Navigation

Chumley · #1 16th July 2008, 22:30

Heya All,

I have tried to implement pflogsumm on my CentOS 5 box. I have followed the how-to exactly. Now what happens is:

1. Where there used to be 4 maillog files in /var/log (maillog, maillog.0, maillog.1, etc) there is only 1 huge maillog file.

2. I get a mailing every day from the cron daemon that says:

"/etc/cron.daily/logrotate:

error: syslog:1 duplicate log entry for /var/log/messages"

Logwatch is installed and running per the default for CentOS 5 (I didn't install it, it was installed with the OS).

So it seems that logrotate is failing but I cannot find where or why. Here is my logrotate.conf:

[root@mail etc]# more logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
minsize 1M
create 0664 root utmp
rotate 1
}

# system-specific logs may be also be configured here.
/var/log/maillog {
missingok
daily
rotate 7
create
compress
start 0
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

I did no mods to the cron job for the logrotate. Here is my /usr/local/sbin/postfix_report.sh:

[root@mail etc]# more /usr/local/sbin/postfix_report.sh

exit 0TH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
gunzip /var/log/maillog.0.gz

pflogsumm /var/log/maillog.0 | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@<mydomain>.net" -I"To:
systems@<mydomain>.net" -I"Received: from mail.<mydomain>.net ([192.168.1.11])" | sendmail systems@<mydomain>.net

gzip /var/log/maillog.0
exit 0

The message from the cron seems no help at all but def something I did affected it as I didn't get it until the night I tried to implement pflogsumm...

Any help would be greatly appreciated! I will prvide any other info you might need.

Regards,

Chumley

Edited: Removed my real domain before some crawler grabs my email for spam use

falko · #2 17th July 2008, 16:09

What's the output of

Code:

ls -la /etc/logrotate.d/

?

Chumley · #3 17th July 2008, 16:35

Falko,

Here is the output:

[root@mail ~]# ls -la /etc/logrotate.d/
total 176
drwxr-xr-x 2 root root 4096 Jun 18 16:21 .
drwxr-xr-x 96 root root 12288 Jul 16 04:05 ..
-rw-r--r-- 1 root root 144 Jan 6 2007 acpid
-rw-r--r-- 1 root root 99 Dec 31 2007 amavisd
-rw-r--r-- 1 root root 161 Apr 16 13:10 clamav
-rw-r--r-- 1 root root 288 Nov 11 2007 conman
-rw-r--r-- 1 root root 71 Nov 29 2007 cups
-rw-r--r-- 1 root root 237 Feb 6 2007 dovecot
-rw-r--r-- 1 root root 92 Jun 9 14:53 freshclam
-rw-r--r-- 1 root root 167 Nov 10 2007 httpd
-rw-r--r-- 1 root root 571 Jan 7 2007 mgetty
-rw-r----- 1 root named 163 Nov 10 2007 named
-rw-r--r-- 1 root root 228 Apr 11 16:46 OEM.syslog.OEM
-rw-r--r-- 1 root root 136 Mar 14 2007 ppp
-rw-r--r-- 1 root root 212 Oct 6 2007 proftpd
-rw-r--r-- 1 root root 323 Jan 6 2007 psacct
-rw-r--r-- 1 root root 61 Nov 10 2007 rpm
-rw-r--r-- 1 root root 232 Dec 10 2007 samba
-rw-r--r-- 1 root root 68 Jun 13 2007 sa-update
-rw-r--r-- 1 root root 121 Mar 14 2007 setroubleshoot
-rw-r--r-- 1 root root 154 Dec 18 2007 snmpd
-rw-r--r-- 1 root root 543 Apr 11 2007 squid
-rw-r--r-- 1 root root 211 Apr 11 16:46 syslog
-rw-r--r-- 1 root root 48 Jan 6 2007 tux
-rw-r--r-- 1 root root 89 Nov 10 2007 yum

Thanks,

Chum

falko · #4 18th July 2008, 14:24

What's in /etc/logrotate.d/syslog?

Chumley · #5 18th July 2008, 18:27

/var/log/messages /var/log/secure /var/log/spooler /var/log/boot.log /var/log/cron {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}

Regards,

Chum

falko · #6 19th July 2008, 22:26

Is /var/log/messages also mentioned in one of the other files?

Chumley · #7 22nd July 2008, 21:27

Falko,

It appears in the '/etc/logrotate.d/OEM.syslog.OEM' file. It has a line that was the foundation for the line in the '/etc/logrotate.d/syslog' file. I am thinking that the OEM one has to go. I will move it to a temp location and see what this evenings' cron jobs do. I believe (I actually did this quite some time ago but could not get back to it until now due to other pressing concerns) that I renamed the file from 'syslog' to 'OEM.syslog.OEM' because I wanted to save the OEM version of the file. I didn't realize that it would still be processed if left in that dir.

Thanks for your assistance and I will let you know tomorrow if removing the OEM file fixes the issue.

Regards,

Chumley

Ovidiu · #8 7th May 2009, 15:21

Quote:

h1550830:~# grep -R -i '/var/log/messages' /etc/logrotate.d/
/etc/logrotate.d/rsyslog:/var/log/messages

/etc/logrotate.d/rsyslog contains

Quote:

/var/log/syslog
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
invoke-rc.d rsyslog reload > /dev/null
endscript
}

/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 4
weekly
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
invoke-rc.d rsyslog reload > /dev/null
endscript
}

whats the most elegant way to solve this conflict?

falko · #9 8th May 2009, 01:22

What conflict?

Ovidiu · #10 8th May 2009, 08:22

/etc/logrotate.d/rsyslog tries to rotate the mail.log and logrotate.conf tries the same according to the howto for pflogsum, so the resulting error is:

Quote:

/etc/cron.daily/logrotate:
error: /etc/logrotate.conf:33 duplicate log entry for /var/log/mail.log
run-parts: /etc/cron.daily/logrotate exited with return code 1

Navigation

Facebook

News

Recent comments

Newsletter