[Logcheck-devel] Bug#647622: logcheck: error in "logtail -t"/LOGTAILOPTS=" -t"

Jon Daley debian at jon.limedaley.com
Fri Nov 4 16:20:07 UTC 2011 

Package: logcheck
Version: 1.3.14
Severity: normal
Tags: patch

Dear Maintainer,
I'm not sure when this broke, but I can no longer run:
  sudo -u logcheck logcheck -ot
as it fails with the error:
  Error: Could not run logtail or save output.

I played around with it for a while, and ended up being able to fix it
by making this modification:
CHANGE:
  LOGTAIL_OPTS=' -t'
TO:
  LOGTAIL_OPTS='-t'

I can't make up a reason why this is needed, running the command manually works fine:
  sudo -u logcheck logtail2  -f/var/log/syslog -o/var/.../...  -t

If I run logcheck -otd, without my fix, I get:
D: [1320423425] logoutput called with file: /var/log/syslog
D: [1320423425] Running /usr/sbin/logtail2 on /var/log/syslog
D: [1320423425] error: Killing lockfile-touch - 27393
D: [1320423425] error: Removing lockfile: /var/lock/logcheck/logcheck.lock
D: [1320423425] Error: Could not run logtail or save output
Error: Could not run logtail or save output.
D: [1320423425] cleanup: Removing - /tmp/logcheck.BNBLQm

If I add the following to logoutput()
  echo $LOGTAIL -f "$file" -o "$offsetfile" $LOGTAIL_OPTS
  $LOGTAIL -f "$file" -o "$offsetfile" $LOGTAIL_OPTS
I get:
D: [1320423498] logoutput called with file: /var/log/syslog
D: [1320423498] Running /usr/sbin/logtail2 on /var/log/syslog
/usr/sbin/logtail2 -f /var/log/syslog -o /var/lib/logcheck/offset.var.log.syslog  -t
File  -t cannot be read: No such file or directory

The logtail manual implies that -t should be before -f, but I moved LOGTAIL_OPTS to
before, and it didn't change anything.

I recently read some security reports about su/sudo and some changes and perhaps that is the reason?
Anyway, removing the space from LOGTAIL_OPTS fixes it, and my change seems safe to make for everyone.

Thanks.

-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-1-686-pae (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck depends on:
ii  adduser                         3.113     
ii  cron                            3.0pl1-120
ii  lockfile-progs                  0.1.16    
ii  logtail                         1.3.14    
ii  mime-construct                  1.11      
ii  postfix [mail-transport-agent]  2.8.3-1   
ii  sysklogd [system-log-daemon]    1.5-6.1   

Versions of packages logcheck recommends:
ii  logcheck-database  1.3.14

Versions of packages logcheck suggests:
ii  syslog-summary  1.14-2

-- Configuration Files:
/etc/logcheck/logcheck.conf changed:
INTRO=0
REPORTLEVEL="paranoid"
SENDMAILTO="logcheck"
MAILASATTACH=0
FQDN=1
TMP="/tmp"

/etc/logcheck/logcheck.logfiles changed:
/var/log/syslog
/var/log/auth.log
/var/log/mail.log
/var/log/dovecot.log
/var/log/rt.log
/var/log/cron.log
/var/log/mrtg.log


-- debconf information:
  logcheck/changes:
* logcheck/install-note:

More information about the Logcheck-devel mailing list