Logwatch file shows last upgrade to the code was 2007. The unmatched entries are killing me in the reports. I figure there must be a newer utility centos has in the repo but I cannot find one.
Is logwatch the only one that is included?
thanks
On 04/07/2012 10:09 AM, Bob Hoffman wrote:
Logwatch file shows last upgrade to the code was 2007. The unmatched entries are killing me in the reports. I figure there must be a newer utility centos has in the repo but I cannot find one.
Is logwatch the only one that is included?
thanks _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Have you tried editing the files in
/usr/share/logwatch/default.conf/services/
or
/usr/share/logwatch/default.conf/ignore.conf
?
On 4/7/2012 3:55 PM, Mail Lists wrote:
On 04/07/2012 10:09 AM, Bob Hoffman wrote:
Logwatch file shows last upgrade to the code was 2007. The unmatched entries are killing me in the reports. I figure there must be a newer utility centos has in the repo but I cannot find one.
Is logwatch the only one that is included?
thanks _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Have you tried editing the files in
/usr/share/logwatch/default.conf/services/
or
/usr/share/logwatch/default.conf/ignore.conf
?
Using customizations to logwatch helps greatly with unmatched entries. I was spending too much time looking through the logwatch email due to unmatched entries that I did not need to see. So, I used customizations to eliminate or consolidate into one line the unmatched entries.
Customizations are placed in /etc/logwatch under the appropriate directory (e.g. conf or scripts). Logwatch will use both the default and the custom configurations. Settings in the custom file override default settings. A custom script will be executed in place of the default (standard) script.
For customizations, I included one custom setting to direct logwatch to ignore entries from specific hosts. I created a new configuration file in /etc/logwatch/conf/logfiles for the service (dovecot.conf in my case), adding the one setting I needed ($dovecot_ignore_host in my case.)
For scripts, I copied the default script from /usr/share/logwatch/scripts/services (dovecot in my case) into the /etc/logwatch/scripts/services directory, then modified it to meet my requirements. (I added elsif clauses to check for the unmatched entries and handle them as needed.)
Also, updates to logwatch do not remove my custom changes.
It took a couple of hours for me to get it working.
Have you tried editing the files in
/usr/share/logwatch/default.conf/services/
or
/usr/share/logwatch/default.conf/ignore.conf
?
Obvisouly not:) And I hope not either... Facilities are provided just for this in /etc/logwatch.
The location you refer to will get over written on an update...
On 4/7/2012 7:49 PM, Joseph L. Casale wrote:
Have you tried editing the files in
/usr/share/logwatch/default.conf/services/
or
/usr/share/logwatch/default.conf/ignore.conf
?
Obvisouly not:) And I hope not either... Facilities are provided just for this in /etc/logwatch.
The location you refer to will get over written on an update... _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Yes, this is my concern. I have been putting together extensive step by step notes and how tos for everything I am doing. I hope soon to be able to put this in an easy to use format or book so others starting from scratch do not take weeks or months to do it..or worse, leave hacker openings.
In this regard, the logwatch unmatched are a little much (the imap disconnect, some rbl_client stuff). I thought of going through some walkthrough in changing it, but that seems a bit overboard to help a new person out...but still on the board.
I just assumed there was something newer out there. 2007 was the last release notes for the version installed on centos. There is a newer version out there, but that would be off of the base repo and not sure if I want to go that route in the how-to.
I think it is important to write all this stuff out for others like me. I literally spent a month trying to bond and bridge my single server into virtual machines. Something was causing a timeout/arp something or another and one VM would always disappear. A whole month. hours a day. Then I found out that there is a LONG standing bug in rhel and fedora that specifically deals with two internal eths bonded together going to a bridge in the same computer, with libvirtd..... :(
so, a month wasted. Yikes. Having that little bit of knowledge in a how-to manual could save someone the trials and pain I went through. (although, on the plus side, I REALLY know alot about bridge and bonds inside the server now..lol)
I will take a look and try to see if it will be easy to change the postfix and dovecot. More than likely I will just tell them what it is and 'good luck' at figuring it out..lol
So, thanks for the input. I will stick with logwatch and give it a go.
bob
I just assumed there was something newer out there. 2007 was the last release notes for the version installed on centos. There is a newer version out there, but that would be off of the base repo and not sure if I want to go that route in the how-to.
Dates aren't always a good judge of package quality. In the case of of this one, there really hasn't been a need to update it, as it just works. I assume some scripts have undergone changes though...
I will take a look and try to see if it will be easy to change the postfix and dovecot. More than likely I will just tell them what it is and 'good luck' at figuring it out..lol
Only ignore what you encounter and deduce to be not important. Thats the premise on which this works, known bad _or_ unknown items are presented to you for you decide what to do.
So, thanks for the input. I will stick with logwatch and give it a go.
Its really not that complicated, logwatch is pretty good at what it does. Post back with more questions if they arise...
jlc
On 4/7/2012 9:37 PM, Joseph L. Casale wrote:
I will take a look and try to see if it will be easy to change the postfix and dovecot. More than likely I will just tell them what it is and 'good luck' at figuring it out..lol
Only ignore what you encounter and deduce to be not important. Thats the premise on which this works, known bad _or_ unknown items are presented to you for you decide what to do.
So, thanks for the input. I will stick with logwatch and give it a go.
Its really not that complicated, logwatch is pretty good at what it does. Post back with more questions if they arise...
Well. not sure about adding 7.4 yet, but I did go here http://logreporters.sourceforge.net/ I added the postfix and postfix.conf files in their proper /etc/logwatch folders.
7.4, due to licensing, has taken away the awesome postfix reporting that is in 7.3. The files located at the above location will bring it all back..and then some..lol
might try 7.4 out though.
Am 08.04.2012 03:37, schrieb Joseph L. Casale:
I just assumed there was something newer out there. 2007 was the last release notes for the version installed on centos. There is a newer version out there, but that would be off of the base repo and not sure if I want to go that route in the how-to.
Dates aren't always a good judge of package quality. In the case of of this one, there really hasn't been a need to update it, as it just works. I assume some scripts have undergone changes though...
The scripts are exactly the point. The most frequent reason for a lot of unmatched entries showing up is that the corresponding logwatch script is out of date wrt the program whose log is being watched. Program maintainers tend to change the wording of messages on a whim, and the logwatch scripts need to be updated to keep up with them. So yes, there is a constant need to update logwatch, specifically its scripts.
On Thu, 12 Apr 2012 12:13:14 +0200, Tilman Schmidt t.schmidt@phoenixsoftware.de said:
T> The most frequent reason for a lot of unmatched entries showing up is T> that the corresponding logwatch script is out of date wrt the program T> whose log is being watched. Program maintainers tend to change the T> wording of messages on a whim, and the logwatch scripts need to be T> updated to keep up with them. So yes, there is a constant need to update T> logwatch, specifically its scripts.
I found the "checksyslog" setup easier to understand and modify. http://www.hcst.net/~vogelke/src/logfiles/ has some examples.
On 4/13/2012 2:23 PM, Karl Vogel wrote:
On Thu, 12 Apr 2012 12:13:14 +0200, Tilman Schmidtt.schmidt@phoenixsoftware.de said:
T> The most frequent reason for a lot of unmatched entries showing up is T> that the corresponding logwatch script is out of date wrt the program T> whose log is being watched. Program maintainers tend to change the T> wording of messages on a whim, and the logwatch scripts need to be T> updated to keep up with them. So yes, there is a constant need to update T> logwatch, specifically its scripts.
I found the "checksyslog" setup easier to understand and modify. http://www.hcst.net/~vogelke/src/logfiles/ has some examples.
I was trying to stay with the base centos repo and only grab a few programs off of other repos (like phpymyadmin).
Unfortunately, I think it is better, now that I have played with them, to skip the repos and go straight to the source for some thing. phpmyadmin rpm from the source company works 'correctly' over the epel rpm, especially the log in feature...and has 4 less programs needed to run. Logwatch has a new version that is obviously not going to be available and I will probably skip to the source company for that much newer version too.
as part of the tutorial I was stressing the importance of staying with the rhel/centos repo builds so you get the backports and proper updates/upgrades...but in these two cases (and a few other addons) I am rethinking that.
the new postfix logwatch alone is worth upgrading for...lol. I actually added it as an overwrite in the /etc/logwatch folders for now.
On 13.4.2012 23:39, Bob Hoffman wrote:
I was trying to stay with the base centos repo and only grab a few programs off of other repos (like phpymyadmin).
Unfortunately, I think it is better, now that I have played with them, to skip the repos and go straight to the source for some thing. phpmyadmin rpm from the source company works 'correctly' over the epel
epel has phpMyAdmin3-3.4.9-1.el5 and there is phpMyAdmin3-3.5.0-1.el5 in testing. https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5554/phpMyAdmin3-3....
rpm, especially the log in feature...and has 4 less programs needed to run.
I don't understand what you talking about.
On 4/13/2012 5:57 PM, Markus Falb wrote:
On 13.4.2012 23:39, Bob Hoffman wrote:
I was trying to stay with the base centos repo and only grab a few programs off of other repos (like phpymyadmin).
Unfortunately, I think it is better, now that I have played with them, to skip the repos and go straight to the source for some thing. phpmyadmin rpm from the source company works 'correctly' over the epel
epel has phpMyAdmin3-3.4.9-1.el5 and there is phpMyAdmin3-3.5.0-1.el5 in testing. https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5554/phpMyAdmin3-3....
rpm, especially the log in feature...and has 4 less programs needed to run.
I don't understand what you talking about.
epel is 3.4.9 http://dl.fedoraproject.org/pub/epel/6/x86_64/repoview/phpMyAdmin.html http://dl.fedoraproject.org/pub/epel/6/x86_64/phpMyAdmin-3.4.9-1.el6.noarch....
epel rpm required 3 programs to be installed, the download from phpmyadmin does not require them... libmcrypt, mcrypt, php-gettext
the epel version has some weird htaccess lookalike pop up to log in and the download from the site uses the very nice normal log in screen of phpmyadmin....so this way I do not get double htaccess prompts, one for my protected directory and one for logging in.
the website has 3.5 up.
so when I looked at it all, I feel the website download is easy to install and update and works fine as a php program. Felt it might be okay to leave the repos behind on that one. That phpgettext (I assume it is that) causing that pop up is rather annoying too.
its really easy to deploy either way. great program.
On 14.4.2012 00:28, Bob Hoffman wrote:
On 4/13/2012 5:57 PM, Markus Falb wrote:
On 13.4.2012 23:39, Bob Hoffman wrote:
I was trying to stay with the base centos repo and only grab a few programs off of other repos (like phpymyadmin).
Unfortunately, I think it is better, now that I have played with them, to skip the repos and go straight to the source for some thing. phpmyadmin rpm from the source company works 'correctly' over the epel
epel has phpMyAdmin3-3.4.9-1.el5 and there is phpMyAdmin3-3.5.0-1.el5 in testing. https://admin.fedoraproject.org/updates/FEDORA-EPEL-2012-5554/phpMyAdmin3-3....
rpm, especially the log in feature...and has 4 less programs needed to run.
I don't understand what you talking about.
epel is 3.4.9
I wrote that. I also wrote that it will be at 3.5.0 in a few days.
epel rpm required 3 programs to be installed, the download from phpmyadmin does not require them... libmcrypt, mcrypt, php-gettext
fair enough. Given that you are not using cookie authentication and living in a english-reading-only universum you might skip these requirements.
the epel version has some weird htaccess lookalike pop up to log in and the download from the site uses the very nice normal log in screen of phpmyadmin....so this way I do not get double htaccess prompts, one for my protected directory and one for logging in.
$ rpm -qc phpMyAdmin3 /etc/httpd/conf.d/phpMyAdmin.conf /etc/phpMyAdmin/config.inc.php
configure it for your needs. The rpm config ships with http auth enabled, the tarballs config.sample.inc.php from upstream with cookie auth. It's really only a matter of configuration.
Ah, and now that you are using cookie auth (At least I believe you does) then I would advise installing the mcrypt dependencies :-) Please have a look at the documentation about that.
On 4/7/2012 7:49 PM, Joseph L. Casale wrote:
Have you tried editing the files in
/usr/share/logwatch/default.conf/services/
or
/usr/share/logwatch/default.conf/ignore.conf
?
Obvisouly not:) And I hope not either... Facilities are provided just for this in /etc/logwatch.
The location you refer to will get over written on an update... _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
the previous mail says it all, that upgrade worked. And by putting them where you said i can keep redhats preferred version
here is what the newer postfix logwatch looks like.. (rather long as I get a LOT of spam rejected..lol) http://www.politicalgateway.com/postfix.txt
a big upgrade over the older version with 5xx rejects and greylisting stats.
-
Bob Hoffman -
Joseph L. Casale -
Mail Lists -
Markus Falb -
Michael Davis -
Tilman Schmidt -
vogelke+centos@pobox.com