I've been having problems with logcheck lately and I could use some advice. I started out with logcheck being unable to read a log for one of the entries in my logcheck.logfiles. I went so far as to put recursive 777 permissions on the log file directory for those logs, but it still didn't work. The log wasn't vitally important so I removed it from the list and moved on.

However, last week logcheck stopped working altogether. Regrettably I can't remember the error, and I deleted all the emails, oh silly me. Thinking it was a permissions problem I changed the permissions on /var/log to 644 recursively, and then changed the permissions on auth.log* to 640 and xferlog* to 600. After this logcheck couldn't open any of the files in logcheck.logfiles.

I eventually changed the permissions on /var/log to 777 recursively with auth.log* being 640 and xferlog* being 600, and logcheck is working again. However, I am not happy with this solution. The box is a server box and I believe I have read that /var/log should have more restrictive permissions on it than this.

If anyone has an idea of what is going on, and how to get everything working again as it should, I would be grateful.