Heya All,

I have tried to implement pflogsumm on my CentOS 5 box. I have followed the how-to exactly. Now what happens is:

1. Where there used to be 4 maillog files in /var/log (maillog, maillog.0, maillog.1, etc) there is only 1 huge maillog file.

2. I get a mailing every day from the cron daemon that says:

"/etc/cron.daily/logrotate:

error: syslog:1 duplicate log entry for /var/log/messages"

Logwatch is installed and running per the default for CentOS 5 (I didn't install it, it was installed with the OS).

So it seems that logrotate is failing but I cannot find where or why. Here is my logrotate.conf:

[root@mail etc]# more logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
minsize 1M
create 0664 root utmp
rotate 1
}

# system-specific logs may be also be configured here.
/var/log/maillog {
missingok
daily
rotate 7
create
compress
start 0
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

I did no mods to the cron job for the logrotate. Here is my /usr/local/sbin/postfix_report.sh:

[root@mail etc]# more /usr/local/sbin/postfix_report.sh

exit 0TH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
gunzip /var/log/maillog.0.gz

pflogsumm /var/log/maillog.0 | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@<mydomain>.net" -I"To:
systems@<mydomain>.net" -I"Received: from mail.<mydomain>.net ([192.168.1.11])" | sendmail systems@<mydomain>.net

gzip /var/log/maillog.0
exit 0


The message from the cron seems no help at all but def something I did affected it as I didn't get it until the night I tried to implement pflogsumm...

Any help would be greatly appreciated! I will prvide any other info you might need.

Regards,

Chumley

Edited: Removed my real domain before some crawler grabs my email for spam use :)

What's the output of ls -la /etc/logrotate.d/?

Falko,

Here is the output:

[root@mail ~]# ls -la /etc/logrotate.d/
total 176
drwxr-xr-x 2 root root 4096 Jun 18 16:21 .
drwxr-xr-x 96 root root 12288 Jul 16 04:05 ..
-rw-r--r-- 1 root root 144 Jan 6 2007 acpid
-rw-r--r-- 1 root root 99 Dec 31 2007 amavisd
-rw-r--r-- 1 root root 161 Apr 16 13:10 clamav
-rw-r--r-- 1 root root 288 Nov 11 2007 conman
-rw-r--r-- 1 root root 71 Nov 29 2007 cups
-rw-r--r-- 1 root root 237 Feb 6 2007 dovecot
-rw-r--r-- 1 root root 92 Jun 9 14:53 freshclam
-rw-r--r-- 1 root root 167 Nov 10 2007 httpd
-rw-r--r-- 1 root root 571 Jan 7 2007 mgetty
-rw-r----- 1 root named 163 Nov 10 2007 named
-rw-r--r-- 1 root root 228 Apr 11 16:46 OEM.syslog.OEM
-rw-r--r-- 1 root root 136 Mar 14 2007 ppp
-rw-r--r-- 1 root root 212 Oct 6 2007 proftpd
-rw-r--r-- 1 root root 323 Jan 6 2007 psacct
-rw-r--r-- 1 root root 61 Nov 10 2007 rpm
-rw-r--r-- 1 root root 232 Dec 10 2007 samba
-rw-r--r-- 1 root root 68 Jun 13 2007 sa-update
-rw-r--r-- 1 root root 121 Mar 14 2007 setroubleshoot
-rw-r--r-- 1 root root 154 Dec 18 2007 snmpd
-rw-r--r-- 1 root root 543 Apr 11 2007 squid
-rw-r--r-- 1 root root 211 Apr 11 16:46 syslog
-rw-r--r-- 1 root root 48 Jan 6 2007 tux
-rw-r--r-- 1 root root 89 Nov 10 2007 yum


Thanks,

Chum

What's in /etc/logrotate.d/syslog?

/var/log/messages /var/log/secure /var/log/spooler /var/log/boot.log /var/log/cron {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}



Regards,

Chum

Is /var/log/messages also mentioned in one of the other files?

Falko,

It appears in the '/etc/logrotate.d/OEM.syslog.OEM' file. It has a line that was the foundation for the line in the '/etc/logrotate.d/syslog' file. I am thinking that the OEM one has to go. I will move it to a temp location and see what this evenings' cron jobs do. I believe (I actually did this quite some time ago but could not get back to it until now due to other pressing concerns) that I renamed the file from 'syslog' to 'OEM.syslog.OEM' because I wanted to save the OEM version of the file. I didn't realize that it would still be processed if left in that dir.

Thanks for your assistance and I will let you know tomorrow if removing the OEM file fixes the issue.

Regards,

Chumley

h1550830:~# grep -R -i '/var/log/messages' /etc/logrotate.d/
/etc/logrotate.d/rsyslog:/var/log/messages


/etc/logrotate.d/rsyslog contains
/var/log/syslog
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
invoke-rc.d rsyslog reload > /dev/null
endscript
}

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
invoke-rc.d rsyslog reload > /dev/null
endscript
}


whats the most elegant way to solve this conflict?

What conflict?

/etc/logrotate.d/rsyslog tries to rotate the mail.log and logrotate.conf tries the same according to the howto for pflogsum, so the resulting error is:

/etc/cron.daily/logrotate:
error: /etc/logrotate.conf:33 duplicate log entry for /var/log/mail.log
run-parts: /etc/cron.daily/logrotate exited with return code 1

Remove the /var/log/mail.log line from /etc/logrotate.d/rsyslog and restart logrotate.

that is fine now, but:

/usr/local/sbin/postfix_report.sh
/usr/local/sbin/postfix_report.sh: line 5: formail: command not found
h1550830:/var/www/clients/client1/web9/web/wp-content#


where does formail come from?

seems formmail is inside maildrop but we are using courier-maildrop:

h1550830:~/.spamassassin# apt-cache search formail
maildrop - mail delivery agent with filtering abilities
h1550830:~/.spamassassin# apt-get install maildrop
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
courier-maildrop
The following NEW packages will be installed:
maildrop
0 upgraded, 1 newly installed, 1 to remove and 0 not upgraded.
Need to get 364kB of archives.
After this operation, 1573kB disk space will be freed.
Do you want to continue [Y/n]? n
Abort.
h1550830:~/.spamassassin#


suggestions? I'd really like to use pflogsum

Replace the courier-maildrop package with the maildrop package.

unfortunately that didn't help :-(

h1550830:/var/lib/squirrelmail# apt-get install maildrop -u
Reading package lists... Done
Building dependency tree
Reading state information... Done
maildrop is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
h1550830:/var/lib/squirrelmail# /usr/local/sbin/postfix_report.sh
/usr/local/sbin/postfix_report.sh: line 5: formail: command not found
h1550830:/var/lib/squirrelmail#


have you got any more information on formail? all I find is http://linux.about.com/library/cmd/blcmdl1_formail.htm but why isn't it being found? what could I use instead of formail? any substitues to make that pflogsum compatible with ispcfg3 and debian lenny?

besides this morning, the maillogs stopped :-( at least mail.log is stil empty besides me sending and receiving emails. All other logs, i.e. mail.warn or mail.error are fine :-( any hints?

-rw-r--r-- 1 root adm 244 2009-05-11 07:00 mail.err
-rw-r--r-- 1 root adm 266713 2009-05-09 16:02 mail.err.1
-rw-r--r-- 1 root adm 20495 2009-05-03 06:25 mail.err.2.gz
-rw-r----- 1 root adm 1588025 2009-05-11 08:51 mail.info
-rw-r----- 1 root adm 9014581 2009-05-10 06:25 mail.info.1
-rw-r----- 1 root adm 64778 2009-05-03 06:25 mail.info.2.gz
-rw-r--r-- 1 root adm 0 2009-05-11 06:25 mail.log
-rw-r--r-- 1 root adm 31 2009-05-10 06:25 mail.log.0.gz
-rw-r--r-- 1 root adm 1283145 2009-05-03 06:25 mail.log.1
-rw-r--r-- 1 root adm 109691 2009-05-10 06:25 mail.log.1.gz
-rw-r--r-- 1 root adm 819659 2009-05-09 14:11 mail.log.2.gz
-rw-r--r-- 1 root adm 30418 2009-05-11 08:37 mail.warn
-rw-r--r-- 1 root adm 1028315 2009-05-10 06:24 mail.warn.1
-rw-r--r-- 1 root adm 49236 2009-05-03 06:25 mail.warn.2.gz


so I went back to courier-maildrop as that seems to be the only related change I made, besides taking out mail.log from /etc/logrotate.d/rsyslog

###edit###
undid all steps listed in this thread, and mail.log starts logging again...
I'd really love for someone to solve this puzzle of running mailgraph + pflogsum on Debian Lenny :-)

sorry to be a pain in the a** but I'd really like to get pflogsum working on Debian Lenny. Anyone here on these forums able to get it working?

formail is included in the procmail package. Did you install procmail?

victory! thanks :-) that was the last missing clue