Bug 462174

Summary: logwatch fails to parse some postfix logfile lines
Product: [Fedora] Fedora Reporter: Wolfgang Rupprecht <wolfgang.rupprecht>
Component: logwatchAssignee: Ivana Varekova <varekova>
Status: CLOSED NEXTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: medium    
Version: 9CC: dusan, richardfearn, turchi
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-24 23:53:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
an example patch
none
examples of unmatched entries none

Description Wolfgang Rupprecht 2008-09-13 12:57:39 UTC 
Description of problem:
logwatch fails to parse some postfix logs

Version-Release number of selected component (if applicable):
logwatch 7.3.6-22.fc9 
postfix 2:2.5.1-2.fc9 

How reproducible:
every time

Steps to Reproduce:
1. Run logwatch on a busy postfix machine
2. notice all the unparsed logfile lines
3.
  
Actual results:
lots of unparsed lines in the logwatch output

Expected results:
no unparsed lines

Additional info:
An example patch is attached.
Comment 1 Wolfgang Rupprecht 2008-09-13 13:00:00 UTC 
Created attachment 316666 [details]
an example patch

The patch didn't seem to make it.  Here it is again.
Comment 2 Richard Fearn 2008-09-13 15:12:28 UTC 
I noticed this problem today. logwatch 7.3.6 was released in May 2007 and has a very old version of the postfix script, which can be downloaded from here:

http://www.mikecappella.com/logwatch/

I've just replaced the logwatch script on my system and ran it to get yesterday's details and it seems to work fine. (Had to remove -T from the first line, though.)

It might be good to include this new postfix script in the logwatch package, until logwatch itself gets an update.
Comment 3 Ivana Varekova 2008-09-15 12:12:46 UTC 
ad comment 0,1 - thanks postfix script is fixed in logwatch-7.3.6-28.fc10, logwatch-7.3.6-23.fc9.

ad comment 2 - thanks Richard - it would be great to have the changes in upstream directly - could you send the link to upstream?
Comment 4 Fedora Update System 2008-09-15 12:14:22 UTC 
logwatch-7.3.6-23.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/logwatch-7.3.6-23.fc9
Comment 5 Fedora Update System 2008-09-16 23:19:58 UTC 
logwatch-7.3.6-23.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update logwatch'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-8081
Comment 6 Dušan Hokův 2008-10-01 09:56:11 UTC 
--------------------- Logwatch ------------------------ 

 Nested quantifiers in regex; marked by <-- HERE in m/[<(]?+ <-- HERE ._-dwsujbm[>)]?\W*/ at /usr/share/logwatch/scripts/services/postfix line 2166, <> line 78873.


Nested quantifiers in regex; marked by <-- HERE in m/[<(]?+ <-- HERE ._-user[>)]?\W*/ at /usr/share/logwatch/scripts/services/postfix line 2166, <> line 34488.

-------------maillog ----------------------------

Sep 29 08:48:25 mx1 postfix/smtp[12289]: 28383850F: to=<+._-user>, relay=mail.domain.cz[180.195.19.16]:25, delay=49137, delays=49110/27/0.02/0, dsn=4.7.0, status=....


It seems that character "+" in e-mail address logwatch script can't parse.

Dusan
Comment 7 Ivana Varekova 2008-10-13 08:54:24 UTC 
Richard, please could you attach here the part of logwatch output with the list of unmatched entries?
Comment 8 Ivana Varekova 2008-10-14 11:29:54 UTC 
Dusan which version of logwatch do you use?
Comment 9 Dušan Hokův 2008-10-14 12:02:33 UTC 
I have logwatch-7.3.6-15.fc8

I also have another bad character... See logwatch mail:

--------------------- Postfix Begin ------------------------ 

 Nested quantifiers in regex; marked by <-- HERE in m/[<(]??? <-- HERE ??@dankong.net[>)]?\W*/ at /usr/share/logwatch/scripts/services/postfix line 2166, <> line 311694.


Thanks Dusan
Comment 10 Richard Fearn 2008-10-14 20:46:19 UTC 
Created attachment 320353 [details]
examples of unmatched entries

A few examples of unmatched entries, as requested in comment 7
Comment 11 Fedora Update System 2008-10-17 07:46:28 UTC 
logwatch-7.3.6-25.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/logwatch-7.3.6-25.fc9
Comment 12 Ivana Varekova 2008-10-17 08:32:40 UTC 
Dusan,
I split the problem you reported and create a separate bugzilla for it- https://bugzilla.redhat.com/show_bug.cgi?id=467378.
Comment 13 Richard Fearn 2008-10-17 18:36:36 UTC 
logwatch-7.3.6-25.fc9 deals with the "too many errors" lines. Thanks!
Comment 14 Fedora Update System 2008-10-24 23:53:54 UTC 
logwatch-7.3.6-25.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.