Bug 128617 - logwatch config results in some logs not being watched
Summary: logwatch config results in some logs not being watched
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch   
(Show other bugs)
Version: rawhide
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Ivana Varekova
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-07-27 08:56 UTC by Allen Kistler
Modified: 2007-11-30 22:10 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-06-27 13:24:31 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description Allen Kistler 2004-07-27 08:56:14 UTC
Description of problem:
logwatch.conf is configured not to search archives by default.  In
fact the comments read:

# This usually will not do much if your range is set to just
# 'Yesterday' or 'Today'...

But the comment is not correct.
The setting does much on days when the logs get rotated (weekly).

Version-Release number of selected component (if applicable):
logwatch-5.1-4

How reproducible:
Always

Steps to Reproduce:
1. 4am Day 1: logwatch runs to process logs from Day 0 (yesterday)
2. 4am Day 1: logrotate rotates logfile to logfile.1, etc.
3. 4am Day 2: logwatch runs to process logs from Day 1 (yesterday)

Actual Results:
Anything before 4am on Day 1 isn't watched

Expected Results:
Logwatch should report on all log entries produced "yesterday."

Additional info:
I had an intrusion attempt that logwatch didn't report from
/var/log/secure because the attempt occured at 1:30am.  I began to
wonder why logwatch didn't report it.  (Nevertheless, I don't consider
this bug a security bug.)

Note that I am only recommending "Archives = Yes" in the default
config.  I am not recommending "Range = All" even slightly.

All RH and FC releases prior to FC3-test1 should be affected as well.

Comment 1 Ivana Varekova 2005-06-27 13:24:31 UTC
This bug is fixed in the current fc version (logwatch-6.1.2-1).


Note You need to log in before you can comment on or make changes to this bug.