Pflogsumm issues

Discussion in 'HOWTO-Related Questions' started by Chumley, Jul 16, 2008.

  1. Chumley

    Chumley New Member

    Heya All,

    I have tried to implement pflogsumm on my CentOS 5 box. I have followed the how-to exactly. Now what happens is:

    1. Where there used to be 4 maillog files in /var/log (maillog, maillog.0, maillog.1, etc) there is only 1 huge maillog file.

    2. I get a mailing every day from the cron daemon that says:

    "/etc/cron.daily/logrotate:

    error: syslog:1 duplicate log entry for /var/log/messages"

    Logwatch is installed and running per the default for CentOS 5 (I didn't install it, it was installed with the OS).

    So it seems that logrotate is failing but I cannot find where or why. Here is my logrotate.conf:

    [[email protected] etc]# more logrotate.conf
    # see "man logrotate" for details
    # rotate log files weekly
    weekly

    # keep 4 weeks worth of backlogs
    rotate 4

    # create new (empty) log files after rotating old ones
    create

    # uncomment this if you want your log files compressed
    #compress

    # RPM packages drop log rotation information into this directory
    include /etc/logrotate.d

    # no packages own wtmp -- we'll rotate them here
    /var/log/wtmp {
    monthly
    minsize 1M
    create 0664 root utmp
    rotate 1
    }

    # system-specific logs may be also be configured here.
    /var/log/maillog {
    missingok
    daily
    rotate 7
    create
    compress
    start 0
    postrotate
    /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
    }

    I did no mods to the cron job for the logrotate. Here is my /usr/local/sbin/postfix_report.sh:

    [[email protected] etc]# more /usr/local/sbin/postfix_report.sh

    exit 0TH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    gunzip /var/log/maillog.0.gz

    pflogsumm /var/log/maillog.0 | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@<mydomain>.net" -I"To:
    systems@<mydomain>.net" -I"Received: from mail.<mydomain>.net ([192.168.1.11])" | sendmail systems@<mydomain>.net

    gzip /var/log/maillog.0
    exit 0


    The message from the cron seems no help at all but def something I did affected it as I didn't get it until the night I tried to implement pflogsumm...

    Any help would be greatly appreciated! I will prvide any other info you might need.

    Regards,

    Chumley

    Edited: Removed my real domain before some crawler grabs my email for spam use :)
     
    Last edited: Jul 17, 2008
  2. falko

    falko Super Moderator ISPConfig Developer

    What's the output of
    Code:
    ls -la /etc/logrotate.d/
    ?
     
  3. Chumley

    Chumley New Member

    results

    Falko,

    Here is the output:

    [[email protected] ~]# ls -la /etc/logrotate.d/
    total 176
    drwxr-xr-x 2 root root 4096 Jun 18 16:21 .
    drwxr-xr-x 96 root root 12288 Jul 16 04:05 ..
    -rw-r--r-- 1 root root 144 Jan 6 2007 acpid
    -rw-r--r-- 1 root root 99 Dec 31 2007 amavisd
    -rw-r--r-- 1 root root 161 Apr 16 13:10 clamav
    -rw-r--r-- 1 root root 288 Nov 11 2007 conman
    -rw-r--r-- 1 root root 71 Nov 29 2007 cups
    -rw-r--r-- 1 root root 237 Feb 6 2007 dovecot
    -rw-r--r-- 1 root root 92 Jun 9 14:53 freshclam
    -rw-r--r-- 1 root root 167 Nov 10 2007 httpd
    -rw-r--r-- 1 root root 571 Jan 7 2007 mgetty
    -rw-r----- 1 root named 163 Nov 10 2007 named
    -rw-r--r-- 1 root root 228 Apr 11 16:46 OEM.syslog.OEM
    -rw-r--r-- 1 root root 136 Mar 14 2007 ppp
    -rw-r--r-- 1 root root 212 Oct 6 2007 proftpd
    -rw-r--r-- 1 root root 323 Jan 6 2007 psacct
    -rw-r--r-- 1 root root 61 Nov 10 2007 rpm
    -rw-r--r-- 1 root root 232 Dec 10 2007 samba
    -rw-r--r-- 1 root root 68 Jun 13 2007 sa-update
    -rw-r--r-- 1 root root 121 Mar 14 2007 setroubleshoot
    -rw-r--r-- 1 root root 154 Dec 18 2007 snmpd
    -rw-r--r-- 1 root root 543 Apr 11 2007 squid
    -rw-r--r-- 1 root root 211 Apr 11 16:46 syslog
    -rw-r--r-- 1 root root 48 Jan 6 2007 tux
    -rw-r--r-- 1 root root 89 Nov 10 2007 yum


    Thanks,

    Chum
     
  4. falko

    falko Super Moderator ISPConfig Developer

    What's in /etc/logrotate.d/syslog?
     
  5. Chumley

    Chumley New Member

    contents of /etc/logrotate.d/syslog

    /var/log/messages /var/log/secure /var/log/spooler /var/log/boot.log /var/log/cron {
    sharedscripts
    postrotate
    /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
    }



    Regards,

    Chum
     
  6. falko

    falko Super Moderator ISPConfig Developer

    Is /var/log/messages also mentioned in one of the other files?
     
  7. Chumley

    Chumley New Member

    Falko,

    It appears in the '/etc/logrotate.d/OEM.syslog.OEM' file. It has a line that was the foundation for the line in the '/etc/logrotate.d/syslog' file. I am thinking that the OEM one has to go. I will move it to a temp location and see what this evenings' cron jobs do. I believe (I actually did this quite some time ago but could not get back to it until now due to other pressing concerns) that I renamed the file from 'syslog' to 'OEM.syslog.OEM' because I wanted to save the OEM version of the file. I didn't realize that it would still be processed if left in that dir.

    Thanks for your assistance and I will let you know tomorrow if removing the OEM file fixes the issue.

    Regards,

    Chumley
     
  8. Ovidiu

    Ovidiu Active Member

    /etc/logrotate.d/rsyslog contains
    whats the most elegant way to solve this conflict?
     
  9. falko

    falko Super Moderator ISPConfig Developer

    What conflict?
     
  10. Ovidiu

    Ovidiu Active Member

    /etc/logrotate.d/rsyslog tries to rotate the mail.log and logrotate.conf tries the same according to the howto for pflogsum, so the resulting error is:

     
  11. falko

    falko Super Moderator ISPConfig Developer

    Remove the /var/log/mail.log line from /etc/logrotate.d/rsyslog and restart logrotate.
     
  12. Ovidiu

    Ovidiu Active Member

    that is fine now, but:

    where does formail come from?
     
  13. Ovidiu

    Ovidiu Active Member

    seems formmail is inside maildrop but we are using courier-maildrop:

    suggestions? I'd really like to use pflogsum
     
  14. falko

    falko Super Moderator ISPConfig Developer

    Replace the courier-maildrop package with the maildrop package.
     
  15. Ovidiu

    Ovidiu Active Member

    unfortunately that didn't help :-(

    have you got any more information on formail? all I find is http://linux.about.com/library/cmd/blcmdl1_formail.htm but why isn't it being found? what could I use instead of formail? any substitues to make that pflogsum compatible with ispcfg3 and debian lenny?
     
  16. Ovidiu

    Ovidiu Active Member

    besides this morning, the maillogs stopped :-( at least mail.log is stil empty besides me sending and receiving emails. All other logs, i.e. mail.warn or mail.error are fine :-( any hints?

    so I went back to courier-maildrop as that seems to be the only related change I made, besides taking out mail.log from /etc/logrotate.d/rsyslog

    ###edit###
    undid all steps listed in this thread, and mail.log starts logging again...
    I'd really love for someone to solve this puzzle of running mailgraph + pflogsum on Debian Lenny :)
     
    Last edited: May 11, 2009
  17. Ovidiu

    Ovidiu Active Member

    sorry to be a pain in the a** but I'd really like to get pflogsum working on Debian Lenny. Anyone here on these forums able to get it working?
     
  18. falko

    falko Super Moderator ISPConfig Developer

    formail is included in the procmail package. Did you install procmail?
     
  19. Ovidiu

    Ovidiu Active Member

    victory! thanks :) that was the last missing clue
     
  20. Ovidiu

    Ovidiu Active Member

    still not solved :-( if I enable pflogsumm and the logrotating as discussed in this whole thread, nothing gets ever again written to the mail.log, do you think its related to the permissions?

     

Share This Page