Red Hat Bugzilla – Bug 104658
logwatch missing sshd entries
Last modified: 2007-04-18 12:57:39 EDT
From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.11 (X11; Linux i686; U;) Gecko/20030417 Description of problem: logwatch is missing all the SSHD messages. After a little debugging, I discovered that the problem is that it is running the filter removeheaders *before* the filter "onlyservice sshd". Then, the SSHD filter gets no lines. I tried to diagnose this further but have not gotten anywhere yet. Version-Release number of selected component (if applicable): logwatch-2.6-8 How reproducible: Always Steps to Reproduce: 1. Run "/etc/cron.daily/00-logwatch --print --service sshd --detail high --debug 1000" 2. Look at the output (near the end) and you will see that removeheader was run first. Additional info:
*** Bug 104662 has been marked as a duplicate of this bug. ***
In looking more into the code, the problem is in constructing the filter list (around line 526, variable "FilterText"). I find it strange that the filters are ordered by "reverse key" on the ServiceData. My understanding is that the keys are not in any guaranteed order. Maybe this is a problem with different versions of Perl. logwatch 2.6-2 appears to work find on RedHat 7.3 with perl 5.6. logwatch 2.6-8 appears to be almost the same, but RH8.0 is running Perl 5.8.
This seems okay on RHL9/FC1; can you reproduce on any of the recent platforms.
I don't have a RH9 machine to check, but it is working on FC1. Guess the newer version of logwatch fixed the problem. Thanks, Paul
This appears to be fixed. Feel free to reopen if this is still an issue.