Heya All, I have tried to implement pflogsumm on my CentOS 5 box. I have followed the how-to exactly. Now what happens is: 1. Where there used to be 4 maillog files in /var/log (maillog, maillog.0, maillog.1, etc) there is only 1 huge maillog file. 2. I get a mailing every day from the cron daemon that says: "/etc/cron.daily/logrotate: error: syslog:1 duplicate log entry for /var/log/messages" Logwatch is installed and running per the default for CentOS 5 (I didn't install it, it was installed with the OS). So it seems that logrotate is failing but I cannot find where or why. Here is my logrotate.conf: [root@mail etc]# more logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp -- we'll rotate them here /var/log/wtmp { monthly minsize 1M create 0664 root utmp rotate 1 } # system-specific logs may be also be configured here. /var/log/maillog { missingok daily rotate 7 create compress start 0 postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true endscript } I did no mods to the cron job for the logrotate. Here is my /usr/local/sbin/postfix_report.sh: [root@mail etc]# more /usr/local/sbin/postfix_report.sh exit 0TH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin gunzip /var/log/maillog.0.gz pflogsumm /var/log/maillog.0 | formail -c -I"Subject: Mail Statistics" -I"From: pflogsumm@<mydomain>.net" -I"To: systems@<mydomain>.net" -I"Received: from mail.<mydomain>.net ([192.168.1.11])" | sendmail systems@<mydomain>.net gzip /var/log/maillog.0 exit 0 The message from the cron seems no help at all but def something I did affected it as I didn't get it until the night I tried to implement pflogsumm... Any help would be greatly appreciated! I will prvide any other info you might need. Regards, Chumley Edited: Removed my real domain before some crawler grabs my email for spam use
results Falko, Here is the output: [root@mail ~]# ls -la /etc/logrotate.d/ total 176 drwxr-xr-x 2 root root 4096 Jun 18 16:21 . drwxr-xr-x 96 root root 12288 Jul 16 04:05 .. -rw-r--r-- 1 root root 144 Jan 6 2007 acpid -rw-r--r-- 1 root root 99 Dec 31 2007 amavisd -rw-r--r-- 1 root root 161 Apr 16 13:10 clamav -rw-r--r-- 1 root root 288 Nov 11 2007 conman -rw-r--r-- 1 root root 71 Nov 29 2007 cups -rw-r--r-- 1 root root 237 Feb 6 2007 dovecot -rw-r--r-- 1 root root 92 Jun 9 14:53 freshclam -rw-r--r-- 1 root root 167 Nov 10 2007 httpd -rw-r--r-- 1 root root 571 Jan 7 2007 mgetty -rw-r----- 1 root named 163 Nov 10 2007 named -rw-r--r-- 1 root root 228 Apr 11 16:46 OEM.syslog.OEM -rw-r--r-- 1 root root 136 Mar 14 2007 ppp -rw-r--r-- 1 root root 212 Oct 6 2007 proftpd -rw-r--r-- 1 root root 323 Jan 6 2007 psacct -rw-r--r-- 1 root root 61 Nov 10 2007 rpm -rw-r--r-- 1 root root 232 Dec 10 2007 samba -rw-r--r-- 1 root root 68 Jun 13 2007 sa-update -rw-r--r-- 1 root root 121 Mar 14 2007 setroubleshoot -rw-r--r-- 1 root root 154 Dec 18 2007 snmpd -rw-r--r-- 1 root root 543 Apr 11 2007 squid -rw-r--r-- 1 root root 211 Apr 11 16:46 syslog -rw-r--r-- 1 root root 48 Jan 6 2007 tux -rw-r--r-- 1 root root 89 Nov 10 2007 yum Thanks, Chum
contents of /etc/logrotate.d/syslog /var/log/messages /var/log/secure /var/log/spooler /var/log/boot.log /var/log/cron { sharedscripts postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true endscript } Regards, Chum
Falko, It appears in the '/etc/logrotate.d/OEM.syslog.OEM' file. It has a line that was the foundation for the line in the '/etc/logrotate.d/syslog' file. I am thinking that the OEM one has to go. I will move it to a temp location and see what this evenings' cron jobs do. I believe (I actually did this quite some time ago but could not get back to it until now due to other pressing concerns) that I renamed the file from 'syslog' to 'OEM.syslog.OEM' because I wanted to save the OEM version of the file. I didn't realize that it would still be processed if left in that dir. Thanks for your assistance and I will let you know tomorrow if removing the OEM file fixes the issue. Regards, Chumley
/etc/logrotate.d/rsyslog tries to rotate the mail.log and logrotate.conf tries the same according to the howto for pflogsum, so the resulting error is:
seems formmail is inside maildrop but we are using courier-maildrop: suggestions? I'd really like to use pflogsum
unfortunately that didn't help :-( have you got any more information on formail? all I find is http://linux.about.com/library/cmd/blcmdl1_formail.htm but why isn't it being found? what could I use instead of formail? any substitues to make that pflogsum compatible with ispcfg3 and debian lenny?
besides this morning, the maillogs stopped :-( at least mail.log is stil empty besides me sending and receiving emails. All other logs, i.e. mail.warn or mail.error are fine :-( any hints? so I went back to courier-maildrop as that seems to be the only related change I made, besides taking out mail.log from /etc/logrotate.d/rsyslog ###edit### undid all steps listed in this thread, and mail.log starts logging again... I'd really love for someone to solve this puzzle of running mailgraph + pflogsum on Debian Lenny
sorry to be a pain in the a** but I'd really like to get pflogsum working on Debian Lenny. Anyone here on these forums able to get it working?
still not solved :-( if I enable pflogsumm and the logrotating as discussed in this whole thread, nothing gets ever again written to the mail.log, do you think its related to the permissions?
