SuSE 9.0 Pro logdigest-0.1.3-31 crontab -u root -l MAILTO=root I rec'd daily email reports to root of system activities generated by logdigest until a week ago. I checked and had made changes to /etc/logdigest/ignore.local the same day I rec'd the last report. So, I reversed the changes but the reports have not resumed. There is no indication in /var/log/mail that the reports have been denied or rejected. I made no changes to postfix during or immediately prior to the report stoppage. The logdigest entry in /etc/cron.daily/ is present and the access/modification date is eight months old. I can find no reference to similar occurances on goggle or the suse database and do not know where now to look. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/photos
On Saturday 10 July 2004 15:09, Patrick Shanahan wrote:
SuSE 9.0 Pro logdigest-0.1.3-31
crontab -u root -l MAILTO=root
I rec'd daily email reports to root of system activities generated by logdigest until a week ago. I checked and had made changes to /etc/logdigest/ignore.local the same day I rec'd the last report.
So, I reversed the changes but the reports have not resumed. There is no indication in /var/log/mail that the reports have been denied or rejected. I made no changes to postfix during or immediately prior to the report stoppage. The logdigest entry in /etc/cron.daily/ is present and the access/modification date is eight months old.
I can find no reference to similar occurances on goggle or the suse database and do not know where now to look.
Run the script manually, perhaps with 'sh -x'. Usually I do something like this: bash -x script 2>&1 | less Got enough space on the partitions? Cheers, Leen
* Leendert Meyer
Run the script manually, perhaps with 'sh -x'.
Usually I do something like this:
bash -x script 2>&1 | less
output below. I see two lines that bother me, but I do not understand why. 'FOUND=0' and 'ALARM=0' even with the above, I should still get a report.
Got enough space on the partitions?
definitely. output from (as root) 'bash -x /etc/cron.daily/logdigest 2>&1 | less' + test -r /etc/logdigest/config + . /etc/logdigest/config ++ LOGFILES=/var/log/messages /var/log/mail ++ SYSADMIN=root ++ HOSTNAME= ++ EXTENDED_STATS=no + PATH=/sbin:/bin:/usr/sbin:/usr/bin + : root + : /usr/bin/logtail + : /var/lib/logdigest + GREP=egrep + MAIL=mail + : /etc/logdigest/alarming + : /etc/logdigest/ignore + test -e /etc/logdigest/alarming.local + test -e /etc/logdigest/ignore.local ++ hostname -f + HOSTNAME=wahoo ++ date '+%Y-%m-%d %H:%M' + DATE=2004-07-10 14:47 + umask 077 + rm -f /var/lib/logdigest/checkoutput.15709 /var/lib/logdigest/mail.15709 + '[' -f /var/lib/logdigest/check.15709 -o -f /var/lib/logdigest/checkoutput.15709 -o -f /var/lib/logdigest/mail.15709 ']' + : /var/log/messages /var/log/mail + j=0 + (( j++ )) + LOGFILE[$j]=/var/log/messages + log_file_name[$j]=_var_log_messages + (( j++ )) + LOGFILE[$j]=/var/log/mail + log_file_name[$j]=_var_log_mail + n=2 + FOUND=0 + ALARM=0 + cat + (( i=1 )) + (( i<=n )) + /usr/bin/logtail /var/log/messages /var/lib/logdigest/_var_log_messages.offset + egrep -v -f /etc/logdigest/ignore -f /etc/logdigest/ignore.local + test -e /var/log/messages + cat + egrep -i -f /etc/logdigest/alarming -f /etc/logdigest/alarming.local /var/lib/logdigest/_var_log_messages.1.15709 + egrep -v -i -f /etc/logdigest/alarming -f /etc/logdigest/alarming.local /var/lib/logdigest/_var_log_messages.1.15709 + test -s /var/lib/logdigest/_var_log_messages.alarm.15709 + test -s /var/lib/logdigest/_var_log_messages.rest.15709 + rm -f /var/lib/logdigest/_var_log_messages.1.15709 /var/lib/logdigest/_var_log_messages.alarm.15709 /var/lib/logdigest/_var_log_messages.rest.15709 + (( i++ )) + (( i<=n )) + /usr/bin/logtail /var/log/mail /var/lib/logdigest/_var_log_mail.offset + egrep -v -f /etc/logdigest/ignore -f /etc/logdigest/ignore.local + test -e /var/log/mail + cat + egrep -i -f /etc/logdigest/alarming -f /etc/logdigest/alarming.local /var/lib/logdigest/_var_log_mail.1.15709 + egrep -v -i -f /etc/logdigest/alarming -f /etc/logdigest/alarming.local /var/lib/logdigest/_var_log_mail.1.15709 + test -s /var/lib/logdigest/_var_log_mail.alarm.15709 + test -s /var/lib/logdigest/_var_log_mail.rest.15709 + rm -f /var/lib/logdigest/_var_log_mail.1.15709 /var/lib/logdigest/_var_log_mail.alarm.15709 /var/lib/logdigest/_var_log_mail.rest.15709 + (( i++ )) + (( i<=n )) + '[' no = yes ']' + cat ++ cat /proc/loadavg ++ mailq + test -s /var/lib/logdigest/mail.15709 -a 0 = 1 + rm -f /var/lib/logdigest/mail.15709 + exit 0 Note: I ran logdigest with ignore.local and alarming.local *empty*. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/photos
On Saturday 10 July 2004 12:54 pm, Patrick Shanahan wrote:
Note: I ran logdigest with ignore.local and alarming.local *empty*.
It keeps track of the last place in the log that it already inspected, so if you are rerunning, it is only inspecting log entries since *after* the last time you ran it. That means if you run logdigest two times in a row, it is very likely the second run would produce *no* output. Scott -- POPFile, the OpenSource EMail Classifier http://popfile.sourceforge.net/ Linux 2.6.5-7.95-default x86_64
On Saturday 10 July 2004 22:18, Scott Leighton wrote:
On Saturday 10 July 2004 12:54 pm, Patrick Shanahan wrote:
Note: I ran logdigest with ignore.local and alarming.local *empty*.
It keeps track of the last place in the log that it already inspected, so if you are rerunning, it is only inspecting log entries since *after* the last time you ran it.
That means if you run logdigest two times in a row, it is very likely the second run would produce *no* output.
Scott: you hit the nail right on the head! Pat: from the output I noticed nothing happened, most probably because logdigest's current pointer is at a spot that generates no output (perhaps EOF). I know where the current pointer is, now how to calculate a new offset... Got it. Copy /var/log/messages to /tmp/messages. Open /tmp/messages with an editor, e.g. mcedit. Go to the EOF, and remove as many lines from the EOF as you think are of interest, then save the file. The filesize is the new offset. Store the new offset in /var/lib/logdigest/_var_log_messages.offset, first number. The 2nd number is the inode, no need to change that. Make a backup of /var/lib/logdigest/_var_log_messages.offset, so for further testing you only need to copy the backup to the original to get some output. Post the output of logdigest again, as you did before. Cheers, Leen
participants (3)
-
Leendert Meyer
-
Patrick Shanahan
-
Scott Leighton