Bug 31069

Summary: /usr/bin/logcheck.sh not marked as a config file
Product: [Retired] Red Hat Powertools Reporter: chris
Component: logcheckAssignee: Tim Powers <timp>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-05-16 10:52:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Description Flags
Change checklog() to LOGFILES, and fix problem with interrupted runs
updated patch
Patch to make logcheck only incorporate previous data older than 3 hours none

Description chris 2001-03-08 14:56:15 UTC
The file /usr/bin/logcheck.sh needs to be edited by the user (to give the
names of the log files which should be checked).  However, it isn't marked
as a config file in the RPM, so those changes get overwritten whenever an
updated RPM is installed.

Comment 1 Tim Powers 2001-03-08 16:21:23 UTC
Yep. That's an oversight. Instead of just marking it as config, I have split 
out the configuration parameters into a config file, 
/etc/logcheck/logcheck.conf. It should make it completely unnecessary 
to edit /usr/bin/logcheck .

I have uploaded the SRPM and RPM to this location if you are interested. 
If you try the updated package, please let me know what you think:



Comment 2 chris 2001-03-09 12:17:01 UTC
Looks like a very good idea - thanks!  I've attached a patch against your new
version which does two things:

  - changes the checklog() function in logcheck.conf into a LOGFILES variable;
    this way the "internals" are hidden from the logcheck.conf file (without
    any loss of functionality, as far as I can see)

  - (sorry if this should have been a separate bug report...)  A while back I
    was finding that if logcheck got interrupted mid-run (by a shutdown, for
    example), its findings got left lying around in the files in $TMPDIR *and
    would not get picked up by the next run*.  This was pretty bad.  A few
    times interesting log entries went unnoticed by me because of this.  So I
    patched logcheck to create a unique temp directory under $TMPDIR for each
    run, and at the beginning of the run check to see if any such temp dirs had
    been left lying around, and incorporate their contents into the current run
    if so.  So I've included those changes in this patch as well.

Let me know what you think...


Comment 3 chris 2001-03-09 12:18:24 UTC
Created attachment 12172 [details]
Change checklog() to LOGFILES, and fix problem with interrupted runs

Comment 4 Tim Powers 2001-03-09 16:36:59 UTC
I moved the new variables you created in your patch to the config file, but 
the use of mktemp is definitely a plus. I have merged the modified patch 
into my own. Thanks.


Comment 5 Tim Powers 2001-03-09 16:38:12 UTC
Created attachment 12183 [details]
updated patch

Comment 6 chris 2001-03-09 17:14:06 UTC
Great.  Thinking about it, though, I've been stupid.  The "rm -rf $REALTMPDIR"
followed by "mkdir $REALTMPDIR" completely defeats the point of using mktemp
(and isn't needed).  We should get rid of those two lines (lines 37 and 38 in
the new patched version of logcheck.sh).


Comment 7 Tim Powers 2001-03-09 18:17:11 UTC


Comment 8 Tim Powers 2001-04-19 20:14:49 UTC
The errata was released today. I am resolving this as errata.


Comment 9 chris 2001-04-27 14:13:16 UTC
Great, thanks.  Having thought further, I'm not sure I agree with your decision
to move *all* the new variables into the config file.  OLDTMPDIRS, REALTMPDIR,
CHECKFILE, CHECKOUTPUT and CHECKREPORT are "internal" variables for the private
use of the script, and the user really shouldn't be messing around with them, so
I don't think they should be in the config file.  Personally I'd put them back
into /usr/bin/logcheck.sh - but it's not a big deal.

Thanks again for incorporating all the changes.


Comment 10 chris 2001-05-16 10:50:33 UTC
There's a bug in my code which incorporates contents of previous interrupted
runs: I've been finding when I have vast quantities of log messages, on a
heavily-loaded system, the previous run of logcheck hasn't finished when the
next one gets started.  But then the new run tries to incorporate the data from
the old run, which is still working on it.  Bad news.

Patch attached, which only incorporates old run data if it's more than 3 hours
old.  3 hours is a bit arbitrary: change it if you like, or it could even be set
as another option in the config file.


Comment 11 chris 2001-05-16 10:51:58 UTC
Created attachment 18610 [details]
Patch to make logcheck only incorporate previous data older than 3 hours

Comment 12 Tim Powers 2001-05-16 13:58:23 UTC
I have incorporated the patch and put it in the tree here. I have uploaded it to
here for you:




I am resolving this as "rawhide"