Hello folks :)

I got a machine to look at, so I've issued a 'systemctl status' and see
a 'degraded' state.

so I've done a 'systemctl status --failed' and see that
'fwlogwatch.service' was never started and shows 'exit code' as reasons...

looking at the logs it appears it has never started fine since debian 12 install on this machine...


logs doesn't show more infos than the 'exit code'


why it doesn't work at all ? is someone had this problem also ?

and, how to correct this ?


note that there is ufw running on this machine since a week or so, no
other firewall, and having ufw stopped doesn't change the error from 'fwlogwatch' not starting.

Debian 12 is up to date here.


Thanks by advance for advices :)


Jeff

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Nov 20, 2024 at 01:19:24PM +0100, Jean-François Bachelet wrote:

Hello folks :)

I got a machine to look at, so I've issued a 'systemctl status' and see a 'degraded' state.

so I've done a 'systemctl status --failed' and see that 'fwlogwatch.service' was never started and shows 'exit code' as reasons...

looking at the logs it appears it has never started fine since debian 12 install on this machine...

Guessing by the package description, fwlogwatch just collects diverse
firewall logs and (optionally) may take actions. Moreover, the description encourages the guess that you might try starting it manually, to see
what kind of complaints it has?

It seems to have a man page.

Cheers
--
t

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZz3YRAAKCRAFyCz1etHa RvLfAJwM1eL+KZUAYuLQW90Q+gtHR9A0sQCdHu9BVZY7Ng142+J5IO5yJwd4G0c=
=i+dP
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Hello Tomas :)

Le 20/11/2024 à 13:38, tomas@tuxteam.de a écrit :

On Wed, Nov 20, 2024 at 01:19:24PM +0100, Jean-François Bachelet wrote:

Hello folks :)

I got a machine to look at, so I've issued a 'systemctl status' and see a
'degraded' state.

so I've done a 'systemctl status --failed' and see that 'fwlogwatch.service' >> was never started and shows 'exit code' as reasons...

looking at the logs it appears it has never started fine since debian 12
install on this machine...

Guessing by the package description, fwlogwatch just collects diverse firewall logs and (optionally) may take actions. Moreover, the description encourages the guess that you might try starting it manually, to see
what kind of complaints it has?

it is started by systemd at boot but crash.

I've tested starting it manualy with 'systemctl start fwlogwatch' but or
reboot after disabling ufw, but no changes.

it seems to be installed by default, but if it not work what's the point
? :/

It seems to have a man page.

checked it, nothing special in it, the only thing turned on is the 'fwlogwatch.pid' file that must be found by systemd in /run...

after check that file hasn't be created at installation time...

so I've 'touched' it ;)

and tried again a start... crash but some more infos now :


'systemctl start fwlogwatch.service' (root mode ;))

failed with exit code...


'systemctl status fwlogwatch.service' :

fwlogwatch.service - Firewall log analyzer
     Loaded: loaded (/lib/systemd/system/fwlogwatch.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Wed 2024-11-20 17:02:18 CET; 1min 27s ago
       Docs: man:fwlogwatch
    Process: 294164 ExecStart=/bin/sh -c if [ "x${START_DAEMON}" != "xtrue" ]; then echo "aborted"; exit 1; fi;    exec
/usr/sbin/fwlogwatch -c /etc/fwlogwatch/fwlogwatch.config -R ${PARAMS} (code=exited, status=1/FAILURE)
        CPU: 16ms

nov. 20 17:02:18 deb systemd[1]: Starting fwlogwatch.service -
Firewall log analyzer...
nov. 20 17:02:18 deb sh[294164]: aborted
nov. 20 17:02:18 deb systemd[1]: fwlogwatch.service: Control process
exited, code=exited, status=1/FAILURE
nov. 20 17:02:18 deb systemd[1]: fwlogwatch.service: Failed with
result 'exit-code'.
nov. 20 17:02:18 deb systemd[1]: Failed to start fwlogwatch.service - Firewall log analyzer.

'journalctl -xeu fwlogwatch.service' :

░░ L'unité (unit) fwlogwatch.service a échoué, avec le résultat failed.
nov. 20 17:02:18 voxdeb systemd[1]: Starting fwlogwatch.service -
Firewall log analyzer...
░░ Subject: L'unité (unit) fwlogwatch.service a commencé à démarrer ░░ Defined-By: systemd
â–‘â–‘ Support: https://www.debian.org/support
â–‘â–‘
░░ L'unité (unit) fwlogwatch.service a commencé à démarrer.
nov. 20 17:02:18 voxdeb sh[294164]: aborted
nov. 20 17:02:18 voxdeb systemd[1]: fwlogwatch.service: Control
process exited, code=exited, status=1/FAILURE
â–‘â–‘ Subject: Unit process exited
â–‘â–‘ Defined-By: systemd
â–‘â–‘ Support: https://www.debian.org/support
â–‘â–‘
â–‘â–‘ An ExecStart= process belonging to unit fwlogwatch.service has exited. â–‘â–‘
â–‘â–‘ The process' exit code is 'exited' and its exit status is 1.
nov. 20 17:02:18 voxdeb systemd[1]: fwlogwatch.service: Failed with
result 'exit-code'.
â–‘â–‘ Subject: Unit failed
â–‘â–‘ Defined-By: systemd
â–‘â–‘ Support: https://www.debian.org/support
â–‘â–‘
â–‘â–‘ The unit fwlogwatch.service has entered the 'failed' state with
result 'exit-code'.
nov. 20 17:02:18 voxdeb systemd[1]: Failed to start fwlogwatch.service
- Firewall log analyzer.
░░ Subject: L'unité (unit) fwlogwatch.service a échoué
â–‘â–‘ Defined-By: systemd
â–‘â–‘ Support: https://www.debian.org/support
â–‘â–‘
░░ L'unité (unit) fwlogwatch.service a échoué, avec le résultat failed.

try to see if a reboot changes anything here : no more chances, still
don't start.


I'm puzzled here ????


Help !


Cheers,

Jeff

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Nov 20, 2024 at 05:35:58PM +0100, Jean-François Bachelet wrote:

Hello Tomas :)

Le 20/11/2024 à 13:38, tomas@tuxteam.de a écrit :

On Wed, Nov 20, 2024 at 01:19:24PM +0100, Jean-François Bachelet wrote:

Hello folks :)

I got a machine to look at, so I've issued a 'systemctl status' and see a 'degraded' state.

so I've done a 'systemctl status --failed' and see that 'fwlogwatch.service'
was never started and shows 'exit code' as reasons...

looking at the logs it appears it has never started fine since debian 12 install on this machine...

Guessing by the package description, fwlogwatch just collects diverse firewall logs and (optionally) may take actions. Moreover, the description encourages the guess that you might try starting it manually, to see
what kind of complaints it has?

it is started by systemd at boot but crash.

I've tested starting it manualy with 'systemctl start fwlogwatch' but or reboot after disabling ufw, but no changes.

I was proposing you start it "directly" to perhaps see better what's
going wrong...

it seems to be installed by default, but if it not work what's the point ?
:/

It seems to have a man page.

checked it, nothing special in it, the only thing turned on is the 'fwlogwatch.pid' file that must be found by systemd in /run...

after check that file hasn't be created at installation time...

so I've 'touched' it ;)

and tried again a start... crash but some more infos now :

'systemctl start fwlogwatch.service' (root mode ;))

failed with exit code...

'systemctl status fwlogwatch.service' :

...ah I see now you are seeing more...

fwlogwatch.service - Firewall log analyzer
     Loaded: loaded (/lib/systemd/system/fwlogwatch.service; enabled; preset: enabled)
     Active: failed (Result: exit-code) since Wed 2024-11-20 17:02:18 CET; 1min 27s ago
       Docs: man:fwlogwatch
    Process: 294164 ExecStart=/bin/sh -c if [ "x${START_DAEMON}" != "xtrue" ]; then echo "aborted"; exit 1; fi;    exec /usr/sbin/fwlogwatch -c /etc/fwlogwatch/fwlogwatch.config -R ${PARAMS} (code=exited, status=1/FAILURE)
        CPU: 16ms

but alas, not much. Systemd seems to be more interested in itself
than in others. Oh, well. That's what nowadays is called a "service",
I s'ppose.

I'd try to running the thing manually, perhaps under strace if nothing
else helps. Perhaps it has a "debug" option? What does the man page
say?

Cheers
--
t

-----BEGIN PGP SIGNATURE-----

iF0EABECAB0WIQRp53liolZD6iXhAoIFyCz1etHaRgUCZz4WGwAKCRAFyCz1etHa RiMfAJ9Q5/gitJAqjJw0s9tkDxBReCU+9gCfa/vLksccG5HE2FBv2fRNa8LSpXE=
=w3w8
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Wed, Nov 20, 2024 at 05:35:58PM +0100, Jean-François Bachelet wrote:
[cut]

'systemctl status fwlogwatch.service' :

fwlogwatch.service - Firewall log analyzer
     Loaded: loaded (/lib/systemd/system/fwlogwatch.service;
enabled; preset: enabled)
     Active: failed (Result: exit-code) since Wed 2024-11-20
17:02:18 CET; 1min 27s ago
       Docs: man:fwlogwatch
    Process: 294164 ExecStart=/bin/sh -c if [ "x${START_DAEMON}" != >>"xtrue" ]; then echo "aborted"; exit 1; fi;    exec >>/usr/sbin/fwlogwatch -c /etc/fwlogwatch/fwlogwatch.config -R
${PARAMS} (code=exited, status=1/FAILURE)
        CPU: 16ms

nov. 20 17:02:18 deb systemd[1]: Starting fwlogwatch.service -
Firewall log analyzer...
nov. 20 17:02:18 deb sh[294164]: aborted
nov. 20 17:02:18 deb systemd[1]: fwlogwatch.service: Control process >>exited, code=exited, status=1/FAILURE
nov. 20 17:02:18 deb systemd[1]: fwlogwatch.service: Failed with
result 'exit-code'.
nov. 20 17:02:18 deb systemd[1]: Failed to start fwlogwatch.service
- Firewall log analyzer.

I might be reading this wrong, but the "ExecStart" command is a shell
script which basically says "if the $START_DAEMON variable does not
equal 'true', then echo 'aborted' and stop". Given you get sh printing
the word 'aborted', I think you're reading that branch.

Did you set "START_DAEMON=true" in /etc/default/fwlogwatch or similar?

--
For more information, please reread.

-----BEGIN PGP SIGNATURE-----

iQJqBAABCgBUFiEE1A0c5XWknk+U2MemZUdBNabqRbUFAmc+NYw2FIAAAAAAFQAY cGthLWFkZHJlc3NAZ251cGcub3JnbWFpbGluZ2xpc3RAZGFyYWMub3JnLnVrAAoJ EGVHQTWm6kW1ffgP/3vq0KeuW+nxBDY5Tso5DqvN1PGqH7CA940Bd8NRZ9J6vbmt 8EO3uRUbRMWAxpBVRLpkS20yMSdF5hozNCKSkGcj6gccEDVlX5SWWwncT1zlz8Ze T0hEqQnzh/9WN8nhQtNWT6bSp9PwTCMidG/wmROYo/FioK4PAUvlAkhAOu5C5/Xb az6DJsa9ZujoVgkPV95hgxaC585Y8CX5VHvl1nRN1F+E5Dneeh4BNCEfxDub+03K QEX6QdLvL9MbceUPdcuF49JfquSnDtBqKN4+B6Ug83WRIoWcoRJZLvf0RoARfP1Y qnciKWQoG7vcVZCKwIuhasnGu7b9AXJ9PLDLR0h4RWTAZm4pc7MgcvsZkSY40Xg2 kMVw9qSaSn6sdpDZQ62v8tIxymFuzjh9XoG/lBOmS/NmO9sRqyc9/hNU3JdojKdz 12/2cCzlWJWAJCDNVV8v6bwOEJFNFhh1CFL5ZQu8rpZdoKKVD5URhUZyVV8Qb0/t WMsS/bGp164xnj+l95cXlR2vDBLCSoTmI9zl6IRRTP+OR4jtr3CUr3vNlRrOCPsg PEMHuVHbJJAFkHpLYONtWJEg4Opb472cI2ZGMFss43Kw+6C6/xKRgobQXX9IJyYX sv1bLfQpWfYdMPlmq5ucyvXkQDSwygGS7WT5HV2uH9Es3HvxnjzIU1WW0S5p
=M7GC
-----END PGP SIGNATURE-----

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gat

Hello Marial :)

Le 20/11/2024 à 20:16, Darac Marjal a écrit :

On Wed, Nov 20, 2024 at 05:35:58PM +0100, Jean-François Bachelet wrote: [cut]

'systemctl status fwlogwatch.service' :

fwlogwatch.service - Firewall log analyzer
     Loaded: loaded (/lib/systemd/system/fwlogwatch.service; enabled; >>> preset: enabled)
     Active: failed (Result: exit-code) since Wed 2024-11-20 17:02:18 >>> CET; 1min 27s ago
       Docs: man:fwlogwatch
    Process: 294164 ExecStart=/bin/sh -c if [ "x${START_DAEMON}" !=
"xtrue" ]; then echo "aborted"; exit 1; fi;    exec /usr/sbin/
fwlogwatch -c /etc/fwlogwatch/fwlogwatch.config -R ${PARAMS}
(code=exited, status=1/FAILURE)
        CPU: 16ms

nov. 20 17:02:18 deb systemd[1]: Starting fwlogwatch.service -
Firewall log analyzer...
nov. 20 17:02:18 deb sh[294164]: aborted
nov. 20 17:02:18 deb systemd[1]: fwlogwatch.service: Control process
exited, code=exited, status=1/FAILURE
nov. 20 17:02:18 deb systemd[1]: fwlogwatch.service: Failed with
result 'exit-code'.
nov. 20 17:02:18 deb systemd[1]: Failed to start fwlogwatch.service -
Firewall log analyzer.

I might be reading this wrong, but the "ExecStart" command is a shell
script which basically says "if the $START_DAEMON variable does not
equal 'true', then echo 'aborted' and stop". Given you get sh printing
the word 'aborted', I think you're reading that branch.

Did you set "START_DAEMON=true" in /etc/default/fwlogwatch or similar?

there is no such stuff in the confs...

here is what the cron daily conf says for it :

/etc/cron.daily/fwlogwatch
#!/bin/sh
# fwlogwatch's daily cron job
# Copyright 2001 Alberto Gonzalez Iniesta <agi@agi.as>
# Licensed under the GNU General Public License, version 2. See the file
# /usr/share/common-licenses/GPL or <http://www.gnu.org/copyleft/gpl.txt>.
#
set -e
test $DEBIAN_SCRIPT_DEBUG && set -v -x

FWLOGWATCH=/usr/sbin/fwlogwatch
CONFIG=/etc/default/fwlogwatch
EXTRA_HEADER="Content-Type: text/plain"

test -x $FWLOGWATCH || exit 0
test -r $CONFIG || exit 0

# Source configuration generated from debconf's values
. $CONFIG

if [ "$CRON_EMAIL" = "none" ]; then
exit 0
fi

OUTPUT=`$FWLOGWATCH $CRON_PARAMS`

(echo "$OUTPUT" | grep -q 'No valid time entries found') \
&& exit 0

## Mail results

TMPFILE=`mktemp /tmp/fwlogwatch.XXXXXXXXXX`

#echo "From: " >> $TMPFILE
echo "To: $CRON_EMAIL" >> $TMPFILE
echo "Subject: fwlogwatch daily news" >> $TMPFILE

(echo "$OUTPUT" | grep -q '</html>') \
&& echo "Content-Type: text/html" >> $TMPFILE

echo >> $TMPFILE>
echo "$OUTPUT" >> $TMPFILE

/usr/lib/sendmail -F `id -nu` "$CRON_EMAIL" < $TMPFILE

rm -f $TMPFILE

# vim:set ai et sts=2 sw=2 tw=0:

as said, /etc/fwlogwatch.config is all commented out except for the pid
file.

btw, the pid file I've touched for fwlogwatch has disapeared from /run...

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 2024-11-20, Jean-François Bachelet wrote:

I might be reading this wrong, but the "ExecStart" command is a shell script >> which basically says "if the $START_DAEMON variable does not equal 'true', >> then echo 'aborted' and stop". Given you get sh printing the word 'aborted', >> I think you're reading that branch.
Did you set "START_DAEMON=true" in /etc/default/fwlogwatch or similar?

there is no such stuff in the confs...

I reply to you on debian-user-french yesterday

fwlogwatch.service use /lib/systemd/system/fwlogwatch.service
which use conf file /etc/default/fwlogwatch
and if START_DAEMON is not "true" it does exit 1
So you just need to put in /etc/default/fwlogwatch
START_DAEMON='true'

Did you check the right file /etc/default/fwlogwatch ? What version do
you have ? Provide us :
dpkg -l fwlogwatch

here is what the cron daily conf says for it :

[..]

as said, /etc/fwlogwatch.config is all commented out except for the pid
file.

I don't know where you find "/etc/fwlogwatch.config"
in this script I found :
CONFIG=/etc/default/fwlogwatch

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

XPost: linux.debian.user.french

Hello Michel ^^)

Le 21/11/2024 à 08:33, Michel Verdier a écrit :

On 2024-11-20, Jean-François Bachelet wrote:

I might be reading this wrong, but the "ExecStart" command is a shell script
which basically says "if the $START_DAEMON variable does not equal 'true', >>> then echo 'aborted' and stop". Given you get sh printing the word 'aborted',
I think you're reading that branch.
Did you set "START_DAEMON=true" in /etc/default/fwlogwatch or similar?

there is no such stuff in the confs...

I reply to you on debian-user-french yesterday

fwlogwatch.service use /lib/systemd/system/fwlogwatch.service
which use conf file /etc/default/fwlogwatch
and if START_DAEMON is not "true" it does exit 1
So you just need to put in /etc/default/fwlogwatch
START_DAEMON='true'

Did you check the right file /etc/default/fwlogwatch ? What version do
you have ? Provide us :
dpkg -l fwlogwatch

~/Bureau$ dpkg -l fwlogwatch

Souhait=inconnU/Installé/suppRimé/Purgé/H=à garder
| État=Non/Installé/fichier-Config/dépaqUeté/échec-conFig/H=semi-installé/W=attend-traitement-déclenchements
|/ Err?=(aucune)/besoin Réinstallation (État,Err: majuscule=mauvais)
||/ Nom Version Architecture Description +++-==============-============-============-=================================
ii fwlogwatch 1.4-4 amd64 Firewall log analyzer

apt says it it upto date.

here is what the cron daily conf says for it :

[..]

as said, /etc/fwlogwatch.config is all commented out except for the pid
file.

I don't know where you find "/etc/fwlogwatch.config"

sorry, mistaping ;) it's in '/etc/fwlogwatch/fwlogwatch.config'

in this script I found :
CONFIG=/etc/default/fwlogwatch

oups, the only place I'vee not checked... you're right it was there at
false, dunno why... changed it for 'true'.

and still crashing...

looking at the 'systemctl --failed' log it appears that it lacks the '/var/log/messages' directory, another thing that has not been created
at installation of fwlogwatch...

IMHO that should be corrected in the installer...

BTW, now its up and running. :) let's see if I get messages from it ^^)

Thanks everyone :)

Jeff

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On Thursday, 21 November 2024 07:24:49 -03 Jean-François Bachelet wrote:
Hello Jeff

Hello Michel ^^)

Le 21/11/2024 à 08:33, Michel Verdier a écrit :

On 2024-11-20, Jean-François Bachelet wrote:

[snip]

in this script I found :
CONFIG=/etc/default/fwlogwatch

oups, the only place I'vee not checked... you're right it was there at
false, dunno why... changed it for 'true'.

and still crashing...

looking at the 'systemctl --failed' log it appears that it lacks the '/var/log/messages' directory, another thing that has not been created
at installation of fwlogwatch...

Isn't /var/log/messages a file and not a directory?

IMHO that should be corrected in the installer...

BTW, now its up and running. :) let's see if I get messages from it
^^)

Thanks everyone :)

Jeff

All the best

--
Eike Lantzsch KY4PZ / ZP5CGE

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)