Bug 31069 - /usr/bin/logcheck.sh not marked as a config file
/usr/bin/logcheck.sh not marked as a config file
Status: CLOSED RAWHIDE
Product: Red Hat Powertools
Classification: Retired
Component: logcheck (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Powers
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-03-08 09:56 EST by chris
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-05-16 06:52:04 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Change checklog() to LOGFILES, and fix problem with interrupted runs (5.33 KB, patch)
2001-03-09 07:18 EST, chris
no flags Details | Diff
updated patch (18.03 KB, patch)
2001-03-09 11:38 EST, Tim Powers
no flags Details | Diff
Patch to make logcheck only incorporate previous data older than 3 hours (893 bytes, patch)
2001-05-16 06:51 EDT, chris
no flags Details | Diff

  None (edit)
Description chris 2001-03-08 09:56:15 EST
The file /usr/bin/logcheck.sh needs to be edited by the user (to give the
names of the log files which should be checked).  However, it isn't marked
as a config file in the RPM, so those changes get overwritten whenever an
updated RPM is installed.
Comment 1 Tim Powers 2001-03-08 11:21:23 EST
Yep. That's an oversight. Instead of just marking it as config, I have split 
out the configuration parameters into a config file, 
/etc/logcheck/logcheck.conf. It should make it completely unnecessary 
to edit /usr/bin/logcheck .

I have uploaded the SRPM and RPM to this location if you are interested. 
If you try the updated package, please let me know what you think:

http://people.redhat.com/timp/RPMS/logcheck-1.1.1-5.i386.rpm
http://people.redhat.com/timp/SRPMS/logcheck-1.1.1-5.src.rpm

Tim


Comment 2 chris 2001-03-09 07:17:01 EST
Looks like a very good idea - thanks!  I've attached a patch against your new
version which does two things:

  - changes the checklog() function in logcheck.conf into a LOGFILES variable;
    this way the "internals" are hidden from the logcheck.conf file (without
    any loss of functionality, as far as I can see)

  - (sorry if this should have been a separate bug report...)  A while back I
    was finding that if logcheck got interrupted mid-run (by a shutdown, for
    example), its findings got left lying around in the files in $TMPDIR *and
    would not get picked up by the next run*.  This was pretty bad.  A few
    times interesting log entries went unnoticed by me because of this.  So I
    patched logcheck to create a unique temp directory under $TMPDIR for each
    run, and at the beginning of the run check to see if any such temp dirs had
    been left lying around, and incorporate their contents into the current run
    if so.  So I've included those changes in this patch as well.

Let me know what you think...

Thanks,
Chris.
Comment 3 chris 2001-03-09 07:18:24 EST
Created attachment 12172 [details]
Change checklog() to LOGFILES, and fix problem with interrupted runs
Comment 4 Tim Powers 2001-03-09 11:36:59 EST
I moved the new variables you created in your patch to the config file, but 
the use of mktemp is definitely a plus. I have merged the modified patch 
into my own. Thanks.

Tim
Comment 5 Tim Powers 2001-03-09 11:38:12 EST
Created attachment 12183 [details]
updated patch
Comment 6 chris 2001-03-09 12:14:06 EST
Great.  Thinking about it, though, I've been stupid.  The "rm -rf $REALTMPDIR"
followed by "mkdir $REALTMPDIR" completely defeats the point of using mktemp
(and isn't needed).  We should get rid of those two lines (lines 37 and 38 in
the new patched version of logcheck.sh).

Cheers,
Chris.
Comment 7 Tim Powers 2001-03-09 13:17:11 EST
Fixed.

Tim
Comment 8 Tim Powers 2001-04-19 16:14:49 EDT
The errata was released today. I am resolving this as errata.

Tim
Comment 9 chris 2001-04-27 10:13:16 EDT
Great, thanks.  Having thought further, I'm not sure I agree with your decision
to move *all* the new variables into the config file.  OLDTMPDIRS, REALTMPDIR,
CHECKFILE, CHECKOUTPUT and CHECKREPORT are "internal" variables for the private
use of the script, and the user really shouldn't be messing around with them, so
I don't think they should be in the config file.  Personally I'd put them back
into /usr/bin/logcheck.sh - but it's not a big deal.

Thanks again for incorporating all the changes.

Cheers,
Chris.
Comment 10 chris 2001-05-16 06:50:33 EDT
There's a bug in my code which incorporates contents of previous interrupted
runs: I've been finding when I have vast quantities of log messages, on a
heavily-loaded system, the previous run of logcheck hasn't finished when the
next one gets started.  But then the new run tries to incorporate the data from
the old run, which is still working on it.  Bad news.

Patch attached, which only incorporates old run data if it's more than 3 hours
old.  3 hours is a bit arbitrary: change it if you like, or it could even be set
as another option in the config file.

Cheers,
Chris.
Comment 11 chris 2001-05-16 06:51:58 EDT
Created attachment 18610 [details]
Patch to make logcheck only incorporate previous data older than 3 hours
Comment 12 Tim Powers 2001-05-16 09:58:23 EDT
I have incorporated the patch and put it in the tree here. I have uploaded it to
here for you:

http://people.redhat.com/timp/RPMS/logcheck-1.1.1-7.i386.rpm

and

http://people.redhat.com/timp/SRPMS/logcheck-1.1.1-7.src.rpm

I am resolving this as "rawhide"

Tim

Note You need to log in before you can comment on or make changes to this bug.