Bug 431538

Summary: lacking ':' in remote logging makes logwatch overlook entries
Product: [Fedora] Fedora Reporter: Anders Blomdell <anders.blomdell>
Component: rsyslogAssignee: Peter Vrabec <pvrabec>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 8CC: theinric
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: 2.0.2-1.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-02-16 02:15:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
keep ':' for legacy messages without hostname none

Description Anders Blomdell 2008-02-05 11:47:41 UTC 
Description of problem:

When running remote logging from a Fedora-7 to a Fedora-8 rsyslogd, the remote
entry is missing a ':' which makes logwatch overlook the entry.

Version-Release number of selected component (if applicable):

rsyslog-1.19.11-3.fc8
sysklogd-1.4.2-9.fc7

How reproducible:

Always


Steps to Reproduce:
1. Setup remote logging from a Fedora-7 to a Fedora-8 machine.
  
Actual results:

Feb  5 08:41:12 remote-fc8 ntpd[2540]: synchronized to 130.235.83.190, stratum 4
Feb  5 09:30:17 remote-fc7 ntpd[3251] synchronized to 130.235.83.190, stratum 4
Feb  5 09:55:03 local-fc8 ntpd[2466]: synchronized to 130.235.83.190, stratum 4

The missing ':' after 'ntpd[3251]' for the remote-fc7 machine, makes the 
/usr/share/logwatch/scripts/shared/onlyservice script miss the remote-fc7 line.

Expected results:

Feb  5 08:41:12 remote-fc8 ntpd[2540]: synchronized to 130.235.83.190, stratum 4
Feb  5 09:30:17 remote-fc7 ntpd[3251]: synchronized to 130.235.83.190, stratum 4
Feb  5 09:55:03 local-fc8 ntpd[2466]: synchronized to 130.235.83.190, stratum 4

Additional info:
Comment 1 Anders Blomdell 2008-02-05 17:13:33 UTC 
OK, problem seems to be in the processing of log-messages without a valid timestamp.

Log messages received on port 514:

<30>Feb  5 18:04:36 remote-fc8 ntpd[10420]: frequency initialized 218.921 PPM
from /var/lib/ntp/drift
<30>ntpd[20767]: frequency initialized 202.025 PPM from /var/lib/ntp/drift

What goes into /var/log/messages:

Feb  5 18:04:36 remote-fc8 ntpd[10420]: frequency initialized 218.921 PPM from
/var/lib/ntp/drift
Feb  5 18:05:34 remote-fc7 ntpd[20767] frequency initialized 202.025 PPM from
/var/lib/ntp/drift
Comment 2 Anders Blomdell 2008-02-05 18:15:56 UTC 
Created attachment 294028 [details]
keep ':' for legacy messages without hostname
Comment 3 Fedora Update System 2008-02-13 17:40:55 UTC 
rsyslog-2.0.2-1.fc8 has been submitted as an update for Fedora 8
Comment 4 Fedora Update System 2008-02-16 02:14:58 UTC 
rsyslog-2.0.2-1.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.