From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040626 Firefox/0.9.1 Description of problem: Logwatch kernel module prints duplicate port entries in low detail mode, which isn't particulary usefull. Better way would be to remove duplicates. On an example, instead of printing: From 220.168.17.55 - 8 packets to tcp(22,22,22,22,22,22,22,25) It could just print From 220.168.17.55 - 8 packets to tcp(22,25) Much more readable. Also, if there were more than 10 packets, but for only two or three services, current logwatch would only print that there were xxx packets from particular host. With duplicates removal, it would print three services that were affected. Simple patch is included. Version-Release number of selected component (if applicable): logwatch-5.1-3 How reproducible: Always Steps to Reproduce: 1. Enable firewall logging 2. Run logwatch in low detail mode Additional info:
Created attachment 103786 [details] remove duplicates from low detail output This patch will remove duplicate ports from kernel module output (in low detail mode).
Created attachment 103865 [details] Updated patch Updated patch. In previous one there was incorrect assumption that port list is sorted (which it isn't). It's fixed in this one.
Created attachment 103881 [details] kernel script patch (req Logwatch.pm script patch) Maybe better way to do it. Plus simple IPv6 solution. Requires patch for Logwatch.pm script.
Created attachment 103882 [details] Logwatch.pm (add IPv6 to SortIP) SortIP function can now handle IPv6.
Fedora Core 2 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC3 updates or in the FC4 test release, reopen and change the version to match.
The devel version (logwatch-7.1) is fixed.