* [PVE-User] Upgrade to PVE8, logcheck, error on journalctl...
@ 2024-08-12 15:52 Marco Gaiarin
2024-08-15 7:28 ` Alwin Antreich via pve-user
0 siblings, 1 reply; 5+ messages in thread
From: Marco Gaiarin @ 2024-08-12 15:52 UTC (permalink / raw)
To: pve-user
I extensively use 'logcheck' on my servers.
I've just upgrade a server to PVE8 (a little test standalone server) and
logcheck start complain:
Logcheck failed: Your log entries may not have been checked.
Details:
Could not run journalctl or save output
To identify the cause you may wish to:
- Check temporary directory: /tmp/logcheck.N0YsPV
- verify that the logcheck user can read all
logfiles specified in;
/etc/logcheck/logcheck.logfiles
/etc/logcheck/logcheck.logfiled.d/*.logfiles
i've tried:
root@lisei:/etc/logcheck# su -s /bin/bash - logcheck
logcheck@lisei:~$ journalctl
No journal files were opened due to insufficient permissions.
but:
root@lisei:/etc/logcheck# id logcheck
uid=112(logcheck) gid=118(logcheck) groups=118(logcheck),4(adm)
so logcheck user seems have correct permission.
I've upgraded some plain debian VMs and containers to Bookworm, and i've not
hit troubles on logcheck. So seems something PVE specific...
Someone can help me? Thanks.
--
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PVE-User] Upgrade to PVE8, logcheck, error on journalctl...
2024-08-12 15:52 [PVE-User] Upgrade to PVE8, logcheck, error on journalctl Marco Gaiarin
@ 2024-08-15 7:28 ` Alwin Antreich via pve-user
2024-08-18 19:58 ` Marco Gaiarin
0 siblings, 1 reply; 5+ messages in thread
From: Alwin Antreich via pve-user @ 2024-08-15 7:28 UTC (permalink / raw)
Cc: Alwin Antreich, pve-user
[-- Attachment #1: Type: message/rfc822, Size: 4918 bytes --]
From: Alwin Antreich <alwin@antreich.com>
Cc: pve-user@lists.proxmox.com
Subject: Re: [PVE-User] Upgrade to PVE8, logcheck, error on journalctl...
Date: Thu, 15 Aug 2024 09:28:44 +0200
Message-ID: <E8672964-2E25-454C-944E-B8E151F70DE2@antreich.com>
On August 12, 2024 5:52:09 PM GMT+02:00, Marco Gaiarin <gaio@lilliput.linux.it> wrote:
>
>I extensively use 'logcheck' on my servers.
>
>I've just upgrade a server to PVE8 (a little test standalone server) and
>logcheck start complain:
>
> Logcheck failed: Your log entries may not have been checked.
>
> Details:
> Could not run journalctl or save output
>
> To identify the cause you may wish to:
> - Check temporary directory: /tmp/logcheck.N0YsPV
>
> - verify that the logcheck user can read all
> logfiles specified in;
> /etc/logcheck/logcheck.logfiles
> /etc/logcheck/logcheck.logfiled.d/*.logfiles
>
>i've tried:
>
> root@lisei:/etc/logcheck# su -s /bin/bash - logcheck
> logcheck@lisei:~$ journalctl
> No journal files were opened due to insufficient permissions.
>
>but:
>
> root@lisei:/etc/logcheck# id logcheck
> uid=112(logcheck) gid=118(logcheck) groups=118(logcheck),4(adm)
>
>so logcheck user seems have correct permission
Did you already look at apparmor, might it be blocked by it? You should see that in the dmesg.
Cheers,
Alwin
Hi Marco,
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PVE-User] Upgrade to PVE8, logcheck, error on journalctl...
2024-08-15 7:28 ` Alwin Antreich via pve-user
@ 2024-08-18 19:58 ` Marco Gaiarin
2024-08-19 5:35 ` Alwin Antreich via pve-user
[not found] ` <71a3501c3734603857ff73e84dd1ab3683cbc0a2@antreich.com>
0 siblings, 2 replies; 5+ messages in thread
From: Marco Gaiarin @ 2024-08-18 19:58 UTC (permalink / raw)
To: Alwin Antreich via pve-user; +Cc: pve-user
Mandi! Alwin Antreich via pve-user
In chel di` si favelave...
> Did you already look at apparmor, might it be blocked by it? You should see that in the dmesg.
No, nothing in logs...
--
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PVE-User] Upgrade to PVE8, logcheck, error on journalctl...
2024-08-18 19:58 ` Marco Gaiarin
@ 2024-08-19 5:35 ` Alwin Antreich via pve-user
[not found] ` <71a3501c3734603857ff73e84dd1ab3683cbc0a2@antreich.com>
1 sibling, 0 replies; 5+ messages in thread
From: Alwin Antreich via pve-user @ 2024-08-19 5:35 UTC (permalink / raw)
To: gaio; +Cc: Alwin Antreich, pve-user
[-- Attachment #1: Type: message/rfc822, Size: 4804 bytes --]
From: "Alwin Antreich" <alwin@antreich.com>
To: gaio@lilliput.linux.it
Cc: pve-user@lists.proxmox.com
Subject: Re: [PVE-User] Upgrade to PVE8, logcheck, error on journalctl...
Date: Mon, 19 Aug 2024 05:35:20 +0000
Message-ID: <71a3501c3734603857ff73e84dd1ab3683cbc0a2@antreich.com>
Hi Marco,
August 18, 2024 at 9:58 PM, "Marco Gaiarin" <gaio@lilliput.linux.it> wrote:
>
> Mandi! Alwin Antreich via pve-user
> In chel di` si favelave...
>
> >
> > Did you already look at apparmor, might it be blocked by it? You should see that in the dmesg.
> >
> No, nothing in logs...
>
Then, the user logcheck is running as really can't access the journal from the system, as it has no permission. Like the error message says.
For the permission you need to use systemd-journal, it has changed since Debian 8 (Jessie). Members of this group can use the command journalctl and read log files of systemd (in /var/log/journal).
Maybe you also have a look at journalcheck instead? It seems to be a replacement for logcheck.
Cheers,
Alwin
[-- Attachment #2: Type: text/plain, Size: 157 bytes --]
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 5+ messages in thread
[parent not found: <71a3501c3734603857ff73e84dd1ab3683cbc0a2@antreich.com>]
* Re: [PVE-User] Upgrade to PVE8, logcheck, error on journalctl...
[not found] ` <71a3501c3734603857ff73e84dd1ab3683cbc0a2@antreich.com>
@ 2024-08-19 8:52 ` Marco Gaiarin
0 siblings, 0 replies; 5+ messages in thread
From: Marco Gaiarin @ 2024-08-19 8:52 UTC (permalink / raw)
To: pve-user
Mandi! Alwin Antreich
In chel di` si favelave...
> Then, the user logcheck is running as really can't access the journal from the
> system, as it has no permission. Like the error message says.
> For the permission you need to use systemd-journal, it has changed since Debian
> 8 (Jessie). Members of this group can use the command journalctl and read log
> files of systemd (in /var/log/journal).
The problem is exactly that. 'logcheck' is a member of group 'adm', and in
'plain' Debian 12 can access journal, in PVE 8 no.
So, seems a specific 'PVE bug'; the apparmor hint was a good hint (because
AFAIK Debian does not enable apparmor by default), but seems not that...
> Maybe you also have a look at journalcheck instead? It seems to be a
> replacement for logcheck.
You meant this?:
https://github.com/lynix/journalcheck
seems not just packaged... and logcheck support journal!
--
_______________________________________________
pve-user mailing list
pve-user@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-user
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-08-19 8:54 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-08-12 15:52 [PVE-User] Upgrade to PVE8, logcheck, error on journalctl Marco Gaiarin
2024-08-15 7:28 ` Alwin Antreich via pve-user
2024-08-18 19:58 ` Marco Gaiarin
2024-08-19 5:35 ` Alwin Antreich via pve-user
[not found] ` <71a3501c3734603857ff73e84dd1ab3683cbc0a2@antreich.com>
2024-08-19 8:52 ` Marco Gaiarin
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox