Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 02-23-2006, 11:24 AM   #1
Registered: Jan 2006
Posts: 65

Rep: Reputation: 15
logwatch on RHEL keeps saying files have changed

Logwatch on one of our systems keeps sending out emails at night stating that certain files or their output have changed, files like resolv.conf. The same files everynight. Yet when I check the dates on the files, they haven't been updated in months. What output does resolv.conf have that would change if the file itself hasn't changed? Any thoughts on what may be causing this?
Old 02-23-2006, 01:38 PM   #2
Registered: May 2001
Posts: 29,361
Blog Entries: 55

Rep: Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547Reputation: 3547
Are there any other files changed or reported similarly?
AFAIK Logwatch doesn't do anything but parse logs for messages to report.
If there's something changed it should come from some app it's reading the logs for.
I'd say verify the contents, after all resolv.conf is ASCII, do a "stat" so you can save the MAC times.
If the next day the M time wasn't changed then this could be either a false positive, or for instance a filesystem integrity check database that wasn't updated, or (when resolv.conf was changed) rpm -V should fail. Like that.
If it isn't any of those, and your filesystem supports it, and if you don't need it to be changed, you could make the file immutable (chattr) and see if anything complains about that.
Old 02-23-2006, 02:46 PM   #3
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,125

Rep: Reputation: 165Reputation: 165
It sounds more like something that tripwire would do.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
10.1 -> 10.2 which conf files changed? Vgui Slackware 3 09-21-2005 05:55 PM
IP addy changed, which files do I edit? WorldBuilder Linux - Networking 1 08-24-2005 11:01 PM
Howto list last changed files MicroSun Linux - Newbie 3 02-18-2005 06:52 PM
logwatch doesn't send emails after changed hostname? FLOODS Fedora 13 12-15-2004 01:37 PM
ownership of files changed after upgrade Tinkster Slackware 1 12-20-2002 08:34 PM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 11:53 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration