[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: logcheck shows only accounting tool, Debian 11?

On Mon, Apr 04, 2022 at 12:46:33PM -0700, John Conover wrote:
> 
> For the past few days, logcheck is sending:
> 
>     Apr  4 11:40:13 john systemd[1]: Starting system activity accounting tool...
>     Apr  4 11:40:13 john systemd[1]: sysstat-collect.service: Succeeded.
>     Apr  4 11:40:13 john systemd[1]: Finished system activity accounting tool.
> 
> iterated every 10 minutes for the hour logcheck message.
> 
> That is all logcheck is sending; the rest of the normal expected data
> is omitted.
> 
> The files in /var/log/* seem to contain the normal expected data,
> which is ommitted from the logcheck hourly message.
> 
> Any ideas would be appreciated,

If you have a tool like etckeeper installed, you can consult the git
history to determine if any changes have been made to the logcheck
ignore files recently.  Absent that, you can use a command like this:

sudo find /etc/logcheck/ -type f -exec dpkg -S {} \; | cut -f1 -d':' | sort -u

That will give you a list of packages that own files under /etc/logcheck
and then you can consult /var/log/dpkg.log* for recent updates to those
packages.

If you just want to know what the next logcheck report will contain
(e.g., because you've tweaked the ignore filters and you want to make
sure that it excludes the right thing), you can do something like this:

sudo -u logcheck -s /usr/sbin/logcheck -t -o

Regards,

-Roberto
-- 
Roberto C. Sánchez
Reply to: