Bug 132449

Summary: logwatch kernel module dosn't remove duplicate ports in low detail output
Product: [Fedora] Fedora Reporter: Aleksandar Milivojevic <alex>
Component: logwatchAssignee: Ivana Varekova <varekova>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 2CC: mattdm
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-01-09 13:32:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
remove duplicates from low detail output
none
Updated patch
none
kernel script patch (req Logwatch.pm script patch)
none
Logwatch.pm (add IPv6 to SortIP) none

Description Aleksandar Milivojevic 2004-09-13 16:11:35 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040626 Firefox/0.9.1

Description of problem:
Logwatch kernel module prints duplicate port entries in low detail
mode, which isn't particulary usefull.  Better way would be to remove
duplicates.

On an example, instead of printing:

  From 220.168.17.55 - 8 packets to tcp(22,22,22,22,22,22,22,25)

It could just print

  From 220.168.17.55 - 8 packets to tcp(22,25)

Much more readable.  Also, if there were more than 10 packets, but for
only two or three services, current logwatch would only print that
there were xxx packets from particular host.  With duplicates removal,
it would print three services that were affected.

Simple patch is included.

Version-Release number of selected component (if applicable):
logwatch-5.1-3

How reproducible:
Always

Steps to Reproduce:
1. Enable firewall logging
2. Run logwatch in low detail mode


Additional info:
Comment 1 Aleksandar Milivojevic 2004-09-13 16:13:01 UTC 
Created attachment 103786 [details]
remove duplicates from low detail output

This patch will remove duplicate ports from kernel module output (in low detail
mode).
Comment 2 Aleksandar Milivojevic 2004-09-15 15:07:06 UTC 
Created attachment 103865 [details]
Updated patch

Updated patch.	In previous one there was incorrect assumption that port list
is sorted (which it isn't).  It's fixed in this one.
Comment 3 Aleksandar Milivojevic 2004-09-15 20:06:09 UTC 
Created attachment 103881 [details]
kernel script patch (req Logwatch.pm script patch)

Maybe better way to do it.  Plus simple IPv6 solution.	Requires patch for
Logwatch.pm script.
Comment 4 Aleksandar Milivojevic 2004-09-15 20:07:44 UTC 
Created attachment 103882 [details]
Logwatch.pm (add IPv6 to SortIP)

SortIP function can now handle IPv6.
Comment 5 Matthew Miller 2005-04-26 15:57:11 UTC 
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Comment 6 Ivana Varekova 2006-01-09 13:32:40 UTC 
The devel version (logwatch-7.1) is fixed.