Stellarcore.net

Stellarcore.net

Please note that as of release 5.0 Logwatch has very good Solaris support, this document is very much out of date and will be left for historical reasons only. Visit logwatch.org for more information. The up coming release 5.2.3 will include a single place in which to set you global path to Perl, which was one of the last gotcha's to running Logwatch under Solaris.

As most users of RedHat Linux logwatch.pl is a nice perl program that summarizes the system logfiles. Logwatch is written and maintained by Kirk Bauer, and as of this posting the stable release is 4.3.2. Recently I had a customer request this logwatch system be installed on a Solaris 8 machine. So after some tweaking of the code I released these patches back to the Logwatch development site.

Solaris compatibility could use a little more work but the basic idea is that the GNU version of mail is different then the Solaris version so we need checks to see what to use. Other then that it just the location of log files. This should get any system admin down the right path to getting Logwatch running on Solaris.

All the changes I made are in this gzip/tar file, do not try to cut-and-paste this page as I had to do a little formatting so it looked readble.

diff -r -u log.d/conf/services/sendmail.conf /etc/log.d/conf/services/sendmail.conf
--- log.d/conf/services/sendmail.conf	Mon Mar 17 14:36:56 2003
+++ /etc/log.d/conf/services/sendmail.conf	Tue Feb 18 07:53:38 2003
@@ -18,7 +18,7 @@
 LogFile = maillog
 
 # Only give lines pertaining to the sendmail service...
-*MultiService = sendmail,sm-mta
+*OnlyService = sendmail
 *RemoveHeaders
 
 # Now ignored in actual sendmail script (which is more efficient)
diff -r -u log.d/scripts/logwatch.pl /etc/log.d/scripts/logwatch.pl
--- log.d/scripts/logwatch.pl	Tue Mar 18 06:56:22 2003
+++ /etc/log.d/scripts/logwatch.pl	Tue Feb 18 07:53:37 2003
@@ -20,10 +20,6 @@
 
 my $Version = '4.3.2';
 my $VDate = '02/18/03';
-#Added to create switches for different os options -mgt
-#For now working on Linux and SunOS
-my $OSname = `uname -s`;
-chomp $OSname;
 
 #############################################################################
 
@@ -35,9 +31,6 @@
 
 # Default config here...
 $Config{'detail'} = 0;
-#I logwatch now does some basic searching for logs
-#So if the log file is not in the log path it will check /var/adm
-#and then /var/log -mgt
 $Config{'logdir'} = "/var/log";
 $Config{'mailto'} = "root";
 $Config{'save'} = "";
@@ -343,23 +336,7 @@
          ReadConfigFile($BaseDir . "conf/logfiles/" . $ThisFile);
          for (my $i = 0; $i <= $#ReadConfigNames; $i++) {
             if ($ReadConfigNames[$i] eq "logfile") {
-			   #Filter for secure vs. authlog
-			   if ($OSname eq "SunOS" && $ReadConfigValues[$i] =~ "secure"
-			   && !-e "$Config{'logdir'}/log/$ReadConfigValues[$i]") {
-			   $ReadConfigValues[$i] =~ s/secure/authlog/i;
-			   }
-
-			   #Lets try and find the logs -mgt
-			   if (-e "$Config{'logdir'}/$ReadConfigValues[$i]") {
-               push @{$LogFileData{$ThisLogFile}{'logfiles'}}, $ReadConfigValues[$i];
-			   } elsif (-e "/var/adm/$ReadConfigValues[$i]") {
-               push @{$LogFileData{$ThisLogFile}{'logfiles'}}, "adm/$ReadConfigValues[$i]";
-			   } elsif (-e "/var/log/$ReadConfigValues[$i]") {
-               push @{$LogFileData{$ThisLogFile}{'logfiles'}}, "log/$ReadConfigValues[$i]";
-			   } else {
-			   #Fallback to default even if it doesn't exist -mgt
                push @{$LogFileData{$ThisLogFile}{'logfiles'}}, $ReadConfigValues[$i];
-			   }
             } elsif ($ReadConfigNames[$i] eq "archive") {
                push @{$LogFileData{$ThisLogFile}{'archives'}}, $ReadConfigValues[$i];
             } elsif ($ReadConfigNames[$i] =~ /^\*/) {
@@ -624,14 +601,8 @@
       *OUTFILE = *STDOUT;
    } elsif ($Config{'save'} ne "") {
       open(OUTFILE,">" . $Config{'save'}) or die "Can't open output file: $Config{'save'}\n";
-   } elsif ($OSname eq "SunOS") {
-	  #Solaris mail doesn't know -s -mgt
-      open(OUTFILE,"|$Config{'mailer'} $Config{'mailto'}") or die "Can't execute /bin/mail\n";
-      print OUTFILE "From: LogWatcher\n";
-      print OUTFILE "To: $Config{'mailto'}\n";
-      print OUTFILE "Subject: LogWatch for $Config{'hostname'}\n\n";
    } else {
-      open(OUTFILE,"|$Config{'mailer'} -s \"LogWatch for $Config{'hostname'}\" " 
		. $Config{'mailto'}) or die "Can't execute /bin/mail\n";    
+      open(OUTFILE,"|$Config{'mailer'} -s \"LogWatch for $Config{'hostname'}\" "
		. $Config{'mailto'}) or die "Can't execute /bin/mail\n";
    }
    $printing = 'y';
    print OUTFILE "\n ################### LogWatch $Version ($VDate) #################### \n";
diff -r -u log.d/scripts/services/ipop3d /etc/log.d/scripts/services/ipop3d
--- log.d/scripts/services/ipop3d	Mon Mar 17 14:37:06 2003
+++ /etc/log.d/scripts/services/ipop3d	Tue Feb 18 07:53:38 2003
@@ -20,8 +20,6 @@
 
 while (defined($ThisLine = )) {
    chomp($ThisLine);
-   #Solaris ID filter -mgt
-   $ThisLine =~ s/\[ID [0-9]+ [a-z]+\.[a-z]+\] //;
 #   next unless ( $ThisLine=~s/^... .. ..:..:.. \w+ ipop3d\[\d+\]: //); #For testing only
    next unless (defined($ThisLine));
 
diff -r -u log.d/scripts/services/sendmail /etc/log.d/scripts/services/sendmail
--- log.d/scripts/services/sendmail	Mon Mar 17 14:37:04 2003
+++ /etc/log.d/scripts/services/sendmail	Tue Feb 18 07:53:38 2003
@@ -53,19 +53,16 @@
       $Amavis++;
    } elsif ( $ThisLine =~ m/X-Scanned-By: MIMEDefang/) {
       $Defang++;
-   } elsif ( ($User) = ($ThisLine =~ /^<([^ ]*)>... [User unknown|No such user]/) ) {
-   #Lots of people config sendmail error into No Such user.. -mgt
+   } elsif ( ($User) = ($ThisLine =~ /^<([^ ]*)>... User unknown$/) ) {
       $UnknownUsers{$User}{$QueueID}++;
    } elsif ( ($Host) = ($ThisLine =~ /\(Name server: ([^ ]+): host not found\)/)) {
       $UnknownHosts{$Host}++;
-   } elsif ( ($Domain) = ($ThisLine =~ /Domain of sender address ([^ ]+) does not/)) {
-	  #Some say resolve some say exist -mgt
+   } elsif ( ($Domain) = ($ThisLine =~ /Domain of sender address ([^ ]+) does not resolve/)) {
       $UnresolvedDomains{$Domain}++;
-  } elsif ($ThisLine =~ /reject=550 5\.7\.1 <[^ ]*@([^ ]*)>\.\.\./) {
+  } elsif ($ThisLine =~ /reject=550 5\.7\.1 <[^ ]*@([^ ]*)>\.\.\. Relaying Denied \(Spammer\)/) {
       # We block some particularly annoying spam domains with the
       # following in /etc/mail/access...
       # From:worduphosting.com	ERROR:550 5.7.1 Relaying Denied (Spammer)
-	  #Ignore the message look for the error -mgt
       $KnownSpammer{$1}++;
    } elsif ( ($Dest,$Relay) = ($ThisLine =~ /^ruleset=check_rcpt, arg1=<([^ ]*)>,\
		relay=([^,]*), reject=550\s*[\d.]*\s*<[^ ]*>\.\.\. Relaying denied/) ) {
       $Temp = "From " . $Relay . " to " . $Dest;
@@ -77,16 +74,6 @@
       $Temp = "From " . $Relay . " by " . $BlSite;
       $BlackHoled{$Temp}++;
      $BlackHoles{$BlSite}++;
-  } elsif ( ($Relay,$BlSite) = ($ThisLine =~ /reject=553\s*[\d.]*\s*<[^ ]*>\.\.\. Mail from \
	([\d\.]+) rejected\;see http:\/\/([^\/]*)\//) ) {
-	  #This is the another blackhole tag -mgt
-	  $Temp = "From " . $Relay . " by " . $BlSite;
-	  $BlackHoled{$Temp}++;
-	 $BlackHoles{$BlSite}++;
-   } elsif ( ($BlSite, $Relay) = ($ThisLine =~ /reject=553\s*[\d.]*\s*<[^ ]*>\.\.\.
   Email blocked using ORDB.org - see \\.\.\. Mail from [^ ]* refused by blackhole site ([^ ]*)/) ) {
       $Temp = "From " . $Relay . " by " . $BlSite;
       $BlackHoled{$Temp}++;
diff -r -u log.d/scripts/services/zz-disk_space /etc/log.d/scripts/services/zz-disk_space
--- log.d/scripts/services/zz-disk_space	Mon Mar 17 14:44:02 2003
+++ /etc/log.d/scripts/services/zz-disk_space	Tue Feb 18 07:53:38 2003
@@ -2,19 +2,12 @@
 ##########################################################################
 # $Id: zz-disk_space,v 1.1 2003/02/18 15:44:56 kirk Exp $
 ##########################################################################
-#df -h is a Linux thing allow for other options -mgt
-if [ "$PRINTING" = "y" ]  && [ "`uname -s`" = "Linux" ] ; then
+
+if [ "$PRINTING" = "y" ] ; then
    echo
    echo
    echo "------------------ Disk Space --------------------"
    echo
    df -h
    echo
-elif [ "$PRINTING" = "y" ]
-   echo
-   echo
-   echo "------------------ Disk Space --------------------"
-   echo
-   df -k
-   echo
 fi
Only in log.d/scripts/shared: multiservice
diff -r -u log.d/scripts/shared/removeheaders /etc/log.d/scripts/shared/removeheaders
--- log.d/scripts/shared/removeheaders	Mon Mar 17 14:37:09 2003
+++ /etc/log.d/scripts/shared/removeheaders	Tue Feb 18 07:53:38 2003
@@ -16,8 +16,6 @@
 # logfile.
 
 while (defined($ThisLine = )) {
-	#First line is Solaris ID tag style -mgt
-  $ThisLine =~ s/^... .. ..:..:.. [^ ]* [^ ]*\[[0123456789]*\]: \[ID [0-9]+ [a-zA-Z\.]+\] //;
   $ThisLine =~ s/^... .. ..:..:.. [^ ]* [^ ]*\[[0123456789]*\]: //;
   $ThisLine =~ s/^... .. ..:..:.. [^ ]* [^ ]*: //;
   print $ThisLine;