You are not logged in.

#1 2017-06-22 07:29:17

amish
Member
Registered: 2014-05-10
Posts: 214

Logwatch dist.conf files for Arch Linux

Hello

Ever since systemd-journald replaced rsyslog - the logwatch package had more or less become useless.

Recently logwatch version 7.4.3-3 was released with support for journalctl
Reference:  https://bugs.archlinux.org/task/53981

This version however does not implement conf file changes. So default logwatch still remains useless.

rsyslog had 4 main files in /var/log on which rsyslog heavily depended on --> messages, maillog, cron, secure.

I have created 4 conf files - each imitates their rsyslog equivalents.

First create an EMPTY log file called emptylog.

touch /var/log/emptylog

This will be fake log file which will be supplied to logwatch.

Now create 4 files under /usr/share/logwatch/dist.conf/logfiles, as below:

/usr/share/logwatch/dist.conf/logfiles/messages.conf

Archive =
LogFile =
LogFile = emptylog

# Facilities from /usr/include/sys/syslog.h
# default syslog directive for messages is: *.info;mail.none;authpriv.none;cron.none
# list all facilities except mail, authpriv and cron
*JournalCtl = "-q --no-pager -o short -p info SYSLOG_FACILITY=0 SYSLOG_FACILITY=1 SYSLOG_FACILITY=3 SYSLOG_FACILITY=4 SYSLOG_FACILITY=5 SYSLOG_FACILITY=6 SYSLOG_FACILITY=7 SYSLOG_FACILITY=8 SYSLOG_FACILITY=11 SYSLOG_FACILITY=16 SYSLOG_FACILITY=17 SYSLOG_FACILITY=18 SYSLOG_FACILITY=19 SYSLOG_FACILITY=20 SYSLOG_FACILITY=21 SYSLOG_FACILITY=22 SYSLOG_FACILITY=23"

# copied from existing message.conf under default.conf/logfiles directory
*ExpandRepeats
*RemoveService = talkd,telnetd,inetd,nfsd,/sbin/mingetty,netscreen,NetScreen
*ApplyStdDate = "%b %d %H:%M:%S "

/usr/share/logwatch/dist.conf/logfiles/maillog.conf

Archive =
LogFile =
LogFile = emptylog

# Facilities from /usr/include/sys/syslog.h
# default syslog directive for maillog is: mail.*
*JournalCtl = "-q --no-pager -o short SYSLOG_FACILITY=2"

# copied from existing maillog.conf under default.conf/logfiles directory
*ExpandRepeats
*ApplyStdDate = "%b %d %H:%M:%S "

/usr/share/logwatch/dist.conf/logfiles/secure.conf

Archive =
LogFile =
LogFile = emptylog

# Facilities from /usr/include/sys/syslog.h
# default syslog directive for secure is: authpriv.*
*JournalCtl = "-q --no-pager -o short SYSLOG_FACILITY=10"

# copied from existing secure.conf under default.conf/logfiles directory
*ExpandRepeats
*ApplyStdDate = "%b %d %H:%M:%S "

/usr/share/logwatch/dist.conf/logfiles/cron.conf

Archive =
LogFile =
LogFile = emptylog

# Facilities from /usr/include/sys/syslog.h
# default syslog directive for cron is: cron.*
*JournalCtl = "-q --no-pager -o short SYSLOG_FACILITY=9"

# copied from existing cron.conf under default.conf/logfiles directory
*RemoveService = anacron

Hope this gets implemented by default by package maintainer.

Hope it helps others.

Thank you.

PS: New "git" version of logwatch accepts /dev/null as log file name. (after which emptylog can be replaced with /dev/null)

Update: Update time format as Journalctl outputs leading 0 to date.

Last edited by amish (2017-07-08 06:56:25)

Offline

Board footer

Powered by FluxBB