[PLUG] Logs and Reporting ... Again

Rich Shepard rshepard at appl-ecosys.com
Tue Mar 24 18:05:15 UTC 2009 

On Tue, 24 Mar 2009, Roderick A. Anderson wrote:

> 1. Does 1pflogsumm do the same as your command line below? (copy and
> paste from the file to be sure).

   Not quite. /etc/cron.daily/1pflogsumm:

   - checks location of /var/log/maillog
   - defines EXECUTABLE=/usr/local/bin/pflogsumm
   - sets up /etc/postfix as a temporary directory
   - defines OPTIONS (the default time is 'today' since it is supposed to run
     at 04:40 so /var/log/maillog is still the current (today's) log file.)
   - describes the e-mail heading
   - locates sendmail
   - locates postfix
   - proceeds with other checks, then runs EXECUTABLE.

> 2. Is the execute bit set for 1pflogsumm?

   Yup.

> maillog.2 will have mostly stuff from the 22nd.  Logrotate happened at
> 4:40AM the 23rd so there will probably be only a few entries for the 23rd.

   Should. Doesn't. How it got borked I've no idea:

-rw-r--r-- 1 root root  223228 Mar 24 10:10 /var/log/maillog
-rw-r--r-- 1 root root 1219888 Mar 24 04:40 /var/log/maillog.1
-rw-r--r-- 1 root root 1029689 Mar 23 04:40 /var/log/maillog.2
-rw-r--r-- 1 root root 2700694 Mar 22 04:40 /var/log/maillog.3
-rw-r--r-- 1 root root 1168552 Mar 21 04:40 /var/log/maillog.4

> Also do you have enough memory to run with the -e switch?  The man page
> says that switch can eat RAM like crazy.

   1G. Besides, this script has worked every day for several years. It
stopped running a couple of weeks ago, then started when I also ran it at
00:02 hrs. from root's crontab. Got two reports each day, one just after
midnight, the other at 4:40 am. Now neither is running and I think it's the
screwy log names.

   If logrotate ran this morning at 4:40+, which it did since /var/log/cron
shows the change:

-rw------- 1 root      root         0 Mar 24 04:40 cron
-rw------- 1 root      root         0 Mar 23 04:40 cron.1
-rw------- 1 root      root         0 Mar 22 04:40 cron.2
-rw------- 1 root      root         0 Mar 21 04:40 cron.3
-rw------- 1 root      root         0 Mar 20 04:40 cron.4

   then /var/log/maillog should show the same pattern. It doesn't; somehow
it was moved to maillog.1 and a new maillog started some time after that.

Rich

-- 
Richard B. Shepard, Ph.D.               |  Integrity            Credibility
Applied Ecosystem Services, Inc.        |            Innovation
<http://www.appl-ecosys.com>     Voice: 503-667-4517      Fax: 503-667-8863

More information about the PLUG mailing list