Bug 132449 - logwatch kernel module dosn't remove duplicate ports in low detail output
logwatch kernel module dosn't remove duplicate ports in low detail output
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: logwatch (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ivana Varekova
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-09-13 12:11 EDT by Aleksandar Milivojevic
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-01-09 08:32:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
remove duplicates from low detail output (1.26 KB, patch)
2004-09-13 12:13 EDT, Aleksandar Milivojevic
no flags Details | Diff
Updated patch (1.29 KB, patch)
2004-09-15 11:07 EDT, Aleksandar Milivojevic
no flags Details | Diff
kernel script patch (req Logwatch.pm script patch) (2.39 KB, patch)
2004-09-15 16:06 EDT, Aleksandar Milivojevic
no flags Details | Diff
Logwatch.pm (add IPv6 to SortIP) (1.01 KB, patch)
2004-09-15 16:07 EDT, Aleksandar Milivojevic
no flags Details | Diff

  None (edit)
Description Aleksandar Milivojevic 2004-09-13 12:11:35 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040626 Firefox/0.9.1

Description of problem:
Logwatch kernel module prints duplicate port entries in low detail
mode, which isn't particulary usefull.  Better way would be to remove
duplicates.

On an example, instead of printing:

  From 220.168.17.55 - 8 packets to tcp(22,22,22,22,22,22,22,25)

It could just print

  From 220.168.17.55 - 8 packets to tcp(22,25)

Much more readable.  Also, if there were more than 10 packets, but for
only two or three services, current logwatch would only print that
there were xxx packets from particular host.  With duplicates removal,
it would print three services that were affected.

Simple patch is included.

Version-Release number of selected component (if applicable):
logwatch-5.1-3

How reproducible:
Always

Steps to Reproduce:
1. Enable firewall logging
2. Run logwatch in low detail mode


Additional info:
Comment 1 Aleksandar Milivojevic 2004-09-13 12:13:01 EDT
Created attachment 103786 [details]
remove duplicates from low detail output

This patch will remove duplicate ports from kernel module output (in low detail
mode).
Comment 2 Aleksandar Milivojevic 2004-09-15 11:07:06 EDT
Created attachment 103865 [details]
Updated patch

Updated patch.	In previous one there was incorrect assumption that port list
is sorted (which it isn't).  It's fixed in this one.
Comment 3 Aleksandar Milivojevic 2004-09-15 16:06:09 EDT
Created attachment 103881 [details]
kernel script patch (req Logwatch.pm script patch)

Maybe better way to do it.  Plus simple IPv6 solution.	Requires patch for
Logwatch.pm script.
Comment 4 Aleksandar Milivojevic 2004-09-15 16:07:44 EDT
Created attachment 103882 [details]
Logwatch.pm (add IPv6 to SortIP)

SortIP function can now handle IPv6.
Comment 5 Matthew Miller 2005-04-26 11:57:11 EDT
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Comment 6 Ivana Varekova 2006-01-09 08:32:40 EST
The devel version (logwatch-7.1) is fixed. 

Note You need to log in before you can comment on or make changes to this bug.