Logwatch detail output in report

theblah · 04-30-2012, 06:08 AM

Hello,

My question is how do I include "Unmatched entries" in the report.
Searches on this issue reveal only users who want to discard Unmatched entries, as opposed to what I want to do.

For example, I have the following lines in messages:

Code:

08:44:26 apcupsd[1769]: Power failure
08:44:33 apcupsd[1769]: Power is back. UPS running on mains.

05:26:41 smartd[1971]: Device: /dev/sda [SAT], SMART Usage Attribute: 7 Seek_Error_Rate changed from 100 to 20
05:56:41 smartd[1971]: Device: /dev/sda [SAT], SMART Usage Attribute: 7 Seek_Error_Rate changed from 200 to 10

3:57:01 --------------- backup script start ---------------
3:57:01 ********* Rsync html content started
sent 220482 bytes  received 111026666 bytes  872526.65 bytes/sec
total size is 194488498  speedup is 1.75
3:59:09 ********* Rsync html complete
3:59:09 ********* Tar html content started
4:01:57 ********* Tar html complete
4:04:43 --------------- backup script stop ---------------

And none of these are displayed in the report, neither when I manually run logwatch with --debug High
logwatch --output stdout --hostformat split --logdir /var/log --detail high --debug High

In the past, when I was using Centos 5 I remember stuff showing in Unmatched when the case occurred.
I'm running Centos 6.2 with Logwatch 7.4.0.

/etc/logwatch/conf/logfiles/messages.conf

Code:

LogFile = messages
Archive = messages.*
Archive = archiv/messages.*
Archive = messages-*
Archive = archiv/messages-*
*ExpandRepeats
*RemoveService = talkd,telnetd,inetd,nfsd,/sbin/mingetty,netscreen,NetScreen
*ApplyStdDate

theblah · 05-07-2012, 04:47 AM

nobody, no one?

catkin · 05-07-2012, 05:45 AM

Only answering because nobody else has, not because I know much about logwatch. I found it's config mechanism confusing so switched to logcheck which I found more intuitive.

Maybe you need to add a file for apcupsd and smartd in /usr/share/logwatch/default.conf/services or the equivalent directory appropriate for local configuration (if you can figure out which that is you are doing better than I).

The local backup script entries in messages do not follow the conventional format so may be hard or impossible to get logwatch to report on.

unSpawn · 05-07-2012, 05:58 AM

No. I use Logwatch but I'm still on Centos 5.8. In CVS only logwatch/conf/services/courier.conf has a "courier_print_all_unmatched=0" option. Only thing I can think of is you D/L both .src.rpm packages for 5.8 and 6.2, diff the source trees and check if there's any patches that would keep them from printing.

[EDIT]
Re-grepping the CVS tree shows more services can have a $IgnoreUnmatched setting in the form of ${SERVICENAME}_ignore_unmatched=${VALUE} in their ${SERVICENAME}.conf and Smartd is one of them. Maybe test explicitly setting smartd_ignore_unmatched=1 ?
[/EDIT]

theblah · 05-08-2012, 04:40 AM

In /etc/logwatch/conf/services/kernel.conf I commented

Code:

*OnlyService = (kernel|SUNW,[-\w]+?)

and now I get much more output.

As for my bkp script, if I make it append lines in the standard way, it gets displayed in the logwatch report.
I'm guessing the behavior of the kernel script in /usr/share/logwatch/scripts/services/kernel can be modified to show even lines not respecting this rule, but I am unable to interpret/alter the code used there.

EDIT:
I inspired from the other scripts containing $IgnoreUnmatched and added the following to the kernel script (in the appropriate sections):

Code:

my $IgnoreUnmatched = 0;
my @OtherList = ();

push @OtherList,$ThisLine;

if (($#OtherList >= 0) and (not $IgnoreUnmatched)){
        print "\n**Unmatched Entries**\n";
        print @OtherList;
}

And now I get the **Unmatched Entries** section in the status report. The output is the same as the one produced by commenting

Code:

*OnlyService = (kernel|SUNW,[-\w]+?)

, the only difference consisting in displaying entries in different sections.