Home > Could Not > Could Not Run Logtail Or Save Output

Could Not Run Logtail Or Save Output

First i got a message that logcheck shoulnd be run as root and i should type in "su -s /bin/bash -c "/usr/sbin/logcheck[options]" logcheck"...wich i got only a error message like the The rest goes into the report. destination sshd { file("/var/log/ssh.log"); }; filter sshd { program("ssh"); log { source(main); filter(sshd); destination(sshd); flags(final); } Lets say that you are running a very active mail server and even daily rotation But I grabbed it from logcheck-postgres. http://strobelfilms.com/could-not/could-not-run-logtail-or-save-output-logcheck.html

I downloaded btw the latest version of logchek, logtail and logcheck DB (version 1.2.41) but that did, as you surely by know have figured out, did not help at all. So I don't want logcheck bother me every hour with loads of these lines. Full text and rfc822 format available. In my opinion Mr. https://bugs.debian.org/382858

For logcheck to scan all the files on a default FreeBSD system, you will need to make some changes to file permissions, /etc/newsyslog.conf, and /etc/group. The pattern files for logcheck are located in /etc/logcheck/ignore.d.[report level] directories. All the best!! //T cyberpunx View Public Profile View LQ Blog View Review Entries View HCL Entries Find More Posts by cyberpunx Page 1 of 2 1 2 > For the Security Events, I created /usr/local/etc/logcheck/violations.ignore.d/local-postgres with the following contents: # grep mac /usr/local/etc/logcheck/violations.ignore.d/local-postgres ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9]+\-[0-9]+\] ERROR: table "mac" does not exist That preamble seems like

What user/group is logcheck running as? ShareNeed more help on this topic? Find More Posts by Matir 09-12-2005, 04:26 PM #15 cyberpunx LQ Newbie Registered: Jun 2005 Location: Sweden Distribution: debian Posts: 10 Original Poster Rep: well maybe...just so i get In most cases you do not need to use a special log rotation program to rotate your logs (standard logrotate setup should be good enough for most anything).

That is as i said apparently the problem/bug or whatever it is. In the actual files these are single lines): Oct 19 13:08:19 hostname postfix/cleanup[6560]: E366374E63: to=, relay=none, delay=1, status=bounced (No recipients specified) Since I didn't want to come up with a regular yes i know about the log permissions but i raised now just to see if they made a difference, which they did not. https://bugzilla.redhat.com/show_bug.cgi?id=1062147 We just sit around hoping one will come.

You will see both System Events and Security Events emails. Matir View Public Profile View LQ Blog View Review Entries View HCL Entries View LQ Wiki Contributions Visit Matir's homepage! The ideal solution should be backwards compatible with the logrotate configuration files, which are supplied by many packages. 4. I have just heard about logwatch.

By default it runs every hour. LinuxQuestions.org > Forums > Linux Forums > Linux - Software logcheck does not read logfiles! The result I came up with looks like this: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+: [[:print]]+ \(No recipients specified\) After I added this line to my custom patterns logcheck stopped bothering Find More Posts by Matir 09-06-2005, 04:28 PM #3 cyberpunx LQ Newbie Registered: Jun 2005 Location: Sweden Distribution: debian Posts: 10 Original Poster Rep: hi!

Articles and comments are the property of their respective posters. Check This Out Details: Could not run logtail or save output Check temporary directory: /tmp/logcheck.hJiXJf declare -x HOME="/var/lib/logcheck" declare -x LANG="en_US" declare -x LANGUAGE="en_NL:en_US:en_GB:en" declare -x LOGNAME="logcheck" declare -x MAILTO="root" declare -x OLDPWD declare Having a problem installing a new program? It comes with a poorly designed syslog.conf.

Any ideas on how to get the logging to /var/log/mail.log? -- th0re [ Parent | Reply to this comment ] # Re: Logging the right way Posted by jeld (24.39.xx.xx) on What can we do? That is if you see a message and you know that it is not important, filter it out." Nothing is perfect. Source Log entries produced by syslog-ng (and by sysklogd and by some other logger daemons) all start more or less the same.

I have (taken from this article) amongst other things source kernel { file("/proc/kmsg" log_prefix("kernel: ")); }; destination kernel { file("/var/log/kernel.log"); }; log { source(kernel); destination(kernel); }; Syslog startup gives syntax errors Details: E: File could not be read: /var/log/auth.log E: File could not be read: /var/log/critical.log E: File could not be read: /var/log/cron.log E: File could not be read: /var/log/daemon.log E: File This is because I selected the following option in /usr/local/etc/logcheck/logcheck.conf: REPORTLEVEL="server" If you are using "workstation", you would add your file to the ignore.d.workstation directory.

But this doesn't seem to do anything.

Report a bug This report contains Public information Edit Everyone can see this information. I tried to run the program from the command line but as root ive been told that it cant be runned as root and as a user that i cant be Contact Us - Advertising Info - Rules - LQ Merchandise - Donations - Contributing Member - LQ Sitemap - Main Menu Linux Forum Android Forum Chrome OS Forum Search LQ And don't forget to read your man pages before changing configs.

Full text and rfc822 format available. Removing it from logcheck.logfiles has solved the problem. [ Parent | Reply to this comment ] # Re: Logging the right way Posted by Anonymous (68.173.xx.xx) on Fri 2 Dec 2005 For the System Event, I added this entry to /usr/local/etc/logcheck/ignore.d.server/local-postgres bacula-fd: Shutting down Bacula service: localhost-fd Notice that my System Event exceptions are specified in the ignore.d.server directory. have a peek here Luke [ Parent | Reply to this comment ] # Re: Logging the right way Posted by Anonymous (82.96.xx.xx) on Mon 14 Nov 2005 at 23:47 I might be mistaken but

martin f. ls -la shows the following permissions: $ls -la /var/log total 8056 drwxr-xr-x. 18 root root 4096 Feb 4 18:53 . The other alternative is to chown the log and secure files to root.wheel and add logwatch to the wheel group. Since describing proper writing of regular expressions is a big job, I will give you two examples.

Here there be monsters! [ Parent | Reply to this comment ] # automatic entry classification in syslog-ng.conf Posted by Anonymous (195.202.xx.xx) on Tue 25 Oct 2005 at 09:17 Here is Right. Logcheck can scan a number of files. Instead it uses its own shell script. (I remedied this by relocating all the syslog managed log files to /var/log/syslog/ and replacing the shell script (/etc/cron.{daily,weekly}/sysklogd) with a wild card logrotate

A tool like logcheck should be part of the base install. A sample message looks like this: Oct 21 11:05:24 hostname kernel: Shorewall:net2all:DROP:IN=eth0 OUT= MAC=00:06:5b:0f:3e:ba:00:0e:38:57:d1:80:08:00 SRC=[Source IP] DST=[My IP] LEN=1067 TOS=0x00 PREC=0x00 TTL=114 ID=11979 PROTO=UDP SPT=50606 DPT=80 LEN=1047 Now, if the packet You can train logcheck to ignore these items. We can change that. # chgrp logcheck /var/log/auth.log /var/log/maillog # chmod g+r /var/log/auth.log # ls -l /var/log/messages /var/log/auth.log /var/log/maillog -rw-r----- 1 root logcheck 6564 Nov 28 21:13 /var/log/auth.log -rw-r----- 1 root

The third alternate is to chmod the files to 604. Its OK, I was scared too the first time around. Reported by: Jochem Date: Sun, 13 Aug 2006 20:18:48 UTC Severity: normal Tags: moreinfo Found in version logcheck/1.2.39 Fixed in version logcheck/1.2.49 Done: [email protected] (martin f. Matir View Public Profile View LQ Blog View Review Entries View HCL Entries View LQ Wiki Contributions Visit Matir's homepage!

Files: 4dee00c7b6600e1105adc38400e3406b 811 admin optional logcheck_1.2.49.dsc b631fd6dc60daf657e298b175f2640f3 124627 admin optional logcheck_1.2.49.tar.gz ed6514d83231b91af4f340081177ff90 55150 admin optional logcheck_1.2.49_all.deb 2a7030b3970d3da536095cc2d636b13f 80052 admin optional logcheck-database_1.2.49_all.deb 50c5b610c249337275b769ce8b8d4db9 37826 admin optional logtail_1.2.49_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG If you followed my lead and didn't change the default report level, the patterns used will be in /etc/logcheck/ignore.d.server. declare -x HOME="/var/lib/logcheck" declare -x LANG="en_AU.UTF-8" declare -x LOGNAME="logcheck" declare -x MAILTO="root" declare -x OLDPWD declare -x PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" declare -x PWD="/var/lib/logcheck" declare -x SHELL="/bin/sh" declare -x SHLVL="2" declare -x USER="logcheck" declare