Red Hat Bugzilla – Bug 132449
logwatch kernel module dosn't remove duplicate ports in low detail output
Last modified: 2007-11-30 17:10:49 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Description of problem:
Logwatch kernel module prints duplicate port entries in low detail
mode, which isn't particulary usefull. Better way would be to remove
On an example, instead of printing:
From 18.104.22.168 - 8 packets to tcp(22,22,22,22,22,22,22,25)
It could just print
From 22.214.171.124 - 8 packets to tcp(22,25)
Much more readable. Also, if there were more than 10 packets, but for
only two or three services, current logwatch would only print that
there were xxx packets from particular host. With duplicates removal,
it would print three services that were affected.
Simple patch is included.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Enable firewall logging
2. Run logwatch in low detail mode
Created attachment 103786 [details]
remove duplicates from low detail output
This patch will remove duplicate ports from kernel module output (in low detail
Created attachment 103865 [details]
Updated patch. In previous one there was incorrect assumption that port list
is sorted (which it isn't). It's fixed in this one.
Created attachment 103881 [details]
kernel script patch (req Logwatch.pm script patch)
Maybe better way to do it. Plus simple IPv6 solution. Requires patch for
Created attachment 103882 [details]
Logwatch.pm (add IPv6 to SortIP)
SortIP function can now handle IPv6.
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
The devel version (logwatch-7.1) is fixed.