Logwatch issue + fix

modem7
Posts: 215
Joined: Tue Mar 20, 2012 6:00 pm

Logwatch issue + fix

Postby modem7 » Thu Jul 19, 2018 11:04 am

Since upgrading to the latest Amahi/Fedora, I've noticed that logwatch has been rather..........lacking.

Seems that the reason behind this is due to systemd-journald replacing rsyslog.

I found a fix: https://bbs.archlinux.org/viewtopic.php?id=227516

Directly copying and pasting here in case that post disappears:

======================================================
======================================================

Hello

Ever since systemd-journald replaced rsyslog - the logwatch package had more or less become useless.

Recently logwatch version 7.4.3-3 was released with support for journalctl
Reference: https://bugs.archlinux.org/task/53981

This version however does not implement conf file changes. So default logwatch still remains useless.

rsyslog had 4 main files in /var/log on which rsyslog heavily depended on --> messages, maillog, cron, secure.

I have created 4 conf files - each imitates their rsyslog equivalents.

First create an EMPTY log file called emptylog.
touch /var/log/emptylog
This will be fake log file which will be supplied to logwatch.

Now create 4 files under /usr/share/logwatch/dist.conf/logfiles, as below:

/usr/share/logwatch/dist.conf/logfiles/messages.conf
Archive =
LogFile =
LogFile = emptylog

# Facilities from /usr/include/sys/syslog.h
# default syslog directive for messages is: *.info;mail.none;authpriv.none;cron.none
# list all facilities except mail, authpriv and cron
*JournalCtl = "-q --no-pager -o short -p info SYSLOG_FACILITY=0 SYSLOG_FACILITY=1 SYSLOG_FACILITY=3 SYSLOG_FACILITY=4 SYSLOG_FACILITY=5 SYSLOG_FACILITY=6 SYSLOG_FACILITY=7 SYSLOG_FACILITY=8 SYSLOG_FACILITY=11 SYSLOG_FACILITY=16 SYSLOG_FACILITY=17 SYSLOG_FACILITY=18 SYSLOG_FACILITY=19 SYSLOG_FACILITY=20 SYSLOG_FACILITY=21 SYSLOG_FACILITY=22 SYSLOG_FACILITY=23"

# copied from existing message.conf under default.conf/logfiles directory
*ExpandRepeats
*RemoveService = talkd,telnetd,inetd,nfsd,/sbin/mingetty,netscreen,NetScreen
*ApplyStdDate = "%b %d %H:%M:%S "
/usr/share/logwatch/dist.conf/logfiles/maillog.conf
Archive =
LogFile =
LogFile = emptylog

# Facilities from /usr/include/sys/syslog.h
# default syslog directive for maillog is: mail.*
*JournalCtl = "-q --no-pager -o short SYSLOG_FACILITY=2"

# copied from existing maillog.conf under default.conf/logfiles directory
*ExpandRepeats
*ApplyStdDate = "%b %d %H:%M:%S "
/usr/share/logwatch/dist.conf/logfiles/secure.conf
Archive =
LogFile =
LogFile = emptylog

# Facilities from /usr/include/sys/syslog.h
# default syslog directive for secure is: authpriv.*
*JournalCtl = "-q --no-pager -o short SYSLOG_FACILITY=10"

# copied from existing secure.conf under default.conf/logfiles directory
*ExpandRepeats
*ApplyStdDate = "%b %d %H:%M:%S "
/usr/share/logwatch/dist.conf/logfiles/cron.conf
Archive =
LogFile =
LogFile = emptylog

# Facilities from /usr/include/sys/syslog.h
# default syslog directive for cron is: cron.*
*JournalCtl = "-q --no-pager -o short SYSLOG_FACILITY=9"

# copied from existing cron.conf under default.conf/logfiles directory
*RemoveService = anacron
Hope this gets implemented by default by package maintainer.

Hope it helps others.

Thank you.

PS: New "git" version of logwatch accepts /dev/null as log file name. (after which emptylog can be replaced with /dev/null)

Update: Update time format as Journalctl outputs leading 0 to date.

User avatar
bigfoot65
Project Manager
Posts: 11924
Joined: Mon May 25, 2009 4:31 pm

Re: Logwatch issue + fix

Postby bigfoot65 » Thu Jul 19, 2018 3:38 pm

Please post this tutorial in the wiki.

We prefer to keep all guidance there vs the forums.
ßîgƒσστ65
Applications Manager

My HDA: Intel(R) Core(TM) i5-3570K CPU @ 3.40GHz on MSI board, 16GB RAM, 1TBx1+2TBx2+4TBx2

Who is online

Users browsing this forum: No registered users and 25 guests