logwatchをアンインストールせずにメール通知を止める
logwatchを使ってログの集計情報をメールで飛ばすということをやってきたけど、毎日毎日何通も来るのでだんだんウザくなって読まなくなってしまった。
そんなわけで、アンインストールするのもアレだったので、とりあえずメール通知を止めようということになった。
まずCentOS 6の環境で設定。
[hhelibex@centos6 ~]$ logwatch --version Logwatch 7.3.6 (released 05/19/07) [hhelibex@centos6 ~]$ cat /etc/logwatch/conf/logwatch.conf # Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf) Detail = High Archives = Yes Save = /tmp/logwatch [hhelibex@centos6 ~]$
これで様子を見てみると、無事に指定したファイルに結果が保存された。よしよし。
次はCentOS 7の環境。
[hhelibex@centos7 ~]$ logwatch --version Logwatch 7.4.0 (released 03/01/11) [hhelibex@centos7 ~]$
・・なのだが、CentOS 6環境と同じように設定してもダメで、相変わらずメールが飛んでくる・・ そこで「/usr/share/logwatch/default.conf/logwatch.conf」を見てみると、v7.3.6(CentOS 6)では存在した「Save」パラメータがv7.4.0(CentOS 7)では無くなっている。
なぬ!?と思って「logwatch --help」してみる。
[hhelibex@centos6 ~]$ logwatch --help
Usage: /usr/sbin/logwatch [--detail <level>] [--logfile <name>]
[--print] [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]
[--save <filename>] [--help] [--version] [--service <name>]
[--numeric] [--output <output_type>]
[--splithosts] [--multiemail] [--no-oldfiles-log]
--detail <level>: Report Detail Level - High, Med, Low or any #.
--logfile <name>: *Name of a logfile definition to report on.
--logdir <name>: Name of default directory where logs are stored.
--service <name>: *Name of a service definition to report on.
--print: Display report to stdout.
--mailto <addr>: Mail report to <addr>.
--archives: Use archived log files too.
--save <filename>: Save to <filename>.
--range <range>: Date range: Yesterday, Today, All, Help
where help will describe additional options
--numeric: Display addresses numerically rather than symbolically and numerically
(saves a nameserver address-to-name lookup).
--debug <level>: Debug Level - High, Med, Low or any #.
--splithosts: Create a report for each host in syslog.
--multiemail: Send each host report in a separate email. Ignored if
not using --splithosts.
--output <output type>: Report Format - mail, html or unformatted#.
--encode: Use base64 encoding on output mail.
--no-oldfiles-log: Suppress the logwatch log, which informs about the
old files in logwatch tmpdir.
--version: Displays current version.
--help: This message.
* = Switch can be specified multiple times...
[hhelibex@centos6 ~]$
[hhelibex@centos7 ~]$ logwatch --help
Usage: /usr/sbin/logwatch [--detail <level>] [--logfile <name>] [--output <output_type>]
[--format <format_type>] [--encode <enconding>] [--numeric] [--no-oldfiles-log]
[--mailto <addr>] [--archives] [--range <range>] [--debug <level>]
[--filename <filename>] [--help|--usage] [--version] [--service <name>]
[--hostformat <host_format type>] [--hostlimit <host1,host2>] [--html_wrap <num_characters>]
--detail <level>: Report Detail Level - High, Med, Low or any #.
--logfile <name>: *Name of a logfile definition to report on.
--logdir <name>: Name of default directory where logs are stored.
--service <name>: *Name of a service definition to report on.
--output <output type>: Report Output - stdout [default], mail, file.
--format <formatting>: Report Format - text [default], html.
--encode <encoding>: Enconding to use - none [default], base64.
--no-oldfiles-log: Suppress the logwatch log, which informs about the
old files in logwatch tmpdir.
--mailto <addr>: Mail report to <addr>.
--archives: Use archived log files too.
--filename <filename>: Used to specify they filename to save to. --filename <filename> [Forces output to file].
--range <range>: Date range: Yesterday, Today, All, Help
where help will describe additional options
--numeric: Display addresses numerically rather than symbolically and numerically
(saves a nameserver address-to-name lookup).
--debug <level>: Debug Level - High, Med, Low or any #.
--hostformat: Host Based Report Options - none [default], split, splitmail.
--hostlimit: Limit report to hostname - host1,host2.
--hostname: overwrites hostname
--html_wrap <num_characters>: Default is 80.
--version: Displays current version.
--help: This message.
--usage: Same as --help.
* = Switch can be specified multiple times...
[hhelibex@centos7 ~]$
unified diffも取ってみる。
--- centos6
+++ centos7
@@ -1,31 +1,33 @@
-Usage: /usr/sbin/logwatch [--detail <level>] [--logfile <name>]
- [--print] [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]
- [--save <filename>] [--help] [--version] [--service <name>]
- [--numeric] [--output <output_type>]
- [--splithosts] [--multiemail] [--no-oldfiles-log]
+Usage: /usr/sbin/logwatch [--detail <level>] [--logfile <name>] [--output <output_type>]
+ [--format <format_type>] [--encode <enconding>] [--numeric] [--no-oldfiles-log]
+ [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]
+ [--filename <filename>] [--help|--usage] [--version] [--service <name>]
+ [--hostformat <host_format type>] [--hostlimit <host1,host2>] [--html_wrap <num_characters>]
--detail <level>: Report Detail Level - High, Med, Low or any #.
--logfile <name>: *Name of a logfile definition to report on.
--logdir <name>: Name of default directory where logs are stored.
--service <name>: *Name of a service definition to report on.
---print: Display report to stdout.
+--output <output type>: Report Output - stdout [default], mail, file.
+--format <formatting>: Report Format - text [default], html.
+--encode <encoding>: Enconding to use - none [default], base64.
+--no-oldfiles-log: Suppress the logwatch log, which informs about the
+ old files in logwatch tmpdir.
--mailto <addr>: Mail report to <addr>.
--archives: Use archived log files too.
---save <filename>: Save to <filename>.
+--filename <filename>: Used to specify they filename to save to. --filename <filename> [Forces output to file].
--range <range>: Date range: Yesterday, Today, All, Help
where help will describe additional options
--numeric: Display addresses numerically rather than symbolically and numerically
(saves a nameserver address-to-name lookup).
--debug <level>: Debug Level - High, Med, Low or any #.
---splithosts: Create a report for each host in syslog.
---multiemail: Send each host report in a separate email. Ignored if
- not using --splithosts.
---output <output type>: Report Format - mail, html or unformatted#.
---encode: Use base64 encoding on output mail.
---no-oldfiles-log: Suppress the logwatch log, which informs about the
- old files in logwatch tmpdir.
+--hostformat: Host Based Report Options - none [default], split, splitmail.
+--hostlimit: Limit report to hostname - host1,host2.
+--hostname: overwrites hostname
+--html_wrap <num_characters>: Default is 80.
--version: Displays current version.
--help: This message.
+--usage: Same as --help.
* = Switch can be specified multiple times...
・・おいおい、変わりすぎでしょう。
まぁ、とりあえず「Output = file」「Filename = /tmp/logwatch」とすれば良さそう・・・ダメだった・・なぜにメールが飛ぶ!?・・
ということで、今度はcronの設定を疑ってみる。
[hhelibex@centos7 ~]$ cat /etc/cron.daily/0logwatch #!/bin/sh #Set logwatch location LOGWATCH_SCRIPT="/usr/sbin/logwatch" #Add options to this line. Most options should be defined in /etc/logwatch/conf/logwatch.conf, #but some are only for the nightly cronrun such as --output mail and should be set here. #Other options to consider might be "--format html" or "--encode base64", man logwatch for more details. OPTIONS="--output mail" #Call logwatch $LOGWATCH_SCRIPT $OPTIONS exit 0 [hhelibex@centos7 ~]$
・・ちょっと待て!!設定ファイルを無視して強制的にメール送信かよ!!
(疲れたので中略)
結局、辿り着いた答えは以下だった。
[hhelibex@centos7 ~]$ cat /etc/logwatch/conf/logwatch.conf # Local configuration options go here (defaults are in /usr/share/logwatch/default.conf/logwatch.conf) Detail = High Archives = Yes mailer = "cat > /tmp/logwatch" [hhelibex@centos7 ~]$
ちなみに余談だけど、CentOS 6環境のcron設定も覗いてみると・・・
[hhelibex@centos6 ~]$ cat /etc/cron.daily/0logwatch
#!/bin/bash
DailyReport=`grep -e "^[[:space:]]*DailyReport[[:space:]]*=[[:space:]]*" /usr/share/logwatch/default.conf/logwatch.conf | head -n1 | sed -e "s|^\s*DailyReport\s*=\s*||"`
if [ "$DailyReport" != "No" ] && [ "$DailyReport" != "no" ]
then
logwatch
fi
[hhelibex@centos6 ~]$
・・「/etc/logwatch/conf/logwatch.conf」で「DailyReport」を設定しても無視ですか・・orz
