Hi I have a problem with logwatch. When i run Code: logwatch it hangs... Nothing happens! I have also try to run this command: Code: logwatch --detail Med --mailto [email protected] --range today The same happing... If I run the "logwatch --debug med" the last output is: Code: export LOGWATCH_LOGFILE_LIST='' export LOGWATCH_ARCHIVE_LIST='' export LOGWATCH_LOGFILE_LIST='' export LOGWATCH_ARCHIVE_LIST='' export LOGWATCH_LOGFILE_LIST='' export LOGWATCH_ARCHIVE_LIST='' export LOGWATCH_LOGFILE_LIST='' export LOGWATCH_ARCHIVE_LIST='' export LOGWATCH_LOGFILE_LIST='' export LOGWATCH_ARCHIVE_LIST='' export LOGWATCH_LOGFILE_LIST='' export LOGWATCH_ARCHIVE_LIST='' export LOGWATCH_LOGFILE_LIST='/var/log/fail2ban.log ' export LOGWATCH_ARCHIVE_LIST='/var/log/fail2ban.log.1 ' Processing Service: fail2ban ( cat /var/cache/logwatch/logwatch.77TZOvT9/fail2ban | /usr/bin/perl /usr/share/logwatch/scripts/shared/onlycontains 'fail2ban([^-]|).*\[[0-9]+\]' | /usr/bin/perl /usr/share/logwatch/scripts/services/fail2ban) 2>&1 And it doesn't get future... My /etc/logwatch/conf/logwatch.conf look like this Code: ######################################################## # This was written and is maintained by: # Kirk Bauer <[email protected]> # # Please send all comments, suggestions, bug reports, # etc, to [email protected]. # ######################################################## # NOTE: # All these options are the defaults if you run logwatch with no # command-line arguments. You can override all of these on the # command-line. # You can put comments anywhere you want to. They are effective for the # rest of the line. # this is in the format of <name> = <value>. Whitespace at the beginning # and end of the lines is removed. Whitespace before and after the = sign # is removed. Everything is case *insensitive*. # Yes = True = On = 1 # No = False = Off = 0 # Default Log Directory # All log-files are assumed to be given relative to this directory. LogDir = /var/log # You can override the default temp directory (/tmp) here TmpDir = /var/cache/logwatch #Output/Format Options #By default Logwatch will print to stdout in text with no encoding. #To make email Default set Output = mail to save to file set Output = file Output = mail #To make Html the default formatting Format = html Format = html #To make Base64 [aka uuencode] Encode = base64 Encode = base64 # Input Encoding # Logwatch assumes that the input is in UTF-8 encoding. Defining CharEncoding # will use iconv to convert text to the UTF-8 encoding. Set CharEncoding # to an empty string to use the default current locale. If set to a valid # encoding, the input characters are converted to UTF-8, discarding any # illegal characters. Valid encodings are as used by the iconv program, # and `iconv -l` lists valid character set encodings. # Setting CharEncoding to UTF-8 simply discards illegal UTF-8 characters. CharEncoding = "UTF-8" # Default person to mail reports to. Can be a local account or a # complete email address. Variable Output should be set to mail, or # --output mail should be passed on command line to enable mail feature. MailTo = [email protected] # WHen using option --multiemail, it is possible to specify a different # email recipient per host processed. For example, to send the report # for hostname host1 to [email protected], use: #Mailto_host1 = [email protected] # Multiple recipients can be specified by separating them with a space. # Default person to mail reports from. Can be a local account or a # complete email address. MailFrom = [email protected] # if set, the results will be saved in <filename> instead of mailed # or displayed. Be sure to set Output = file also. #Filename = /tmp/logwatch # Use archives? If set to 'Yes', the archives of logfiles # (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will # be searched in addition to the /var/log/messages file. # This usually will not do much if your range is set to just # 'Yesterday' or 'Today'... it is probably best used with Range = All # By default this is now set to Yes. To turn off Archives uncomment this. #Archives = No # The default time range for the report... # The current choices are All, Today, Yesterday Range = yesterday # The default detail level for the report. # This can either be Low, Med, High or a number. # Low = 0 # Med = 5 # High = 10 Detail = Med # The 'Service' option expects either the name of a filter # (in /usr/share/logwatch/scripts/services/*) or 'All'. # The default service(s) to report on. This should be left as All for # most people. Service = All # You can also disable certain services (when specifying all) Service = "-zz-network" # Prevents execution of zz-network service, which # prints useful network configuration info. Service = "-zz-sys" # Prevents execution of zz-sys service, which # prints useful system configuration info. Service = "-eximstats" # Prevents execution of eximstats service, which # is a wrapper for the eximstats program. # If you only cared about FTP messages, you could use these 2 lines # instead of the above: #Service = ftpd-messages # Processes ftpd messages in /var/log/messages #Service = ftpd-xferlog # Processes ftpd messages in /var/log/xferlog # Maybe you only wanted reports on PAM messages, then you would use: #Service = pam_pwdb # PAM_pwdb messages - usually quite a bit #Service = pam # General PAM messages... usually not many # You can also choose to use the 'LogFile' option. This will cause # logwatch to only analyze that one logfile.. for example: #LogFile = messages # will process /var/log/messages. This will run all the filters that # process that logfile. This option is probably not too useful to # most people. Setting 'Service' to 'All' above analyzes all LogFiles # anyways... # # By default we assume that all Unix systems have sendmail or a sendmail-like MTA. # The mailer code prints a header with To: From: and Subject:. # At this point you can change the mailer to anything that can handle this output # stream. # TODO test variables in the mailer string to see if the To/From/Subject can be set # From here with out breaking anything. This would allow mail/mailx/nail etc..... -mgt mailer = "/usr/sbin/sendmail -t" # # With this option set to a comma separated list of hostnames, only log entries # for these particular hosts will be processed. This can allow a log host to # process only its own logs, or Logwatch can be run once per a set of hosts # included in the logfiles. # Example: HostLimit = hosta,hostb,myhost # # The default is to report on all log entries, regardless of its source host. # Note that some logfiles do not include host information and will not be # influenced by this setting. # #HostLimit = myhost # # By default /var/adm is searched after LogDir. #AppendVarAdmToLogDirs = 1 # # By default /var/log is to be searched after LogDir and /var/adm/ . #AppendVarLogToLogDirs = 1 # # By default the current working directory is searched last after LogDir, /var/adm/, and /var/log/ . #AppendCWDToLogDirs = 1 # vi: shiftwidth=3 tabstop=3 et I hope someone can help me.
Hi Again. I don't know if the right way. But I deleted rkhunter.log and rkhunter.log.1 and then touch rkhunter.log Now it works..
