[FIXED]Logwatch hang on run...

Discussion in 'Linux Beginners' started by Taxick, May 31, 2023.

  1. Taxick

    Taxick Member

    Hi :)

    I have a problem with logwatch. When i run
    Code:
    logwatch
    it hangs... Nothing happens!

    I have also try to run this command:
    Code:
    logwatch --detail Med --mailto [email protected] --range today
    The same happing...

    If I run the "logwatch --debug med" the last output is:

    Code:
    export LOGWATCH_LOGFILE_LIST=''
    export LOGWATCH_ARCHIVE_LIST=''
    export LOGWATCH_LOGFILE_LIST=''
    export LOGWATCH_ARCHIVE_LIST=''
    export LOGWATCH_LOGFILE_LIST=''
    export LOGWATCH_ARCHIVE_LIST=''
    export LOGWATCH_LOGFILE_LIST=''
    export LOGWATCH_ARCHIVE_LIST=''
    export LOGWATCH_LOGFILE_LIST=''
    export LOGWATCH_ARCHIVE_LIST=''
    export LOGWATCH_LOGFILE_LIST=''
    export LOGWATCH_ARCHIVE_LIST=''
    export LOGWATCH_LOGFILE_LIST='/var/log/fail2ban.log '
    export LOGWATCH_ARCHIVE_LIST='/var/log/fail2ban.log.1 '
    Processing Service: fail2ban
     ( cat /var/cache/logwatch/logwatch.77TZOvT9/fail2ban | /usr/bin/perl /usr/share/logwatch/scripts/shared/onlycontains 'fail2ban([^-]|).*\[[0-9]+\]' | /usr/bin/perl /usr/share/logwatch/scripts/services/fail2ban) 2>&1
    
    
    logwatch.jpg

    And it doesn't get future...

    My /etc/logwatch/conf/logwatch.conf look like this

    Code:
    ########################################################
    # This was written and is maintained by:
    #    Kirk Bauer <[email protected]>
    #
    # Please send all comments, suggestions, bug reports,
    #    etc, to [email protected].
    #
    ########################################################
    
    # NOTE:
    #   All these options are the defaults if you run logwatch with no
    #   command-line arguments.  You can override all of these on the
    #   command-line.
    
    # You can put comments anywhere you want to.  They are effective for the
    # rest of the line.
    
    # this is in the format of <name> = <value>.  Whitespace at the beginning
    # and end of the lines is removed.  Whitespace before and after the = sign
    # is removed.  Everything is case *insensitive*.
    
    # Yes = True  = On  = 1
    # No  = False = Off = 0
    
    # Default Log Directory
    # All log-files are assumed to be given relative to this directory.
    LogDir = /var/log
    
    # You can override the default temp directory (/tmp) here
    TmpDir = /var/cache/logwatch
    
    #Output/Format Options
    #By default Logwatch will print to stdout in text with no encoding.
    #To make email Default set Output = mail to save to file set Output = file
    Output = mail
    #To make Html the default formatting Format = html
    Format = html
    #To make Base64 [aka uuencode] Encode = base64
    Encode = base64
    
    # Input Encoding
    # Logwatch assumes that the input is in UTF-8 encoding.  Defining CharEncoding
    # will use iconv to convert text to the UTF-8 encoding.  Set CharEncoding
    # to an empty string to use the default current locale.  If set to a valid
    # encoding, the input characters are converted to UTF-8, discarding any
    # illegal characters.  Valid encodings are as used by the iconv program,
    # and `iconv -l` lists valid character set encodings.
    # Setting CharEncoding to UTF-8 simply discards illegal UTF-8 characters.
    CharEncoding = "UTF-8"
    
    # Default person to mail reports to.  Can be a local account or a
    # complete email address.  Variable Output should be set to mail, or
    # --output mail should be passed on command line to enable mail feature.
    MailTo = [email protected]
    # WHen using option --multiemail, it is possible to specify a different
    # email recipient per host processed.  For example, to send the report
    # for hostname host1 to [email protected], use:
    #Mailto_host1 = [email protected]
    # Multiple recipients can be specified by separating them with a space.
    
    # Default person to mail reports from.  Can be a local account or a
    # complete email address.
    MailFrom = [email protected]
    
    # if set, the results will be saved in <filename> instead of mailed
    # or displayed. Be sure to set Output = file also.
    #Filename = /tmp/logwatch
    
    # Use archives?  If set to 'Yes', the archives of logfiles
    # (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will
    # be searched in addition to the /var/log/messages file.
    # This usually will not do much if your range is set to just
    # 'Yesterday' or 'Today'... it is probably best used with Range = All
    # By default this is now set to Yes. To turn off Archives uncomment this.
    #Archives = No
    
    # The default time range for the report...
    # The current choices are All, Today, Yesterday
    Range = yesterday
    
    # The default detail level for the report.
    # This can either be Low, Med, High or a number.
    # Low = 0
    # Med = 5
    # High = 10
    Detail = Med
    
    
    # The 'Service' option expects either the name of a filter
    # (in /usr/share/logwatch/scripts/services/*) or 'All'.
    # The default service(s) to report on.  This should be left as All for
    # most people.
    Service = All
    # You can also disable certain services (when specifying all)
    Service = "-zz-network"     # Prevents execution of zz-network service, which
                                # prints useful network configuration info.
    Service = "-zz-sys"         # Prevents execution of zz-sys service, which
                                # prints useful system configuration info.
    Service = "-eximstats"      # Prevents execution of eximstats service, which
                                # is a wrapper for the eximstats program.
    # If you only cared about FTP messages, you could use these 2 lines
    # instead of the above:
    #Service = ftpd-messages   # Processes ftpd messages in /var/log/messages
    #Service = ftpd-xferlog    # Processes ftpd messages in /var/log/xferlog
    # Maybe you only wanted reports on PAM messages, then you would use:
    #Service = pam_pwdb        # PAM_pwdb messages - usually quite a bit
    #Service = pam             # General PAM messages... usually not many
    
    # You can also choose to use the 'LogFile' option.  This will cause
    # logwatch to only analyze that one logfile.. for example:
    #LogFile = messages
    # will process /var/log/messages.  This will run all the filters that
    # process that logfile.  This option is probably not too useful to
    # most people.  Setting 'Service' to 'All' above analyzes all LogFiles
    # anyways...
    
    #
    # By default we assume that all Unix systems have sendmail or a sendmail-like MTA.
    # The mailer code prints a header with To: From: and Subject:.
    # At this point you can change the mailer to anything that can handle this output
    # stream.
    # TODO test variables in the mailer string to see if the To/From/Subject can be set
    # From here with out breaking anything. This would allow mail/mailx/nail etc..... -mgt
    
    mailer = "/usr/sbin/sendmail -t"
    
    #
    # With this option set to a comma separated list of hostnames, only log entries
    # for these particular hosts will be processed.  This can allow a log host to
    # process only its own logs, or Logwatch can be run once per a set of hosts
    # included in the logfiles.
    # Example: HostLimit = hosta,hostb,myhost
    #
    # The default is to report on all log entries, regardless of its source host.
    # Note that some logfiles do not include host information and will not be
    # influenced by this setting.
    #
    #HostLimit = myhost
    
    #
    # By default /var/adm is searched after LogDir.
    #AppendVarAdmToLogDirs = 1
    
    #
    # By default /var/log is to be searched after LogDir and /var/adm/ .
    #AppendVarLogToLogDirs = 1
    
    #
    # By default the current working directory is searched last after LogDir, /var/adm/, and /var/log/ .
    #AppendCWDToLogDirs = 1
    
    # vi: shiftwidth=3 tabstop=3 et
    I hope someone can help me.
     
    Last edited: May 31, 2023
  2. Taxick

    Taxick Member

    Hi Again.

    I don't know if the right way. But I deleted rkhunter.log and rkhunter.log.1 and then touch rkhunter.log

    Now it works..
     
    ahrasis likes this.

Share This Page