[Logcheck-users] Installing and running logcheck on CentOS

Hubert Krause hubert.krause at inform-ac.com
Fri Jun 25 10:25:57 UTC 2010 

Am Friday 25 June 2010 09:49:20 schrieb Robert Rothenberg:
> I've installed logcheck on CentOS from source, as well as liblockfile
> and lockfile-progs.

Which versions did you use? I've successfully installed logcheck on a CentOS 5 
box a few months ago. I've used liblockfile_1.08, lockfile-procs-0.1.10 and 
logcheck_1.2.45. I remember, that I 've to modify /usr/sbin/logcheck because 
it relays on run-parts which is very broken in CentOS. (It is not realy 
broken, but they reinvented the wheel instead of porting the debian 
run-parts. The result is a very bad. One answer to solve a lot of Problems 
with CentOS is: switch to Debian ;-) )

>
> I've created a logcheck user with /var/lib/logcheck as the home and
> /sbin/nologin as the shell. logcheck user is in the adm group. I also
> customised the list of logfiles for CentOS. When I run logcheck, I get
> the following errors:
>
> # sudo -u logcheck logcheck -ot
> basename: invalid option -- -
> Try `basename --help' for more information.
> basename: invalid option -- -
> Try `basename --help' for more information.
> basename: invalid option -- -
> Try `basename --help' for more information.
> basename: invalid option -- -
> Try `basename --help' for more information.
> basename: invalid option -- -
> Try `basename --help' for more information.
> Error: Could not run logtail or save output.
> System Events
> =-=-=-=-=-=-=
> File /var/log/secure cannot be read: Permission denied

 /var/log/secure should be readable by adm. This is not default on CentOS. 
Default is a mode of 600 for root. (again: silly CentOS)

I just loocked into the code of /usr/sbin/logcheck and found the first 
occurence of basename in exact this position where I patched logcheck because 
of the bad run-parts implementation.

the code which is not working is:

$(run-parts --list $dir)

I've replaced it with a "work around":

$(find $dir -maxdepth 1 -type f -regex ^${dir}[/]*[a-z0-9][a-z0-9]*$)

It is not the same as a working run-parts but works for me.

Good luck in trying to make logcheck work on CentOS.

Best regards,

Hubert

-- 
Hubert Krause
Risk & Fraud Division
INFORM GmbH, Pascalstraße 23, 52076 Aachen, Germany
Phone: +49 24 08 - 94 56 5145
E-Mail: hubert.krause at inform-ac.com, Web: http://www.inform-ac.com
INFORM Institut fuer Operations Research und Management GmbH
Registered AmtsG Aachen HRB1144 Gfhr. Adrian Weiler

More information about the Logcheck-users mailing list