named logs are not being reported in logwatch

Thank you for taking the time to report this bug and helping to make Ubuntu better.

Do you know if Debian also has this bug? If so, the appropriate place to fix it would be in Debian first. Ubuntu will then pick up the fix, and once this is done it can be backported to 12.04 if appropriate.

I will look into it this week and respond accordingly

You should consider marking this bug as a duplicate of Bug #794727.

Thanks Craig. It looks like you've identified the underlying cause of the problem.

I've read bug 794727. I think that marking this bug as a duplicate will conflate three issues:

1) The change in the rsyslog package to stop logging to /var/log/messages (intentional, so nominally Won't Fix).
2) The request for a symlink supplied by the rsyslog package to reduce user confusion (Wishlist).
3) Upstream logwatch assuming messages for a bunch of services, which then doesn't work due to the change in the rsyslog package to stop logging to /var/log/messages (I'd say this is Medium, since the logwatch package is directly not working as upstream intended).

I think it would be better to track these related issues separately for now - especially as the first seems contentious to some, is attracting lots of "me too" comments, and thus could possibly increase confusion as it won't be clear which of these three issues comments refer to.

Thanks, Robie, for your comments. All of the points you have made are right on the money, and your approach is better than marking the bug(s) as duplicates. It seems there are several logwatch bugs besides this one (including Bug #752172 and Bug #1010602 ??) that are related to upstream Bug #794727. Do you agree? If so, I would propose that all of the relevant logwatch bugs be linked to upstream Bug #794727 so that whatever the outcome, they can be tracked together.

@Craig

Thanks for taking the time to find the duplicates. I agree with bug 752172 and have marked that duplicate. I disagree on bug 1010602 - samba doesn't log to /var/log/messages; it logs to /var/log/samba/. So I think that is a separate issue and have left it as-is.

Every service that specifies 'LogFile = messages' in its LogWatch .conf file (there are 40 of them) is now dead in LogWatch. I would propose one of the following fixes:

1) Remove the 'LogFile = messages' line completely from all of the aforementioned .conf files. The result will be that the default location(s) will be searched/parsed for messages. The current default is 'All' This is simple and straightforward. Or...

2) Change the 'LogFile = messages' line to 'LogFile = syslog' in all of the aforementioned .conf files.

This has existed for close to a year now, and (to me at least) doesn't appear to be fixed. I had this same issue some time back, and re-installed inetutils-syslogd to fix this, since logwatch doesn't work.

Is there any immediate work around?

I wish there was an edit feature.

I found this while browsing for a fix: https://bugzilla.redhat.com/attachment.cgi?id=407611&action=diff#/usr/share/logwatch/scripts/shared/applystddate.orig_sec2

Could this be implemented into ubuntu's logwatch package?

@Robie: Any progreess here? I noticed that awhile back I had inadvertently changed the status from triaged to confirmed. I am unable to change it back to triaged. Robie, could you please change the status back to triaged?

Is there some reason why this has not gone anywhere? Earlier I proposed two possible fixes:

1) Remove the 'LogFile = messages' line completely from all of the aforementioned .conf files. The result will be that the default location(s) will be searched/parsed for messages. The current default is 'All' This is simple and straightforward. Or...

2) Change the 'LogFile = messages' line to 'LogFile = syslog' in all of the aforementioned .conf files.

Robie, could you comment on these? Good? Bad? If either of them are acceptable, could we move forward? If neither are acceptable, could you suggest an alternative?

Thanks.

Still running into this. One thought: Instead of changing all of those 'LogFile = messages' lines to 'LogFile = syslog', why not do a distribution override (/usr/share/logwatch/dist.conf/logfiles/messages.conf) to cause 'messages' to instead look at /var/log/syslog et al?

At least in Trusty, it seems like named.conf refers to daemon.log and not messages/syslog anymore.

I think this should be closed due to the time involved, and 10.04/12.04 no longer being maintained.

How can this be closed?

Indeed, the configuration we have in /usr/share/logwatch/dist.conf (which overrides /usr/share/logwatch/default.conf) seems correct and no longer uses "messages".