[CentOS] CentOS-6 - LogWatch

Tue Sep 15 14:28:47 UTC 2015
James B. Byrne <byrnejb at harte-lyne.ca>

On Mon, September 14, 2015 21:28, Always Learning wrote:
>
> On Mon, 2015-09-14 at 14:51 -0400, James B. Byrne wrote:
>
>> The Logwatch imapd service script distributed with CentOS-6 does not
>> generate anything when I run logwatch --service all on a cyrus-imapd
>> host.  Is this expected behaviour?  Is there a separate script for
>> cyrus-imapd or are their configuration options required to get the
>> existing script to work.
>
> 1. Check there is data in the log file(s).

Yes.  We have cyrus-imapd logging to /var/log/maillog.  This appears
to be the default setting as I can find no explicit reference to
maillog in either /etc/imapd.conf or /etc/cyrus.conf and none to imapd
in /etc/rsyslog.conf.

>
> 2. Ensure Logwatch has the correct location and names of your log
> files.
>
> Check:  /usr/share/logwatch/default.conf/logfiles/ - there should be a
> 'imapd' file there. I don't use imapd and there is no such file on my
> instances of C6.

I do not have one either.

yum provides /usr/share/logwatch/default.conf/logfiles/imapd.conf
Loaded plugins: etckeeper, fastestmirror, priorities, refresh-packagekit
Loading mirror speeds from cached hostfile
 * base: centos.mirror.rafal.ca
 * epel: mirror.steadfast.net
 * extras: less.cogeco.net
 * updates: mirror.netflash.net
No Matches found

The Logwatch related files that reference imapd are these:

find /usr/share/logwatch -type f | xargs grep -l imapd
/usr/share/logwatch/default.conf/services/imapd.conf
/usr/share/logwatch/default.conf/services/secure.conf
/usr/share/logwatch/scripts/services/secure
/usr/share/logwatch/scripts/services/cron
/usr/share/logwatch/scripts/services/courier
/usr/share/logwatch/scripts/services/imapd


Maillog is referenced in
/usr/share/logwatch/default.conf/services/imapd.conf:

cat /usr/share/logwatch/default.conf/services/imapd.conf
###########################################################################
#
------------------------------------------------------------------------
###########################################################################

# You can put comments anywhere you want to.  They are effective for the
# rest of the line.

# this is in the format of <name> = <value>.  Whitespace at the beginning
# and end of the lines is removed.  Whitespace before and after the =
sign
# is removed.  Everything is case *insensitive*.

# Yes = True  = On  = 1
# No  = False = Off = 0

Title = "IMAP"

# Which logfile group...
LogFile = maillog

# Only give lines pertaining to courier...
# I'm not sure if this is complete, especially for the new webmail
daemon in 0.44.1
#but you will get at least all currently supported logs
*OnlyService = (imapd|imapd-ssl|imapsd)

*RemoveHeaders =

# vi: shiftwidth=3 tabstop=3 et


The only executable(sic) script available in
/usr/share/logwatch/scripts/services/ referred to in
/usr/share/logwatch/default.conf/services/imapd.conf is imapd and that
script is specifically tailored to courier-imap.  Which is likely the
reason that it reports nothing.

Which brings me back to my original question.  Where can one find a
current Logwatch script for cyrus-imap log analysis?  The cyrus-imapd
specific logwatch script that I have found and have placed into
/etc/logwatch/scripts/services/imapd is old and has errors.  I can
probably fix the errors but my Perl skills are inadequate to do
anything more.

Does anyone know of a current Logwatch script for cyrus-imapd? And
where it can be obtained?


-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3