Hello Richard, Am Wed, May 14, 2025 at 10:55:48PM +0100 schrieb Richard Lewis: > On Wed, 14 May 2025 at 20:36, Helge Kreutzmann <[email protected]> wrote: > > > Since todays update of logcheck I get every message twice, > > does message mean every email, email from logcheck, or line in the > logceck report?
Every e-mail comes twice. But at different times, i.e. it take a while
until the 2nd e-mail comes. In my sample the first one comes 2 minutes
past the hour, the 2nd one arrives 7 - 17 minutes later.
Otherwise the e-mails look the same (except the deilvery date).
> is this perhaps because logcheck is reporting messages that are in the
> journal and rsyslog? (it should!)
Maybe.
> > and the
> > first entry is:
> > 2025-05-14T19:02:04.733378+02:00 twentytwo exim[42129]: 2025-05-14 19:02:04
> > 1uFFUa-00000000AxR-2z0z failed to write to main log: length=98 result=-1
> > errno=9 (Bad file descriptor)
> > 2025-05-14T19:02:04.735285+02:00 twentytwo exim[42129]: write failed on
> > panic log: length=123 result=-1 errno=9 (Bad file descriptor)
> >
> > Since exim (also in conjunction with previous logcheck) works fine
>
> this is exim saying that it was unable to write to
> /var/log/exim4/paniclog and failing - this very much suggests exim is
> not working fine
> if you are getting an emial from logcheck then that suggests logcheck
> is doing it's job and showing an issue.
I can downgrade logcheck to see if this goes away as well. But in the
exim logs themselves I could not see any issue, also there is more
than sufficient space on all relevant partitions.
> > However, I have no idea where to look for this problem, but I can most
> > certainly provide more information, please tell me what you need.
>
> obvious things would be
>
> is logcheck running from the systemd timer or the cron script?
So far, I used the cron script, I never configured anything for
systemd myself.
> what exim configuration are you using?
The one which was configured when installing the system. I don't send
e-mails dirctly from this machine, i.e. only local e-mail traffic.
> is the disk (or /var/log partition) full?
No.
> what are the permissions on /var/log/exim4/ and
drwxr-s--- 2 Debian-exim adm 4096 15. Mai 19:40 /var/log/exim4/
> /var/log/exim4/paniclog? (ls -l ?)
> is anything in paniclog?
There is no such file on my system.
> do other email messages work?
Yes, I get mails via fetchmail and they are processed as usual.
> what lines are in the journal when logcheck runs?
Well, I see the following:
Mai 15 20:02:01 twentytwo CRON[18514]: pam_unix(cron:session): session opened
for user logcheck(uid=113) by logcheck(uid=0)
Mai 15 20:02:01 twentytwo systemd[1]: Starting logcheck.service - logcheck...
Mai 15 20:02:01 twentytwo CRON[18517]: (logcheck) CMD ( if [ ! -d
/run/systemd/system ] && [ -x /usr/sbin/logcheck ]; then nice -n10
/usr/sbin/logcheck; fi)
Mai 15 20:02:01 twentytwo CRON[18514]: pam_unix(cron:session): session closed
for user logcheck
Mai 15 20:02:08 twentytwo systemd[1]: logcheck.service: Deactivated
successfully.
Mai 15 20:02:08 twentytwo systemd[1]: Finished logcheck.service - logcheck.
Mai 15 20:02:08 twentytwo systemd[1]: logcheck.service: Consumed 7.038s CPU
time, 249.2M memory peak.
But I'm no journal expert, I primarily look at the classic logs.
> what happens if you run logcheck manually? with the -d option?
I'll check that later.
> what is in logcheck.conf?
The non empty/non comment lines are:
REPORTLEVEL="server"
SENDMAILTO="logcheck"
MAILASATTACH=0
FQDN=1
TMP="/tmp"
Greetings
Helge
--
Dr. Helge Kreutzmann [email protected]
Dipl.-Phys. http://www.helgefjell.de/debian.php
64bit GNU powered gpg signed mail preferred
Help keep free software "libre": http://www.ffii.de/
signature.asc
Description: PGP signature
