bug

发现logwatch出现以前的事务分析,经分析rsyslog的日志采用了RSYSLOG_TraditionalFileFormat的格式,类似如下:

$ sudo head /var/log/messages
Sep 10 09:05:39 localhost syslogd 1.4.1: restart.
Sep 10 09:05:39 localhost kernel: klogd 1.4.1, log source = /proc/kmsg started.
Sep 10 09:05:39 localhost kernel: bonding: bond0: doing slave updates when interface is down.
Sep 10 09:05:39 localhost kernel: bonding: unable to remove non-existent slave eth0 for bond bond0.
Sep 10 09:05:40 localhost kernel: ADDRCONF(NETDEV_UP): bond0: link is not ready
Sep 10 09:05:40 localhost kernel: 8021q: adding VLAN 0 to HW filter on device bond0
Sep 10 09:05:40 localhost kernel: bonding: bond0: Adding slave eth0.
Sep 10 09:05:40 localhost kernel: bonding: bond0: making interface eth0 the new active one.
Sep 10 09:05:40 localhost kernel: bonding: boactiup!
Sep 10 09:05:40 localhost kernel: bonding: bond0: enslaving eth0 as an active interface with an up link.

由于没有年份存在导致分析的时候重复了。

解决方法

logrotate

cron.daily 不运行的bug

Red Hat Enterprise Linux Server release 5有这个bug,解决方法用root直接运行。

html output

Adding a line to /etc/logwatch/conf/logwatch.conf

Output = html

mail user

默认情况使用本地sendmail发送,但遇到DNAT这些情况可以用msmtp

  • /etc/logwatch/conf/logwatch.conf
#mailer = "sendmail -t"
mailer = "/usr/local/bin/msmtp -t"

然后在MailTo中填入recipient.