Hi, --archives is the default, which solves most of the problems you describe. The only known problem that remains is support for alternative compression methods (gz and bzip2 are supported, but xz is not supported).
If you report bugs, please use reportbug, as the upstream version only makes it hard to know whether we talk about the same package version. Bye Willi Am 2015-07-20 um 05:29 schrieb Jane D: > Package: logwatch > Version: 7.4.1 > > SYMPTOM > Log statements for the first hours of yesterday are ignored and not > processed by logwatch. > > CAUSE > The configuration for syslog uses files /var/log/syslog and > /var/log/syslog.1. Because log rotation does not occur exactly at > midnight, the first portion of yesterday's log statements are in > syslog.2, and logwatch does not process this file. > > GET-AROUND FOR SYSLOG ONLY > sudo mkdir --parents /etc/logwatch/conf/logfiles; sudo echo "LogFile = > syslog.2" | sudo tee /etc/logwatch/conf/logfiles/syslog.conf >> /dev/null > > > BIGGER PROBLEM 1 > The way of locating logs does not take in account the logrotate rotate > directive or the period of which logs are rotated. logwatch would need > to scan every log until a too old modification date is found. > Since logs can be rotated when reaching a certain size, which can be > hundreds of times daily. Therefore, every index number up to > logrotate's rotate setting must be scanned. > Say a log has rotate 100 and is rotated every hour dues ot its size or > configuration. Logwatch would then need to examine file indexes up to > 48 (2 x 24 hours), ie. put 48 "LogFile= > …" statements in the log configuration file. The logwatch > architecture is lacking. > > > BIGGER PROBLEM 2 > The compressed extension is assumed to be .gz. Today, it is more > likely to be .xz but can be anything, really. Logwatch should examine > any file by stemming the original log filename, eg. look for syslog* > and test the result against common file compress methods. > > > BIGGER PROBLEM 3 > If logrotate delaycompress is used, syslog.2 will be compressed and > logwatch will not look in it. ie. every run would need the --archives > option, and this is not the default. > > > DATA > When are logs rotated? maybe 6:25 am > grep /etc/cron.daily /etc/crontab > 25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts > --report /etc/cron.daily ) > > Add a service that echoes all processed syslog lines > sudo mkdir --parents /etc/logwatch/conf/services > /etc/logwatch/scripts/services; echo -e "Title = \"All > syslog\"\nLogFile = syslog" | sudo tee > /etc/logwatch/conf/services/allsyslog.conf >/dev/null; Y="!"; echo -e > "#$Y/bin/bash -eu\ncat" | sudo tee > /etc/logwatch/scripts/services/allsyslog >/dev/null > > logwatch --service allsyslog | less > > delete the service > sudo rm /etc/logwatch/conf/services/allsyslog.conf > /etc/logwatch/scripts/services/allsyslog > -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
