[Bug 1112500] New: logwatch is out of sync with logrotate
http://bugzilla.suse.com/show_bug.cgi?id=1112500 Bug ID: 1112500 Summary: logwatch is out of sync with logrotate Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: bnc-team-screening@forge.provo.novell.com Reporter: adaugherity@tamu.edu QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- In previous versions of openSUSE (up through Leap 42.2/SLE12SP2), both logwatch and logrotate were run via scripts in the /etc/cron.daily directory; logwatch was always run first because its symlink is named "0logwatch". This changed in 42.3/SP3 (and continues in 15) when logrotate was changed to use a systemd timer instead of cron.daily. Now it is possible for logrotate to run before logwatch, and if a log file is rotated, logwatch reports on just the few log entries in the new log file (which may be entirely skipped, depending on the range and archive settings used with logwatch), rather than a whole 24 hours' worth. Example: Apache access log; assume it's large enough to be rotated. Rotation happens at midnight (logrotate.timer) and the file is renamed to e.g. access_log-20181018.xz. When cron.daily runs (at DAILY_TIME from /etc/sysconfig/cron, let's say 04:00, or at boot and 24 hours thereafter if DAILY_TIME is not set), logwatch reports on /var/log/apache2/access_log, which only contains entries after midnight. With the default range of "yesterday", nothing will be reported*. *It would be via logwatch's archive processing (enabled by default), except that the shipped version of logwatch does not handle xz archives, only gz & bz2. Fix: replace the /etc/cron.daily/0logwatch symlink with a systemd timer? There are systemd service/timer definitions in the logwatch git[1], although they may need some tweaking to conform to SUSE and/or upstream systemd standards, and to make it run before logrotate does. Additionally, the git master has also added xz archive support, and a few other fixes/improvements. I don't know when an actual release will be cut, though -- there's an unanswered post in their forum asking that very thing. [1] https://sourceforge.net/p/logwatch/git/ci/master/tree/ systemd stuff is under the scheduler subdirectory -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1112500 Zejin Xu <jxu@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |adaugherity@tamu.edu, | |jxu@suse.com Assignee|bnc-team-screening@forge.pr |pth@suse.com |ovo.novell.com | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1112500 http://bugzilla.suse.com/show_bug.cgi?id=1112500#c1 --- Comment #1 from Andrew Daugherity <adaugherity@tamu.edu> --- I have successfully implemented the systemd timer solution, based on the upstream definitions from logwatch git: ==== adaugherity@wp:~> systemctl list-timers NEXT LEFT LAST PASSED UNIT ACTIVATES Wed 2018-10-24 00:00:00 CDT 10h left Tue 2018-10-23 00:00:01 CDT 13h ago logrotate.timer logrotate.service Wed 2018-10-24 00:00:00 CDT 10h left Tue 2018-10-23 00:00:01 CDT 13h ago logwatch.timer logwatch.service Wed 2018-10-24 02:30:01 CDT 12h left Tue 2018-10-23 02:30:01 CDT 11h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service Mon 2018-10-29 00:00:00 CDT 5 days left Mon 2018-10-22 00:00:01 CDT 1 day 13h ago fstrim.timer fstrim.service 4 timers listed. Pass --all to see loaded but inactive timers, too. adaugherity@wp:~> systemctl status logwatch.service logrotate.service ● logwatch.service - Log Analyzer and Reporter Loaded: loaded (/etc/systemd/system/logwatch.service; static; vendor preset: disabled) Active: inactive (dead) since Tue 2018-10-23 00:00:22 CDT; 13h ago Docs: man:logwatch(8) man:logwatch.conf(5) Main PID: 32704 (code=exited, status=0/SUCCESS) ● logrotate.service - Rotate log files Loaded: loaded (/usr/lib/systemd/system/logrotate.service; static; vendor preset: disabled) Active: inactive (dead) since Tue 2018-10-23 00:01:30 CDT; 13h ago Docs: man:logrotate(8) man:logrotate.conf(5) Main PID: 677 (code=exited, status=0/SUCCESS) ==== Both logwatch.timer and logrotate.timer use OnCalendar=daily, but by adding Before=logrotate.service to logwatch.service, logwatch always runs first. (Note: this is in the *service* file, not the timer file. systemd doesn't complain about Before= or After= settings in timer files, but they don't do anything!) With this timer solution, the /etc/cron.daily/0logwatch symlink must be removed. I will attach the logwatch.{service,timer} files to this bug; I could also submit them to the OBS package in server:monitoring if desired. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1112500 http://bugzilla.suse.com/show_bug.cgi?id=1112500#c2 --- Comment #2 from Andrew Daugherity <adaugherity@tamu.edu> --- Created attachment 786923 --> http://bugzilla.suse.com/attachment.cgi?id=786923&action=edit logwatch systemd service -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1112500 http://bugzilla.suse.com/show_bug.cgi?id=1112500#c3 --- Comment #3 from Andrew Daugherity <adaugherity@tamu.edu> --- Created attachment 786924 --> http://bugzilla.suse.com/attachment.cgi?id=786924&action=edit systemd timer -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1112500 http://bugzilla.suse.com/show_bug.cgi?id=1112500#c4 --- Comment #4 from Andrew Daugherity <adaugherity@tamu.edu> --- Upstream has accepted my fixes to their systemd timer definitions, and have since released a new version including them. I have sumbitted an update for the logwatch package in OBS server:monitoring to 7.5.1 (SR 690465), but the systemd timer will not yet be active until the systemd presets package is updated, which I've submitted SR 690468 for (at least that's what the Wiki said to do -- I hope this is the proper procedure). If that is approved, I'll submit another update to replace the /etc/cron.daily/0logwatch symlink with the systemd timer. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1112500 http://bugzilla.suse.com/show_bug.cgi?id=1112500#c5 Tomáš Chvátal <tchvatal@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #5 from Tomáš Chvátal <tchvatal@suse.com> --- This is automated batch bugzilla cleanup. The openSUSE 42.3 changed to end-of-life (EOL [1]) status. As such it is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of openSUSE (At this moment openSUSE Leap 15.1, 15.0 and Tumbleweed) please feel free to reopen this bug against that version (!you must update the "Version" component in the bug fields, do not just reopen please), or alternatively create a new ticket. Thank you for reporting this bug and we are sorry it could not be fixed during the lifetime of the release. [1] https://en.opensuse.org/Lifetime -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1112500 http://bugzilla.suse.com/show_bug.cgi?id=1112500#c6 Andrew Daugherity <adaugherity@tamu.edu> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Version|Leap 42.3 |Leap 15.1 Resolution|WONTFIX |--- --- Comment #6 from Andrew Daugherity <adaugherity@tamu.edu> --- Reopening against 15.1, which still has the issue. The requests in comment 4 have been accepted, but it seems that the new version of systemd-presets-common-SUSE didn't make it into Leap 15.1, which is needed to enable logwatch.timer (as I understand doing so in logwatch's %post would be frowned upon). Can that be done as an update? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1112500 Stefan Fent <stefan.fent@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |stefan.fent@suse.com Assignee|pth@suse.com |christian.voegl@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1112500 https://bugzilla.suse.com/show_bug.cgi?id=1112500#c10 --- Comment #10 from Swamp Workflow Management <swamp@suse.de> --- SUSE-RU-2021:0926-1: An update that has 5 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1083473,1112500,1115408,1165780,1183012 CVE References: JIRA References: Sources used: SUSE MicroOS 5.0 (src): systemd-presets-common-SUSE-15-8.3.1 SUSE Linux Enterprise Module for Basesystem 15-SP2 (src): systemd-presets-common-SUSE-15-8.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1112500 https://bugzilla.suse.com/show_bug.cgi?id=1112500#c11 --- Comment #11 from Swamp Workflow Management <swamp@suse.de> --- openSUSE-RU-2021:0478-1: An update that has 5 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1083473,1112500,1115408,1165780,1183012 CVE References: JIRA References: Sources used: openSUSE Leap 15.2 (src): systemd-presets-common-SUSE-15-lp152.9.3.1 -- You are receiving this mail because: You are on the CC list for the bug.
participants (2)
-
bugzilla_noreply@novell.com -
bugzilla_noreply@suse.com