Bug 128617 - logwatch config results in some logs not being watched
logwatch config results in some logs not being watched
Product: Fedora
Classification: Fedora
Component: logwatch (Show other bugs)
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Ivana Varekova
Depends On:
  Show dependency treegraph
Reported: 2004-07-27 04:56 EDT by Allen Kistler
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-06-27 09:24:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Allen Kistler 2004-07-27 04:56:14 EDT
Description of problem:
logwatch.conf is configured not to search archives by default.  In
fact the comments read:

# This usually will not do much if your range is set to just
# 'Yesterday' or 'Today'...

But the comment is not correct.
The setting does much on days when the logs get rotated (weekly).

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. 4am Day 1: logwatch runs to process logs from Day 0 (yesterday)
2. 4am Day 1: logrotate rotates logfile to logfile.1, etc.
3. 4am Day 2: logwatch runs to process logs from Day 1 (yesterday)

Actual Results:
Anything before 4am on Day 1 isn't watched

Expected Results:
Logwatch should report on all log entries produced "yesterday."

Additional info:
I had an intrusion attempt that logwatch didn't report from
/var/log/secure because the attempt occured at 1:30am.  I began to
wonder why logwatch didn't report it.  (Nevertheless, I don't consider
this bug a security bug.)

Note that I am only recommending "Archives = Yes" in the default
config.  I am not recommending "Range = All" even slightly.

All RH and FC releases prior to FC3-test1 should be affected as well.
Comment 1 Ivana Varekova 2005-06-27 09:24:31 EDT
This bug is fixed in the current fc version (logwatch-6.1.2-1).

Note You need to log in before you can comment on or make changes to this bug.