logwatch/scripts/logfiles/emerge created
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: applydate was not found anywhere!
directory /usr/share/logwatch/scripts/logfiles/samba created
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: applydate was not found anywhere!
directory /usr/share/logwatch/scripts/logfiles/up2date created
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: applydate was not found anywhere!
directory /usr/share/logwatch/scripts/logfiles/xferlog created
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: applydate was not found anywhere!
directory /usr/share/logwatch/scripts/logfiles/yum created
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: applydate was not found anywhere!
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: applybinddate was not found anywhere!
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: afpd was not found anywhere!
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: Logwatch.pm was not found anywhere!
directory /etc/logwatch created
directory /etc/logwatch/scripts created
directory /etc/logwatch/scripts/services created
directory /etc/logwatch/conf created
directory /etc/logwatch/conf/logfiles created
directory /etc/logwatch/conf/services created
directory /etc/logwatch/conf/html created
directory /var/cache/logwatch created
find: cycle detected for /lib/32/
find: cycle detected for /lib/crypto/32/
find: cycle detected for /lib/secure/32/
find: cycle detected for /usr/lib/secure/32/
find: cycle detected for /usr/lib/lwp/32/
find: cycle detected for /usr/lib/link_audit/32/
find: cycle detected for /usr/lib/32/
find: cycle detected for /usr/lib/elfedit/32/
install: logwatch.8 was not found anywhere!
Created symlink for /usr/sbin/logwatch 
You need to setup your cron job for logwatch, something like 
2 0 * * * /usr/share/logwatch/scripts/logwatch.pl >/dev/null 2>&1

So I tried to clean up the mess, and did a manual install through trial and errors.
Basicaly, for now I get a summary of cron entries, plus a df... but it does not want to send it by mail yet.

So, nobody uses logwatch or any equivalent...?
Do you just go check the logs on each servers or do you syslog them to a remote log server?

JD



More information about the OpenIndiana-discuss mailing list