Package: logwatch Version: 7.1-2 Severity: important After recently upgrading logwatch (in etch), the root partition fills up each night due to excessive sized temporary files genereated by logwatch. This did not occur before the upgrade.
The main culprit seems to be the logwatch check for sonicwall. Sonicwall is not even installed on this system. Here is the cron output for the logwatch job: /etc/cron.daily/00logwatch: system zcat failed: 256 at /usr/sbin/logwatch line 764. run-parts: /etc/cron.daily/00logwatch exited with return code 2 Here are the temp files... # ls -l /tmp/logwatch.vbi0Wapz/ total 767516 -rw------- 1 root root 10722 2006-01-22 07:44 daemon -rw------- 1 root root 55369102 2006-01-22 07:53 kernel -rw------- 1 root root 103187405 2006-01-22 07:52 kernel-archive -rw------- 1 root root 0 2006-01-22 07:35 maillog -rw------- 1 root root 55328091 2006-01-22 07:44 messages -rw------- 1 root root 103207217 2006-01-22 07:35 messages-archive -rw------- 1 root root 0 2006-01-22 07:44 samba -rw------- 1 root root 9234 2006-01-22 07:35 secure -rw------- 1 root root 256045056 2006-01-22 07:54 sonicwall-archive -rw------- 1 root root 55413734 2006-01-22 07:51 syslog -rw------- 1 root root 156532941 2006-01-22 07:44 syslog-archive Here are the system log files: # ls -l /var/log total 157928 -rw-r--r-- 1 root root 50569 2006-01-21 23:20 aptitude -rw-r--r-- 1 root root 3746 2005-12-10 14:25 aptitude.1.gz -rw-r--r-- 1 root root 4310 2005-11-29 00:28 aptitude.2.gz -rw-r--r-- 1 root root 4686 2005-10-31 18:21 aptitude.3.gz -rw-r--r-- 1 root root 3311 2005-09-21 14:18 aptitude.4.gz -rw-r--r-- 1 root root 2491 2005-09-01 07:54 aptitude.5.gz -rw-r--r-- 1 root root 4719 2005-08-01 07:59 aptitude.6.gz -rw-r----- 1 root adm 1155 2006-01-22 10:17 auth.log -rw-r----- 1 root adm 46979 2006-01-20 08:44 auth.log.0 -rw-r----- 1 root adm 1572 2006-01-22 08:00 auth.log.1.gz -rw-r----- 1 root adm 150 2006-01-13 08:31 auth.log.2.gz -rw-r----- 1 root adm 1527 2006-01-15 08:17 auth.log.3.gz -rw-r----- 1 root adm 1427 2006-01-03 08:00 auth.log.4.gz -rw-r--r-- 1 root root 9394719 2004-03-15 00:06 base-config.log.1 -rw-r--r-- 1 root root 1068040 2004-03-15 00:06 base-config.timings.1 -rw-r----- 1 root adm 7541 2005-12-27 11:28 boot -rw-r----- 1 root adm 10009 2005-12-27 10:13 boot.0 -rw-r----- 1 root adm 2211 2005-12-26 11:36 boot.1.gz -rw-r----- 1 root adm 2646 2005-12-26 10:54 boot.2.gz -rw-r----- 1 root adm 2663 2005-12-24 21:51 boot.3.gz -rw-r----- 1 root adm 2251 2005-11-19 13:30 boot.4.gz -rw-rw-r-- 1 root utmp 0 2006-01-01 07:59 btmp -rw-rw-r-- 1 root utmp 0 2005-12-01 07:44 btmp.1 drwxr-xr-x 2 root root 4096 2006-01-22 08:00 cron-apt drwxr-xr-x 2 root root 4096 2006-01-22 08:00 cups -rw-r----- 1 root adm 1851 2006-01-22 10:58 daemon.log -rw-r----- 1 root adm 69562 2006-01-20 08:28 daemon.log.0 -rw-r----- 1 root adm 1595 2006-01-22 07:58 daemon.log.1.gz -rw-r----- 1 root adm 2229 2006-01-03 07:58 daemon.log.2.gz -rw-r----- 1 root adm 2365 2006-01-15 08:15 daemon.log.3.gz -rw-r----- 1 root adm 5931 2006-01-13 08:28 daemon.log.4.gz -rw-r----- 1 root adm 7186 2006-01-01 07:58 daemon.log.5.gz -rw-r----- 1 root adm 1312 2005-12-20 07:30 daemon.log.6.gz -rw-r----- 1 root adm 1576 2005-12-13 07:30 daemon.log.7.gz drwxr-xr-x 3 root root 4096 2004-03-13 14:55 debian-installer -rw-r--r-- 1 root root 0 2004-03-13 14:47 debootstrap.err.log -rw-r--r-- 1 root root 28876 2004-03-13 14:52 debootstrap.log -rw-r----- 1 root adm 0 2006-01-22 08:01 debug -rw-r----- 1 root adm 700 2006-01-20 04:04 debug.0 -rw-r----- 1 root adm 110 2006-01-22 04:27 debug.1.gz -rw-r----- 1 root adm 119 2006-01-03 04:42 debug.2.gz -rw-r----- 1 root adm 96 2006-01-15 04:26 debug.3.gz -rw-r----- 1 root adm 421 2006-01-06 16:39 debug.4.gz -rw-r----- 1 root adm 205 2005-01-04 04:44 debug.6.gz -rw-r--r-- 1 root root 140 2006-01-22 08:01 dirmngr.log -rw-r--r-- 1 root root 269 2006-01-22 08:01 dirmngr.log.1 -rw-r--r-- 1 root root 269 2006-01-15 08:18 dirmngr.log.2 -rw-r--r-- 1 root root 269 2006-01-13 08:28 dirmngr.log.3 -rw-r--r-- 1 root root 1060 2006-01-01 07:59 dirmngr.log.4 -rw-r--r-- 1 root root 15409 2005-12-27 11:27 dmesg -rw-r----- 1 root adm 262923 2006-01-21 23:33 dpkg.log -rw-r----- 1 root adm 117124 2005-12-10 15:06 dpkg.log.1 -rw-r----- 1 root adm 2223 2005-11-29 00:35 dpkg.log.2.gz -rw-r----- 1 root adm 24563 2005-10-31 18:26 dpkg.log.3.gz -rw-r----- 1 root adm 19325 2005-09-21 14:17 dpkg.log.4.gz -rw-r----- 1 root adm 8004 2005-08-27 23:40 dpkg.log.5.gz drwxr-s--- 2 Debian-exim adm 4096 2006-01-22 08:01 exim4 -rw-r--r-- 1 root root 2688 2006-01-18 00:24 faillog -rw-r--r-- 1 root root 1686 2006-01-18 00:12 fontconfig.log -rw-r--r-- 1 root root 27 2006-01-22 10:55 kdm.log -rw-r--r-- 1 root root 308 2006-01-22 08:01 kdm.log.1 -rw-r--r-- 1 root root 77 2006-01-21 07:59 kdm.log.2.gz -rw-r--r-- 1 root root 75 2006-01-20 08:42 kdm.log.3.gz -rw-r--r-- 1 root root 99 2006-01-19 08:28 kdm.log.4.gz -rw-r--r-- 1 root root 153 2006-01-18 10:18 kdm.log.5.gz -rw-r--r-- 1 root root 70 2006-01-17 07:59 kdm.log.6.gz -rw-r--r-- 1 root root 82 2006-01-16 08:18 kdm.log.7.gz -rw-r----- 1 root adm 7115637 2006-01-22 11:07 kern.log -rw-r----- 1 root adm 53301248 2006-01-21 07:52 kern.log.0 -rw-r----- 1 root adm 2144713 2006-01-22 07:54 kern.log.1.gz -rw-r----- 1 root adm 1714775 2006-01-20 08:43 kern.log.2.gz -rw-r----- 1 root adm 1641849 2006-01-19 08:29 kern.log.3.gz -rw-r----- 1 root adm 205288 2006-01-18 10:19 kern.log.4.gz -rw-r----- 1 root adm 17814 2006-01-15 08:18 kern.log.6.gz drwxr-xr-x 2 root root 12288 2004-11-05 20:49 ksymoops -rw-rw-r-- 1 root utmp 292876 2006-01-18 00:24 lastlog -rw-r----- 1 root adm 0 2005-11-01 08:07 lpr.log -rw-r----- 1 root adm 2110 2005-04-17 14:18 lpr.log.0 -rw-r----- 1 root adm 99 2005-10-31 17:35 lpr.log.1.gz -rw-r----- 1 root adm 112 2005-09-21 14:32 lpr.log.2.gz -rw-r----- 1 root adm 174 2005-07-24 12:24 lpr.log.3.gz -rw-r----- 1 root adm 173 2005-07-17 07:58 lpr.log.4.gz -rw-r--r-- 1 root root 0 2005-01-10 08:40 mail.err -rw-r--r-- 1 root root 174 2004-09-19 08:37 mail.err.1.gz -rw-r--r-- 1 root root 206 2004-09-15 09:03 mail.err.2.gz -rw-r--r-- 1 root root 0 2005-01-10 08:40 mail.info -rw-r--r-- 1 root root 174 2004-09-19 08:37 mail.info.1.gz -rw-r--r-- 1 root root 206 2004-09-15 09:03 mail.info.2.gz -rw-r--r-- 1 root root 0 2005-01-11 08:04 mail.log -rw-r--r-- 1 root root 292 2005-01-11 08:04 mail.log.1.gz -rw-r--r-- 1 root root 174 2004-09-19 08:37 mail.log.2.gz -rw-r--r-- 1 root root 206 2004-09-15 09:03 mail.log.3.gz -rw-r--r-- 1 root root 0 2005-01-10 08:40 mail.warn -rw-r--r-- 1 root root 174 2004-09-19 08:37 mail.warn.1.gz -rw-r--r-- 1 root root 206 2004-09-15 09:03 mail.warn.2.gz -rw-r----- 1 root adm 7115688 2006-01-22 11:07 messages -rw-r----- 1 root adm 53260288 2006-01-21 07:51 messages.0 -rw-r----- 1 root adm 2149112 2006-01-22 07:54 messages.1.gz -rw-r----- 1 root adm 1718812 2006-01-20 08:43 messages.2.gz -rw-r----- 1 root adm 1645885 2006-01-19 08:29 messages.3.gz -rw-r----- 1 root adm 209535 2006-01-18 10:19 messages.4.gz -rw-r----- 1 root adm 28981 2006-01-15 08:18 messages.6.gz drwxr-sr-x 2 news news 4096 2004-03-13 14:57 news drwxr-xr-x 2 root root 4096 2006-01-05 07:59 ntpstats -rw-r--r-- 1 root root 51582 2006-01-20 08:44 popularity-contest -rw-r--r-- 1 root root 52152 2006-01-13 08:31 popularity-contest.0 -rw-r--r-- 1 root root 15231 2006-01-03 08:00 popularity-contest.1.gz -rw-r--r-- 1 root root 15221 2005-12-27 10:38 popularity-contest.2.gz -rw-r--r-- 1 root root 15244 2005-12-20 07:45 popularity-contest.3.gz -rw-r--r-- 1 root root 15217 2005-12-13 07:58 popularity-contest.4.gz -rw-r--r-- 1 root root 15136 2005-12-06 07:48 popularity-contest.5.gz -rw-r--r-- 1 root root 15042 2005-11-29 07:44 popularity-contest.6.gz drwxr-x--- 2 root adm 4096 2006-01-22 08:01 samba -rw-r----- 1 root adm 7118367 2006-01-22 11:07 syslog -rw-r----- 1 root adm 1228142 2005-11-14 08:07 syslog.0 -rw-r----- 1 root adm 2164369 2006-01-22 07:54 syslog.1.gz -rw-r----- 1 root adm 2097889 2006-01-21 07:52 syslog.2.gz -rw-r----- 1 root adm 2076619 2006-01-20 08:42 syslog.3.gz -rw-r----- 1 root adm 1988419 2006-01-19 08:28 syslog.4.gz -rw-r----- 1 root adm 246875 2006-01-18 10:18 syslog.5.gz -rw-r----- 1 root adm 28988 2006-01-17 07:58 syslog.6.gz -rw-r----- 1 root adm 29854 2006-01-16 08:17 syslog.7.gz -rw-r----- 1 root adm 0 2006-01-22 08:01 user.log -rw-r----- 1 root adm 59000 2006-01-20 04:05 user.log.0 -rw-r----- 1 root adm 3644 2006-01-22 04:29 user.log.1.gz -rw-r----- 1 root adm 4463 2006-01-03 04:41 user.log.2.gz -rw-r----- 1 root adm 9916 2006-01-15 05:26 user.log.3.gz -rw-r----- 1 root adm 8863 2006-01-13 07:46 user.log.4.gz -rw-r--r-- 1 root root 0 2004-03-21 09:11 uucp.log -rw-r--r-- 1 root root 2165 2004-03-18 23:28 uucp.log.1.gz -rw-rw-r-- 1 root utmp 4992 2006-01-21 17:02 wtmp -rw-rw-r-- 1 root utmp 81408 2005-12-27 17:44 wtmp.1 -rw-r--r-- 1 root root 0 2004-04-04 08:49 xdm.log -rw-r--r-- 1 root root 1322 2004-04-03 12:49 xdm.log.1 -rw-r--r-- 1 root root 661 2004-03-29 15:32 xdm.log.2 -rw-r--r-- 1 root root 3444 2004-03-18 21:48 xdm.log.3 -rw-r--r-- 1 root root 44702 2005-09-10 19:16 XFree86.0.log -rw-r--r-- 1 root root 47865 2005-09-10 18:51 XFree86.0.log.old -rw-r--r-- 1 root root 47905 2004-04-11 18:32 XFree86.1.log -rw-r--r-- 1 root root 47905 2004-04-11 18:31 XFree86.1.log.old -rw-r--r-- 1 root root 0 2005-12-27 11:28 xfs.log -rw-r--r-- 1 root root 52235 2006-01-22 10:55 Xorg.0.log -rw-r--r-- 1 root root 25680 2005-12-27 10:13 Xorg.0.log.old The sonicwall-archive file does not contain any references to sonicwall: # head -20 /tmp/logwatch.vbi0Wapz/sonicwall-archive Jan 18 10:19:10 carrera syslogd 1.4.1#17: restart. Jan 18 10:19:12 carrera kernel: ip_local_deliver: bad skb: PRE_ROUTING LOCAL_IN LOCAL_OUT POST_ROUTING Jan 18 10:19:12 carrera kernel: skb: pf=2 (unowned) dev=lo len=250 Jan 18 10:19:12 carrera kernel: PROTO=6 127.0.0.1:58930 127.0.0.1:1043 L=250 S=0x00 I=33474 F=0x4000 T=64 Jan 18 10:19:12 carrera kernel: ip_local_deliver: bad skb: PRE_ROUTING LOCAL_IN LOCAL_OUT POST_ROUTING Jan 18 10:19:12 carrera kernel: skb: pf=2 (unowned) dev=lo len=201 Jan 18 10:19:12 carrera kernel: PROTO=6 127.0.0.1:1043 127.0.0.1:58930 L=201 S=0x00 I=49035 F=0x4000 T=64 Jan 18 10:19:12 carrera kernel: ip_local_deliver: bad skb: PRE_ROUTING LOCAL_IN LOCAL_OUT POST_ROUTING Jan 18 10:19:12 carrera kernel: skb: pf=2 (unowned) dev=lo len=52 Jan 18 10:19:12 carrera kernel: PROTO=6 127.0.0.1:58930 127.0.0.1:1043 L=52 S=0x00 I=33476 F=0x4000 T=64 Jan 18 10:19:12 carrera kernel: ip_local_deliver: bad skb: PRE_ROUTING LOCAL_IN LOCAL_OUT POST_ROUTING Jan 18 10:19:12 carrera kernel: skb: pf=2 (unowned) dev=lo len=221 Jan 18 10:19:12 carrera kernel: PROTO=6 127.0.0.1:58930 127.0.0.1:1043 L=221 S=0x00 I=33478 F=0x4000 T=64 Jan 18 10:19:12 carrera kernel: ip_local_deliver: bad skb: PRE_ROUTING LOCAL_IN LOCAL_OUT POST_ROUTING Jan 18 10:19:12 carrera kernel: skb: pf=2 (unowned) dev=lo len=2661 Jan 18 10:19:12 carrera kernel: PROTO=6 127.0.0.1:1043 127.0.0.1:58930 L=2661 S=0x00 I=49037 F=0x4000 T=64 Jan 18 10:19:12 carrera kernel: ip_local_deliver: bad skb: PRE_ROUTING LOCAL_IN LOCAL_OUT POST_ROUTING Jan 18 10:19:12 carrera kernel: skb: pf=2 (unowned) dev=lo len=221 Jan 18 10:19:12 carrera kernel: PROTO=6 127.0.0.1:58930 127.0.0.1:1043 L=221 S=0x00 I=33480 F=0x4000 T=64 Jan 18 10:19:12 carrera kernel: ip_local_deliver: bad skb: PRE_ROUTING LOCAL_IN LOCAL_OUT POST_ROUTING The only local logwatch configuration option was to turn the detail down to low: # cat /etc/logwatch/conf/logwatch.conf # GRC settings (see /usr/share/doc/logwatch/HOWTO-Customize-LogWatch) Detail = Low -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-grc.2005.09.20 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) (ignored: LC_ALL set to [EMAIL PROTECTED]) Versions of packages logwatch depends on: ii gawk 1:3.1.5-1 GNU awk, a pattern scanning and pr ii mailutils [mailx] 1:0.6.90-3 GNU mailutils utilities for handli ii perl 5.8.7-10 Larry Wall's Practical Extraction logwatch recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]