similar to: Bug#336265: logrotate detection, possible attack not checked by logcheck

Hi gang, While writing a script that uses logtail, I noticed that logtail assumes nothing interesting happened between its last invocation and the rotation, which means that exciting bits of data could be lost. This seems a bit dodgy (correct me if I'm wrong about how it works!) so I made a dodgy patch to logtail that checks for the existence of $logfile.0, which on Debian seems to always be

Package: logtail Version: 1.2.52 Severity: normal Tags: patch Hi, When a logfile is rotated, logtail misses the lines logged between the last logtail run and the logfile rotation. The attached patch allows to set an alternate logfile that logtail tries to use as the old logfile if the inode has changed. It can be used as: logtail -f /var/log/syslog -a /var/log/syslog.1 (Please note that this

Package: logtail Version: 1.2.33 Severity: normal Hi... Logtail should not output error messages to standard output, since this violates the principle of least surprise. In particular, my application was broken by the semantics of logtail changing in version 1.2.21 (when you added switches for the default arguments to logtail). I think this was a bad move -- you broke an interface used by

hi before checking in that chown fix, i wanted you to take a look. tested on my workstation. basicaly the patch takes care that logtail saves the offset file with the correct permissions. when playing around lately with file tampering and those invoking logcheck as root. i got similar output to #253998 Alfie may point out that i should not invoke logcheck as root, but i better fix that before

Package: logtail Version: 1.2.68 Severity: normal Hi, logtail does not cleanly update from logtail2: $ sudo dpkg --install /var/cache/apt/archives/logtail_1.2.68_all.deb (Reading database ... 26564 files and directories currently installed.) Unpacking logtail (from .../logtail_1.2.68_all.deb) ... dpkg: error processing /var/cache/apt/archives/logtail_1.2.68_all.deb (--install): trying to

Package: logcheck Version: 1.2.58.0 Severity: wishlist Tags: patch The attached patch is the diff from current svn trunk to my svn branch zugschlus200707. It introduces a new binary package logtail2 with a new binary logtail2 which enhances logtail substantially. logtail2 can process rotated logs internally, which makes the code inside logcheck and other programs that use logtail2 easier to

Hello, I'm having this error: Warning: If you are seeing this message, your log files may not have been checked! Details: Could not run logtail or save output Check temporary directory: /tmp/logcheck.EIX3jp declare -x HOME="/var/lib/logcheck" declare -x LANG="en_US" declare -x LANGUAGE="en_US:en_GB:en" declare -x LOGNAME="logcheck" declare -x

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.20 > package logcheck logcheck-database logtail Ignoring bugs not assigned to: logcheck-database logtail logcheck > tags 354820 + pending Bug#354820: rules to filter out entries caused by ssh scanners Tags were: patch Tags added: pending > tags 355085 + pending

logtail is a great program but it is incomplete. Currently it has no iead about log rolls which is normally done by renaming files from log to log.1 then log.2 etc... logtail should on seeing a different inode, try to determine if the log was just rolled as normal, and output the remainer of that rolled file, before outputing the other files down the chain to the current logfile. Of course

Hello! We have long running process and execute "cat /dev/null > logfile" to control logfile size. So it is normal case, when a log file is smaller. We would like to introduce new flag to disable the warning message. Please, accept the attached patch. --- /usr/sbin/logtail 2010-09-03 11:25:15.000000000 +0300 +++ logtail 2013-08-20 12:38:22.000000000 +0300 @@ -27,7 +27,7 @@ #

Processing commands for control at bugs.debian.org: > tags #288862 -patch Bug#288862: logtail: Please use getopts in a way usable with perl 5.6 Tags were: patch Tags removed: patch > severity #288862 wishlist Bug#288862: logtail: Please use getopts in a way usable with perl 5.6 Severity set to `wishlist'. > tags #288580 pending Bug#288580: logtail MUST depend on perl 5.8 (Debian

Package: logtail Version: 1.2.61 Severity: important Recently logcheck stopped working on my system and after running it manually I traced it to logtail2... I'd recently been forced to delete the archived logs on my system in order to make some space and that appears to confuse logtail2 completely... e.g.: root at macaroni:~# logtail2 -t /var/log/syslog Cannot get /var/log/syslog.1.gz mtime:

# Automatically generated email from bts, devscripts version 2.10.35 # via tagpending # # logcheck (1.3.2) experimental; urgency=low # # * Apply patch from Jari Aalto for fixing package description paragraph # ordering by importence, thanks (closes: #499415) # * Supress cron session closed messages too, thanks to Ferenc Wagner for # noticing (closes: #499393) # package logcheck-database

# Automatically generated email from bts, devscripts version 2.10.35 # via tagpending # # logcheck (1.3.2) experimental; urgency=low # # * Apply patch from Jari Aalto for fixing package description paragraph # ordering by importence, thanks (closes: #499415) # package logcheck-database logtail logcheck tags 499415 + pending

# Automatically generated email from bts, devscripts version 2.10.30 # via tagpending # # logcheck (1.2.65) unstable; urgency=low # # * ignore.d.server/courier: # - update rules to include port information; thanks to Antoine Pardignon # (closes: #446310). # - ignore couriertcpd messages; thanks to Andrew Gallagher # (closes: #451118). # * ignore.d.server/smbd_audit: # -

# Automatically generated email from bts, devscripts version 2.10.27 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/dhcp # - Adding dhcp rules for DNS updates by ddns_remove_a() # (closes: #459875, #472368) # - Added dhcp "removed reverse map" rule, which occurs on DHCPRELEASE. # * ignore.d.server/spamd # - deal with socket connections by e.g. evolution

# Automatically generated email from bts, devscripts version 2.10.30 # via tagpending # # logcheck (1.2.65) unstable; urgency=low # # * ignore.d.server/postfix: # - ignore connection messages for anonymous TLS connections; thanks to # Justin Larue (closes: #486440). # - ignore hostname verification due to DNS name not found; thanks to # Justin Larue (closes: #486440). # *

# Automatically generated email from bts, devscripts version 2.10.35 # via tagpending # # logcheck (1.3) unstable; urgency=low # # * Formalise the dropping of violations.d/logcheck. Please see # /usr/share/doc/logcheck-database/NEWS.Debian.gz for more information # (closes: #471072). # * Add Auto-Submitted header to outgoing mails (closes: #489172). # * ignore.d.server/kernel: # -

# Automatically generated email from bts, devscripts version 2.10.18.1 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/bind: # - moved "[bind] query $FOO denied" rule to violations.ignore.d # (closes: #443881). # - added bind's "AXFR ended" rule alongside "AXFR started" # (closes: #445046). # - added "adding an

Hello everyone, I know this isn't strictly CentOS query, but I am hoping that someone here with more experience than myself might have some thoughts. I am trying to get a plugin working for Ganglia on a CentOS 5.5 box, in a testing environment. The plugin is for apache monitoring, called Ganglia-Logtailer. This plugin requires the executable /usr/bin/logtail in order to work. The only