CentOSThis forum is for the discussion of CentOS Linux. Note: This forum does not have any official participation.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: CentOS 6/7 at home, RHEL5/6/7 at work
Posts: 34
Rep:
Centos 6 logwatch not reporting httpd
I'm not seeing HTTPD reports in my logwatch from my server. I've been googling around trying to find something, but I can't seem to pin down why it's not showing up.
My logs are in the default location and are readable by all users, so it shouldn't be a permissions issue
Code:
/var/log/httpd
I've tried to run a specific logwatch on the dir to see if it's just not picking it up and nothing happens
I've done all of those things. By default logwatch includes all services which means httpd. The logwatch on my centos 7 server has no issues with the httpd summary but centos 6 version does for some reason. I have no special configuration on any of them. Something isn't working on centos 6.
Sorry for the "is it plugged in" questions, but
1) Is httpd running?
2) Has there been any activity today (for the period for which logwatch is being run)
Here's what the start of that section looks like on my server:
Distribution: CentOS 6/7 at home, RHEL5/6/7 at work
Posts: 34
Original Poster
Rep:
Quote:
Originally Posted by scasey
Sorry for the "is it plugged in" questions, but
1) Is httpd running?
2) Has there been any activity today (for the period for which logwatch is being run)
1: Yes
2: Yes, the website on that virtual server has over 10,000 users, the log file for one of the SSL sites is 48 MB so for today, and the rotate log of last week is 611 MB
I get daily logwatch reports via email, it goes from cron straight to pam, nothing in between unless the rare kernel issue crops up. I'm wanting to get the report to see the logwatch interpretation of what's happening. I stopped ingesting those logs into splunk because I was hitting the 500 MB per day free license limit.
This is the problem; it should be picking them up, the logs are in a sub directory of /var/log which is the default defined logdir. I can specifically request a logwatch run of that logdir and nothing from httpd shows up. I tried the basic google troubleshooting, and this is where I'm at.
OK. I'm down to grasping at straws. What is the actual subdirectory containing the http logs? From my (default) setup:
Code:
# more /usr/share/logwatch/default.conf/logfiles/http.conf
########################################################
# Define log file group for httpd
########################################################
# What actual file? Defaults to LogPath if not absolute path....
LogFile = httpd/*access_log
LogFile = apache/*access.log.1
LogFile = apache/*access.log
LogFile = apache2/*access.log.1
LogFile = apache2/*access.log
LogFile = apache2/*access_log
LogFile = apache-ssl/*access.log.1
LogFile = apache-ssl/*access.log
LogPath is, I presume, /var/log ^^This is where and what logwatch is looking for *access_log files.
Are your log files named *access_log?
Oh. You said /var/log/httpd in your OP. Sorry. Try that command with
Code:
--logdir /var/log/
since logwatch is prepending that to its LogFile (I'm guessing).
So the command you're using would be looking for log files in /var/log/httpd/httpd/*access_log, etc.
Distribution: CentOS 6/7 at home, RHEL5/6/7 at work
Posts: 34
Original Poster
Rep:
The file name was the issue, cause my logfiles didn't have the *access_log as is listed in the configuration. I modified my httpd configurations to include the file name as listed and ran a specific logwatch run of just the http service
The file name was the issue, cause my logfiles didn't have the *access_log as is listed in the configuration. I modified my httpd configurations to include the file name as listed and ran a specific logwatch run of just the http service
There ya go!
Not using “default” settings/values can present some interesting challenges.
Hopefully our dialog will help someone in the future.
Not at my desktop at the moment, but want to point out that modifying the /user/share has the risk of your changes getting overwritten by an update. There is a dir under /etc/ where those changes would be preserved. See the FILES section of man logwatch
PS You can mark the thread SOLVED using the Thread Tools at the top of the page, if you wish.
Distribution: CentOS 6/7 at home, RHEL5/6/7 at work
Posts: 34
Original Poster
Rep:
Quote:
Originally Posted by scasey
Not at my desktop at the moment, but want to point out that modifying the /user/share has the risk of your changes getting overwritten by an update. There is a dir under /etc/ where those changes would be preserved.
When I say I modified my httpd configuration I'm talking about the individual site configurations in /etc/httpd/conf.d
It's always a terrible idea to modify default package configuration files, you should always edit the local configurations.
When I say I modified my httpd configuration I'm talking about the individual site configurations in /etc/httpd/conf.d
It's always a terrible idea to modify default package configuration files, you should always edit the local configurations.
Oh! I thought you tweaked the settings for logwatch to match your httpd settings...
Yes, going back to default/typical in your httpd settings works too. (And is the wiser choice IMO)
Agreed. Every domain should have its own log files. Note that logwatch won't make a distinction, however. It will group the details from all logs in /var/log/httpd together.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.