Bug 104658 – logwatch missing sshd entries

Bug 104658 - logwatch missing sshd entries

Summary:	logwatch missing sshd entries

Status:	CLOSED CURRENTRELEASE

Aliases:	None

Product:	Red Hat Linux
Classification:	Retired
Component:	logwatch (Show other bugs)
Sub Component:
Version:	8.0
Hardware:	i686 Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Elliot Lee
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:	Security

Duplicates:	104662 (view as bug list)
Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2003-09-18 11:49 EDT by Paul Rensing
Modified:	2007-04-18 12:57 EDT (History)
CC List:	0 users

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2004-06-18 16:11:57 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Paul Rensing 2003-09-18 11:49:54 EDT

From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.11 (X11; Linux i686; U;) Gecko/20030417

Description of problem:
logwatch is missing all the SSHD messages. After a little debugging, I
discovered that the problem is that it is running the filter removeheaders
*before* the filter "onlyservice sshd". Then, the SSHD filter gets no lines.

I tried to diagnose this further but have not gotten anywhere yet.


Version-Release number of selected component (if applicable):
logwatch-2.6-8

How reproducible:
Always

Steps to Reproduce:
1. Run "/etc/cron.daily/00-logwatch  --print --service sshd --detail high
--debug 1000"
2. Look at the output (near the end) and you will see that removeheader was run
first.

Additional info:

Comment 1 Paul Rensing 2003-09-18 12:13:08 EDT

*** Bug 104662 has been marked as a duplicate of this bug. ***

Comment 2 Paul Rensing 2003-09-18 12:17:36 EDT

In looking more into the code, the problem is in constructing the filter list
(around line 526, variable "FilterText"). I find it strange that the filters are
ordered by "reverse key" on the ServiceData. My understanding is that the keys
are not in any guaranteed order.

Maybe this is a problem with different versions of Perl. logwatch 2.6-2 appears
to work find on RedHat 7.3 with perl 5.6. logwatch 2.6-8 appears to be almost
the same, but RH8.0 is running Perl 5.8.

Comment 3 Mark J. Cox (Product Security) 2004-01-20 07:01:22 EST

This seems okay on RHL9/FC1; can you reproduce on any of the recent
platforms.

Comment 4 Paul Rensing 2004-01-20 10:48:04 EST

I don't have a RH9 machine to check, but it is working on FC1. Guess
the newer version of logwatch fixed the problem.

Thanks, Paul

Comment 5 Josh Bressers 2004-06-18 16:11:57 EDT

This appears to be fixed.  Feel free to reopen if this is still an issue.

Note You need to log in before you can comment on or make changes to this bug.