I can access very few log files. After trying to determine the cause in the web cgi I finally went to cli and looked at logwatch. My CGI would not access any files listed in logwatch. But I was able to see there were lots of files there and I opened a few of them and read the contents which were correct. There was one thing all files had at the very beginning.
Error: There is no logile defined. Do you have a /etc/logwatch/conf/logfiles/secure.conf file?
After going to that location and looking I could see there was no secure.conf file. Now, my question is: HOW do I get the system to generate one or how do I make one? I have looked over the wiki and everything else I could think of to find the answer and for some reason I can’t.
Sorry to have to ask again for guidance but I am lost on this. Thanks in advance for any advice given.
If you are looking for log files in general look at:
cd /var/log
ls -al
and you’ll see LOTS of them.
EDIT: I think I stumbled across what you see.
Your referring to the error line below. It appears in all of my logwatch files. Not sure if it matters or not.
[root@ipfire logwatch]# cat 2021-05-19
*** Error: There is no logfile defined. Do you have a /etc/logwatch/conf/logfiles/secure.conf file ?
################### Logwatch 7.5.5 (01/22/21) ####################
Processing Initiated: Thu May 20 00:05:05 2021
Date Range Processed: yesterday
( 2021-May-19 )
Period is day.
Detail Level of Output: 10
Type of Output/Format: stdout / text
Logfiles for Host: ipfire.localdomain
##################################################################
--------------------- dhcpd Begin ------------------------
Anyway, there are daily log files in /var/log/logwatch/ It seems that the first line of each log file (format is yyyy-mm-dd) contains " *** Error: There is no logfile defined. Do you have a /etc/logwatch/conf/logfiles/secure.conf file ? "
So, is there an underlying bug somewhere? I don’t know.
I’m not sure either. I assumed it was just my system. It all started because I was only able to access approximately 1/3 of my log files from the cgi. But they exist on the computer. So I began to try to find out WHY my cgi was not able to access them. A wiki page told me to go look in logwatch so I did. Don’t ask me to find that page again. I spent most of a day reading anything related to this issue. As you pointed out the first line says error and the rest. Maybe someone with the programming knowledge will see this post and point out where I made my mistakes and what I need to do to correct them.
Thanks guys for your quick replies. I appreciate it very much.
You don’t need to worry about that error message at the top of every logwatch file. Somewhere in logwatch, I haven’t been able to find out where yet, it is being told to look for logs defined by the secure.conf file. However the IPFire rootfile has the installation of secure.conf commented out, the same as other conf files that are not of use to IPFIre.
The error message is just saying
“Hey I was told to look for secure logs but I can’t find secure.conf to tell me how to do that.”
It would be good to stop that error message needing to occur but it is not stopping anything working. Everyone will have that message.
Your problem with logs must be something else.
In the WUI I presume you are using Logs - System Logs to access the logs.
In my system some are empty because I am not using those functions but I can find logs for the following basic entries that I would expect you to also be able to see.
Kernel
DNS: Unbound
Pakfire
DHCP Server
SSH (if you are accessing the command line via ssh)
Looking through the IPFire source code logwatch appears to only be used for the data shown in Logs - Log Summary
The System Logs are basically greps of the /var/log/messages logfiles. Each System Log menu entry has a regex defined to filter out the required messages.
So are you having problems finding log data for System Logs or for Log Summary?
I followed the recommendation to delete the logwatch file. It seems to have helped to a certain extent. Log Summary has begun to work again. It had stopped. Under System Logs I now get:
Kernel= No record
DNS: Unbound= 1 record. Todays. Nothing from the past for over a month.
Pakfire= Todays records. Nothing from the past for over a month.
DHCP Server= Todays records. Nothing from the past for over a month.
SSH= Not being used.
I assume my deleting the log file is why I get nothing from the past but it is also why things have begun to work again. I would not have thought deleting that file would repair the system. The file was rather large but I have more than enough disk space. Anyway, deleting that file worked. From what I can tell everything related to viewing logs is back in working condition. I have went back through the posts here and for some reason I can’t find the post telling that he had the same issue and found that log file full of errors so deleted it and it started working again. Mine did not appear full of errors unless he was referring to that one we have been discussing. But deleting it worked for him and it worked for me. I wish I could locate that post so I could mark it as the answer and any other flags I could find. Anyone runs across it please sent me a msg so I can.
I thank you all for your efforts and replies.
These System Logs get their messages from the messages log. I can’t tell if logwatch is indirectly used in that process but I didn’t see it being used in the source code.
You can check what your messages log is containing for the kernel by running the following command from the command line
/var/log/messages | grep kernel
Replace kernel with unbound or pakfire to see the entries in the messages log for those items.
