Red Hat Bugzilla – Bug 31069
/usr/bin/logcheck.sh not marked as a config file
Last modified: 2008-05-01 11:37:59 EDT
The file /usr/bin/logcheck.sh needs to be edited by the user (to give the
names of the log files which should be checked). However, it isn't marked
as a config file in the RPM, so those changes get overwritten whenever an
updated RPM is installed.
Yep. That's an oversight. Instead of just marking it as config, I have split
out the configuration parameters into a config file,
/etc/logcheck/logcheck.conf. It should make it completely unnecessary
to edit /usr/bin/logcheck .
I have uploaded the SRPM and RPM to this location if you are interested.
If you try the updated package, please let me know what you think:
Looks like a very good idea - thanks! I've attached a patch against your new
version which does two things:
- changes the checklog() function in logcheck.conf into a LOGFILES variable;
this way the "internals" are hidden from the logcheck.conf file (without
any loss of functionality, as far as I can see)
- (sorry if this should have been a separate bug report...) A while back I
was finding that if logcheck got interrupted mid-run (by a shutdown, for
example), its findings got left lying around in the files in $TMPDIR *and
would not get picked up by the next run*. This was pretty bad. A few
times interesting log entries went unnoticed by me because of this. So I
patched logcheck to create a unique temp directory under $TMPDIR for each
run, and at the beginning of the run check to see if any such temp dirs had
been left lying around, and incorporate their contents into the current run
if so. So I've included those changes in this patch as well.
Let me know what you think...
Created attachment 12172 [details]
Change checklog() to LOGFILES, and fix problem with interrupted runs
I moved the new variables you created in your patch to the config file, but
the use of mktemp is definitely a plus. I have merged the modified patch
into my own. Thanks.
Created attachment 12183 [details]
Great. Thinking about it, though, I've been stupid. The "rm -rf $REALTMPDIR"
followed by "mkdir $REALTMPDIR" completely defeats the point of using mktemp
(and isn't needed). We should get rid of those two lines (lines 37 and 38 in
the new patched version of logcheck.sh).
The errata was released today. I am resolving this as errata.
Great, thanks. Having thought further, I'm not sure I agree with your decision
to move *all* the new variables into the config file. OLDTMPDIRS, REALTMPDIR,
CHECKFILE, CHECKOUTPUT and CHECKREPORT are "internal" variables for the private
use of the script, and the user really shouldn't be messing around with them, so
I don't think they should be in the config file. Personally I'd put them back
into /usr/bin/logcheck.sh - but it's not a big deal.
Thanks again for incorporating all the changes.
There's a bug in my code which incorporates contents of previous interrupted
runs: I've been finding when I have vast quantities of log messages, on a
heavily-loaded system, the previous run of logcheck hasn't finished when the
next one gets started. But then the new run tries to incorporate the data from
the old run, which is still working on it. Bad news.
Patch attached, which only incorporates old run data if it's more than 3 hours
old. 3 hours is a bit arbitrary: change it if you like, or it could even be set
as another option in the config file.
Created attachment 18610 [details]
Patch to make logcheck only incorporate previous data older than 3 hours
I have incorporated the patch and put it in the tree here. I have uploaded it to
here for you:
I am resolving this as "rawhide"