Bug 139606

Summary: New sshd logs not processed correctly
Product: [Fedora] Fedora Reporter: Alan Hamilton <alanh>
Component: logwatchAssignee: Ivana Varekova <varekova>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: medium    
Version: 3CC: djk
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-06-24 11:12:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 227805    

Description Alan Hamilton 2004-11-16 21:46:11 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; rv:1.7.3)
Gecko/20040913 Firefox/0.10.1

Description of problem:
FC3 uses openssh-3.9p1-7.  The logs are in a slightly different
format, so some messages are lumped into **Unmatched Entries**

Version-Release number of selected component (if applicable):
logwatch-5.2.2-1

How reproducible:
Always

Steps to Reproduce:
1.  Run logwatch against openssh-3.9p1-7 that contains Invalid user
and Failed password lines

    
Actual Results:
   **Unmatched Entries**
Invalid user test from ::ffff:220.70.167.67
Failed password for invalid user test from ::ffff:220.70.167.67 port
33205 ssh2
Invalid user guest from ::ffff:220.70.167.67
Failed password for invalid user guest from ::ffff:220.70.167.67 port
33490 ssh2

Expected Results:
Illegal users from these:
   test/password from ::ffff:220.70.167.67: 1 Time(s)
   guest/password from ::ffff:220.70.167.67: 1 Time(s)

Failed logins from these:
   test/password from ::ffff:220.70.167.67: 1 Time(s)
   guest/password from ::ffff:220.70.167.67: 1 Time(s)

Comment 1 David Keegel 2005-05-21 00:46:29 UTC
It looks like this should be fixed in logwatch 6.0.1 shipped with FC4 test3.
(I have the same problem with FC3, and get logs of unmatched entries.)

Comment 2 Ivana Varekova 2005-06-24 11:12:54 UTC
This problem is fixed in the current release.