Not sure if these are bugs ...

I'm the (recent) proud lessee of 2 IWorx installations, one older -- probably from around the 1.7 era, is Redhat 9 and in a remote DataCenter, one newer 2.1.1 era, CentOS 4.2 and sitting next to me. A few differences that I've noticed:

1) The LogWatch between the boxes are not only different versions (which I would expect, considering RedHat's End of Life), but log quite differently in terms of their verbosity. The older installation (via email) is only logging a) Kernel b) proFTP and c) vpopmail (today). The new installation (via email) is logging a) ClamAV b) httpd c) init d) Kernel e) pam_unix f) SSHD and g) Disk Space.

I realize that some services only log if they are used that particular day, but in the case of Disk Space -- that's been missing from my LogWatch for quite some time and I've never seen the ClamAV section, though I have the service installed and running.

2) Clustering and NFS show up as menu options on the new box and are missing completely from the old. This may be you aren't offering certain services inside particular DataCenters, (though, why a DC wouldn't want you to potentially rent more servers from them for clustering, etc. I'm not sure) ... just looking for clarification on this one.

Regards,

JB

Is the RedHat 9 box still running InterWorx 1.7? Or was that just to indicate how long you've had the box, and both boxes are currently running 2.1.1?

Socheat

Sorry, that was confusing.

Both boxes are fully patched, 2.1.1

JB

2) Clustering and NFS show up as menu options on the new box and are missing completely from the old. This may be you aren't offering certain services inside particular DataCenters, (though, why a DC wouldn't want you to potentially rent more servers from them for clustering, etc. I'm not sure) ... just looking for clarification on this one.

This is to be expected, you need CentOS 4 (with NAT installed and the inteworx and vpopmail directories moved outside /home to new locations), or newer for clustering and those menus don't show up on a box that doesn't support clustering.

http://www.interworx.com/support/docs/iworx-cp/sysadmin/clustering/setup/howto-cluster

Good to know for #2, Thx. Tim. Is it that you need specifically CentOS 4, or any Linux Distro that's not RedHat at this point?

Any takers on the logging differences?

JB

You need CentOS 4, Remember CentOS 4 is basically the same as RHEL 4, and who knows it might work on RHEL4 as well if NAT was installed and configured and the other things it mentions are done. That'd really be an answer for Chris.

As for the other, the logwatch config file allows you to specify exactly what you want it to show. I suspect if you replaced the logwatch.conf file on the old box withthe one from the new one it'd be just as verbose.

I have two logwatch.conf files. Anybody know the difference?

[root@iworx root]# cat /etc/log.d/conf/logwatch.conf
################################################## ######
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
#
################################################## ######

# NOTE:
# All these options are the defaults if you run logwatch with no
# command-line arguments. You can override all of these on the
# command-line.

# You can put comments anywhere you want to. They are effective for the
# rest of the line.

# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.

# Yes = True = On = 1
# No = False = Off = 0

# Default Log Directory
# All log-files are assumed to be given relative to this directory.
LogDir = /var/log

# You can override the default temp directory (/tmp) here
TmpDir = /tmp

# Default person to mail reports to. Can be a local account or a
# complete email address.
MailTo = webmaster@transwarphosting.net

# If set to 'Yes', the report will be sent to stdout instead of being
# mailed to above person.
Print = No

# Leave this to 'Yes' if you have the mktemp program and it supports
# the '-d' option. Some older version of mktemp on pre-RH7.X did not
# support this option, so set this to no in that case and Logwatch will
# use internal temp directory creation that is (hopefully) just as secure
UseMkTemp = Yes

#
# Some systems have mktemp in a different place
#
MkTemp = /bin/mktemp

# if set, the results will be saved in <filename> instead of mailed
# or displayed.
#Save = /tmp/logwatch

# Use archives? If set to 'Yes', the archives of logfiles
# (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will
# be searched in addition to the /var/log/messages file.
# This usually will not do much if your range is set to just
# 'Yesterday' or 'Today'... it is probably best used with
Archives = Yes
Range = All

# The default time range for the report...
# The current choices are All, Today, Yesterday
Range = yesterday

# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10
Detail = High


# The 'Service' option expects either the name of a filter
# (in /etc/log.d/scripts/services/*) or 'All'.
# The default service(s) to report on. This should be left as All for
# most people.
Service = All
# You can also disable certain services (when specifying all)
#Service = -zz-fortune
# If you only cared about FTP messages, you could use these 2 lines
# instead of the above:
#Service = ftpd-messages # Processes ftpd messages in /var/log/messages
#Service = ftpd-xferlog # Processes ftpd messages in /var/log/xferlog
# Maybe you only wanted reports on PAM messages, then you would use:
#Service = pam_pwdb # PAM_pwdb messages - usually quite a bit
#Service = pam # General PAM messages... usually not many

# You can also choose to use the 'LogFile' option. This will cause
# logwatch to only analyze that one logfile.. for example:
#LogFile = messages
# will process /var/log/messages. This will run all the filters that
# process that logfile. This option is probably not too useful to
# most people. Setting 'Service' to 'All' above analyizes all LogFiles
# anyways...

#
# some systems have different locations for mailers
#
mailer = /bin/mail

#
# With this option set to 'Yes', only log entries for this particular host
# (as returned by 'hostname' command) will be processed. The hostname
# can also be overridden on the commandline (with --hostname option). This
# can allow a log host to process only its own logs, or Logwatch can be
# run once per host included in the logfiles.
#
# The default is to report on all log entries, regardless of its source host.
# Note that some logfiles do not include host information and will not be
# influenced by this setting.
#
#HostLimit = Yes

[root@iworx root]#


[root@iworx root]# cat /etc/log.d/logwatch.conf
################################################## ######
# This was written and is maintained by:
# Kirk Bauer <kirk@kaybee.org>
#
# Please send all comments, suggestions, bug reports,
# etc, to kirk@kaybee.org.
#
################################################## ######

# NOTE:
# All these options are the defaults if you run logwatch with no
# command-line arguments. You can override all of these on the
# command-line.

# You can put comments anywhere you want to. They are effective for the
# rest of the line.

# this is in the format of <name> = <value>. Whitespace at the beginning
# and end of the lines is removed. Whitespace before and after the = sign
# is removed. Everything is case *insensitive*.

# Yes = True = On = 1
# No = False = Off = 0

# Default Log Directory
# All log-files are assumed to be given relative to this directory.
LogDir = /var/log

# You can override the default temp directory (/tmp) here
TmpDir = /tmp

# Default person to mail reports to. Can be a local account or a
# complete email address.
MailTo = webmaster@transwarphosting.net

# If set to 'Yes', the report will be sent to stdout instead of being
# mailed to above person.
Print = No

# Leave this to 'Yes' if you have the mktemp program and it supports
# the '-d' option. Some older version of mktemp on pre-RH7.X did not
# support this option, so set this to no in that case and Logwatch will
# use internal temp directory creation that is (hopefully) just as secure
UseMkTemp = Yes

#
# Some systems have mktemp in a different place
#
MkTemp = /bin/mktemp

# if set, the results will be saved in <filename> instead of mailed
# or displayed.
#Save = /tmp/logwatch

# Use archives? If set to 'Yes', the archives of logfiles
# (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will
# be searched in addition to the /var/log/messages file.
# This usually will not do much if your range is set to just
# 'Yesterday' or 'Today'... it is probably best used with
Archives = Yes
Range = All

# The default time range for the report...
# The current choices are All, Today, Yesterday
Range = yesterday

# The default detail level for the report.
# This can either be Low, Med, High or a number.
# Low = 0
# Med = 5
# High = 10
Detail = High


# The 'Service' option expects either the name of a filter
# (in /etc/log.d/scripts/services/*) or 'All'.
# The default service(s) to report on. This should be left as All for
# most people.
Service = All
# You can also disable certain services (when specifying all)
#Service = -zz-fortune
# If you only cared about FTP messages, you could use these 2 lines
# instead of the above:
#Service = ftpd-messages # Processes ftpd messages in /var/log/messages
#Service = ftpd-xferlog # Processes ftpd messages in /var/log/xferlog
# Maybe you only wanted reports on PAM messages, then you would use:
#Service = pam_pwdb # PAM_pwdb messages - usually quite a bit
#Service = pam # General PAM messages... usually not many

# You can also choose to use the 'LogFile' option. This will cause
# logwatch to only analyze that one logfile.. for example:
#LogFile = messages
# will process /var/log/messages. This will run all the filters that
# process that logfile. This option is probably not too useful to
# most people. Setting 'Service' to 'All' above analyizes all LogFiles
# anyways...

#
# some systems have different locations for mailers
#
mailer = /bin/mail

#
# With this option set to 'Yes', only log entries for this particular host
# (as returned by 'hostname' command) will be processed. The hostname
# can also be overridden on the commandline (with --hostname option). This
# can allow a log host to process only its own logs, or Logwatch can be
# run once per host included in the logfiles.
#
# The default is to report on all log entries, regardless of its source host.
# Note that some logfiles do not include host information and will not be
# influenced by this setting.
#
#HostLimit = Yes

[root@iworx root]#

I suspect if you replaced the logwatch.conf file on the old box withthe one from the new one it'd be just as verbose.


... though, I thought there was some caveat for a service having it's logging "toggle" set at the time of compile (which is why I thought most of us have a pile of unwanted vpopmail entries that are seemingly unstoppable (?) ).

It feels more like the logging options of the various services have had their logging switches 'reset/overridden/etc' along the way on the older box.

I'll check my actual LogWatch file and see how it compares to yours shortly.

Thanks again,

JB

**EDIT** I checked the LogWatch.conf on my older RedHat box and the only difference I saw between what you've posted and mine was the level of detal, yours being "High" and mine being "Low." However both of my boxes in question are set to "Low," with "Services=All" and produce different output (again, no ClamAV or Disk Space on the older box, etc).

Yeah, could be a logging option. You probably know more about that than I.

Are you kidding? You've forgotten more about this CP than I'll know anytime soon .. ;)

I only mention the "compile time logging option" because in another post: http://www.interworx.com/forums/showthread.php?t=485 (where I was asking about the vpopmail entries) Chris mentions:

... Pascal is right that the logging is a compile time option and not configurable after the fact...

... which, as the Linux neophyte that I am makes me think all (most/many?) services must have that option, and maybe for some reason over the course of updates, certain services have had their switch to log blown-out. If no one else is noticing this (which would be good), then it's isolated to me and not a bug at all (also good). It doesn't tell me why I have the issue, but at least takes it out of the bug category and into something else.

After watching more carefully the last couple of days of logs, it looks like the old RedHat box is not logging:

httpd
crond (under Pam - but does log su)
disk space

Regards,

JB

Are you kidding? You've forgotten more about this CP than I'll know anytime soon .. ;)


HAHA, thanks for the complement :-)

But actually I was talking about Linux knowlege.


After watching more carefully the last couple of days of logs, it looks like the old RedHat box is not logging:

httpd
crond (under Pam - but does log su)
disk space

Interesting.