Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-11-2006, 01:00 PM
|
#1
|
LQ Newbie
Registered: Jun 2004
Location: Minneapolis, MN
Distribution: Fedora
Posts: 6
Rep:
|
Logwatch reports with no crontab command
Hi,
I am getting a daily report via email from Logwatch from a couple of my RH 9 servers with the header:
################### LogWatch 4.3.1 (01/13/03) ####################
Processing Initiated: Mon Sep 11 04:02:01 2006
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: backserver
################################################################
But I do not have any crontab entry for logwatch. I also checked with ps -ax and I was not able to find any running tasks named log*. How is logwatch activated automatically on a daily basis without a cron job?
Also, I noticed that the mailed report does not have the date/time stamp. For instance /var/log/messages show:
"Sep 11 04:02:03 backserver syslogd 1.4.1: restart
Sep 10 04:03:06 backserver smartd[1994]: Device: /dev/hda, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 65 to 64"
But the email from logwatch shows:
"/dev/hda :
1 Time(s): SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 65 to 64"
How can I get the time stamp on that mailed report?
I was not able to find this time option on the file "/etc/log.d/conf/logwatch.conf" or in "man logwatch".
Thanks in advance,
David
|
|
|
09-11-2006, 03:23 PM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
Maybe /etc/cron.d and maybe it's a link not a file. Just try and "slocate" it.
Anyway, I'll move this thread. Ain't a security question.
|
|
|
09-11-2006, 03:51 PM
|
#3
|
LQ Newbie
Registered: Jun 2004
Location: Minneapolis, MN
Distribution: Fedora
Posts: 6
Original Poster
Rep:
|
Thanks for the reply. I did not have anything in /etc/cron but I did in /etc/cron.daily:
lrwxrwxrwx 1 root root 28 Apr 10 2005 00-logwatch -> ../log.d/scripts/logwatch.pl
I only need now to figure out how to keep the timestamp from the original /var/log/messages logs. Any suggestions.
|
|
|
09-11-2006, 04:00 PM
|
#4
|
Moderator
Registered: May 2001
Posts: 29,415
|
No timestamps. If you need on-alert notification you should run something that parses syslog in realtime like Swatch.
|
|
|
09-11-2006, 04:38 PM
|
#5
|
LQ Newbie
Registered: Jun 2004
Location: Minneapolis, MN
Distribution: Fedora
Posts: 6
Original Poster
Rep:
|
Thanks unSpawn! I will look into Swatch for critical issues.
I wasn't trying to have logwatch to add new timestamps just simply not to remove the ones already present on the original log files. I suppose that logwatch is removing the begining of each line of the /var/log files with the date/time string. I had hopped that perhaps this behavior was a configurable option but does not seem to be the case.
Thanks again for your feedback.
|
|
|
09-11-2006, 05:08 PM
|
#6
|
Moderator
Registered: May 2001
Posts: 29,415
|
just simply not to remove the ones already present on the original log files.
No, can't do that. It's how Logwatch is able to select loglines to check.
It would probably also make it a lot harder to tally messages the way it does.
Last edited by unSpawn; 09-11-2006 at 05:11 PM.
Reason: ...
|
|
|
All times are GMT -5. The time now is 09:53 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|