Bug 31069 - /usr/bin/logcheck.sh not marked as a config file
Summary: /usr/bin/logcheck.sh not marked as a config file
Alias: None
Product: Red Hat Powertools
Classification: Retired
Component: logcheck
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Tim Powers
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2001-03-08 14:56 UTC by chris
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2001-05-16 10:52:04 UTC

Attachments (Terms of Use)
Change checklog() to LOGFILES, and fix problem with interrupted runs (5.33 KB, patch)
2001-03-09 12:18 UTC, chris
no flags Details | Diff
updated patch (18.03 KB, patch)
2001-03-09 16:38 UTC, Tim Powers
no flags Details | Diff
Patch to make logcheck only incorporate previous data older than 3 hours (893 bytes, patch)
2001-05-16 10:51 UTC, chris
no flags Details | Diff

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2001:031 normal SHIPPED_LIVE New logcheck packages are available 2001-03-13 05:00:00 UTC

Description chris 2001-03-08 14:56:15 UTC
The file /usr/bin/logcheck.sh needs to be edited by the user (to give the
names of the log files which should be checked).  However, it isn't marked
as a config file in the RPM, so those changes get overwritten whenever an
updated RPM is installed.

Comment 1 Tim Powers 2001-03-08 16:21:23 UTC
Yep. That's an oversight. Instead of just marking it as config, I have split 
out the configuration parameters into a config file, 
/etc/logcheck/logcheck.conf. It should make it completely unnecessary 
to edit /usr/bin/logcheck .

I have uploaded the SRPM and RPM to this location if you are interested. 
If you try the updated package, please let me know what you think:



Comment 2 chris 2001-03-09 12:17:01 UTC
Looks like a very good idea - thanks!  I've attached a patch against your new
version which does two things:

  - changes the checklog() function in logcheck.conf into a LOGFILES variable;
    this way the "internals" are hidden from the logcheck.conf file (without
    any loss of functionality, as far as I can see)

  - (sorry if this should have been a separate bug report...)  A while back I
    was finding that if logcheck got interrupted mid-run (by a shutdown, for
    example), its findings got left lying around in the files in $TMPDIR *and
    would not get picked up by the next run*.  This was pretty bad.  A few
    times interesting log entries went unnoticed by me because of this.  So I
    patched logcheck to create a unique temp directory under $TMPDIR for each
    run, and at the beginning of the run check to see if any such temp dirs had
    been left lying around, and incorporate their contents into the current run
    if so.  So I've included those changes in this patch as well.

Let me know what you think...


Comment 3 chris 2001-03-09 12:18:24 UTC
Created attachment 12172 [details]
Change checklog() to LOGFILES, and fix problem with interrupted runs

Comment 4 Tim Powers 2001-03-09 16:36:59 UTC
I moved the new variables you created in your patch to the config file, but 
the use of mktemp is definitely a plus. I have merged the modified patch 
into my own. Thanks.


Comment 5 Tim Powers 2001-03-09 16:38:12 UTC
Created attachment 12183 [details]
updated patch

Comment 6 chris 2001-03-09 17:14:06 UTC
Great.  Thinking about it, though, I've been stupid.  The "rm -rf $REALTMPDIR"
followed by "mkdir $REALTMPDIR" completely defeats the point of using mktemp
(and isn't needed).  We should get rid of those two lines (lines 37 and 38 in
the new patched version of logcheck.sh).


Comment 7 Tim Powers 2001-03-09 18:17:11 UTC


Comment 8 Tim Powers 2001-04-19 20:14:49 UTC
The errata was released today. I am resolving this as errata.


Comment 9 chris 2001-04-27 14:13:16 UTC
Great, thanks.  Having thought further, I'm not sure I agree with your decision
to move *all* the new variables into the config file.  OLDTMPDIRS, REALTMPDIR,
CHECKFILE, CHECKOUTPUT and CHECKREPORT are "internal" variables for the private
use of the script, and the user really shouldn't be messing around with them, so
I don't think they should be in the config file.  Personally I'd put them back
into /usr/bin/logcheck.sh - but it's not a big deal.

Thanks again for incorporating all the changes.


Comment 10 chris 2001-05-16 10:50:33 UTC
There's a bug in my code which incorporates contents of previous interrupted
runs: I've been finding when I have vast quantities of log messages, on a
heavily-loaded system, the previous run of logcheck hasn't finished when the
next one gets started.  But then the new run tries to incorporate the data from
the old run, which is still working on it.  Bad news.

Patch attached, which only incorporates old run data if it's more than 3 hours
old.  3 hours is a bit arbitrary: change it if you like, or it could even be set
as another option in the config file.


Comment 11 chris 2001-05-16 10:51:58 UTC
Created attachment 18610 [details]
Patch to make logcheck only incorporate previous data older than 3 hours

Comment 12 Tim Powers 2001-05-16 13:58:23 UTC
I have incorporated the patch and put it in the tree here. I have uploaded it to
here for you:




I am resolving this as "rawhide"


Note You need to log in before you can comment on or make changes to this bug.