0

The logwatch documentation says the LogFile command can handle absolute paths. Accordingly, I have a celery.conf file in /etc/logwatch/conf/services as follows:

Title = "Watchdog Celery worker errors"
LogFile = /var/log/208-celery.log
LogFile = /var/log/234-celery.log
LogFile = /var/log/403-celery.log
LogFile = /var/log/dev-celery.log

(The intention is for the four specified log files to be combined into a single group for logwatch.)

I get this error:

*** Error: There is no logfile defined. Do you have a /etc/logwatch/conf/logfiles//var/log/208-celery.log.conf file ?
*** Error: There is no logfile defined. Do you have a /etc/logwatch/conf/logfiles//var/log/234-celery.log.conf file ?
*** Error: There is no logfile defined. Do you have a /etc/logwatch/conf/logfiles//var/log/403-celery.log.conf file ?
*** Error: There is no logfile defined. Do you have a /etc/logwatch/conf/logfiles//var/log/dev-celery.log.conf file ?
Can't open: /usr/share/logwatch/scripts/services/celery at /usr/sbin/logwatch line 1329.

It seems like logwatch is not interpreting the LogFile commands as absolute paths for some reason. I have confirmed those log files definitely exist at those paths. As for the "Can't open..." error -- my guess is that logwatch is looking for a default configuration due to the lack of working LogFile commands.

So: how do I get logwatch to correctly watch those specific log files?

NOTE: I'm using logwatch v7.4.0 running on Ubuntu 12.04.4 LTS.

Ghopper21
  • 113
  • 10

1 Answers1

1

The LogFile entries in the config files under services refer to logfile groups which are defined in the corresponding config file under logfiles. See section A of the document you linked to for info about configuring a logfile group ...

# This will be the logfile named 'messages' in the default logfile # directory (probably /var/log). LogFile = messages

# You can also give this command with an absolute path, like this: LogFile = /var/log/messages

And section B for referring to these groups in a config file under services ...

For a service filter that needs messages from /var/log/messages you would add this line:

LogFile = messages

NOTE: This is not because the name of the logfile is 'messages', but it is because the name of the LogFile Group that has been defined is 'messages'.

The error /usr/share/logwatch/scripts/services/celery is because you haven't created a service filter executable as described in section C of the document. You should create this (using the example script) under /etc/logwatch/scripts/services making sure that it is executable. I've just tried this (logwatch 7.4.0 on CentOS 7.2 and it works as expected.

Paul Haldane
  • 4,517
  • 1
  • 21
  • 32
  • Ah I think I see, when it talks about absolute path, it's talking about the path to the config file, not to the log file directly? That's where my confusion is coming in. – Ghopper21 Jan 19 '16 at 21:03
  • No - absolute paths can be used to refer to log files but _only_ in the config files in the `logfiles` folder. Within config files in the `services` folder you use the same keyword (`LogFile`) but here it refers to logfile group defined in a config under `logfiles`. – Paul Haldane Jan 19 '16 at 21:15
  • I see, thanks for the clarification. As soon as I get this working, I'll come back and accept your answer. – Ghopper21 Jan 19 '16 at 21:18
  • Hi, in services/celery.conf I've got `LogFile = celery` then in logfiles/celery.conf I've got the `LogFile` commands with the absolute paths to the actual log files (as in my question above). But it seems logwatch is NOT looking in /etc/logwatch/conf/logfile -- it's looking in a /usr/share/logwatch subdir; here's the error: "Can't open: /usr/share/logwatch/scripts/services/celery at /usr/sbin/logwatch line 1329." – Ghopper21 Jan 19 '16 at 22:21
  • So basically, how can I tell it to actually look for /etc/logwatch/conf/logfiles/celery.conf? – Ghopper21 Jan 19 '16 at 22:21
  • See my update to the answer - logstash _is_ finding the config files under `/etc/logstash` but now it's complaining that there's no filter script. It looks for this under `/etc/logstash` first then under `/usr/share/logwatch` but only reports on the last folder it searches. – Paul Haldane Jan 19 '16 at 22:48
  • Ok, put in a passthrough filter (just calls `cat`) and no more error. Thanks for your extra help on this to get it solved for me!!! – Ghopper21 Jan 19 '16 at 23:08