Bug 1561587 - Logwatch fails to parse log entries produced by sendmail process with 7-digit PID
Summary: Logwatch fails to parse log entries produced by sendmail process with 7-digit...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: 27
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jan Synacek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1580313
TreeView+ depends on / blocked
 
Reported: 2018-03-28 14:50 UTC by Oleg Girko
Modified: 2018-05-30 14:08 UTC (History)
5 users (show)

Fixed In Version: logwatch-7.4.3-10.fc28
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1580313 (view as bug list)
Environment:
Last Closed: 2018-05-30 14:08:43 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
Patch to fix the described problem (1.48 KB, patch)
2018-03-28 14:50 UTC, Oleg Girko
no flags Details | Diff

Description Oleg Girko 2018-03-28 14:50:10 UTC
Created attachment 1414257 [details]
Patch to fix the described problem

Description of problem:
Logwatch doesn't parse Queue ID correctly for sendmail on long-running system with kernel.pid_max greater than 999999.

Version-Release number of selected component (if applicable):
7.4.3-6, but master branch has the same bug.

How reproducible:
Always.

Steps to Reproduce:
1. Assign any number greater than 999999 to kernel.pid_max sysctl variable ("/proc/sys/kernel/pid_max" file).
2. Run your Linux server with sendmail long enough that PIDs become 7-digit.
3. See full unparsed log sendmail lines in your daily logwatch report.

Actual results:
Unparsed sendmail log lines in logwatch report.

Expected results:
Summary of parsed sendmail log.

Additional info:
Sendmail 8.15 uses the following format for queue id:
- 6 letters or digits dependent on date and time,
- 2 letters or digits dependent on random sequence ID,
- PID of sendmail process formatted by snprintf using "%06d" format.

Format "%06d" means that resulting string has *minimal* length of 6 characters, padded with leading zeroes if necessary. But if PID is greater than 999999, the resulting string can be longer, up to 7 characters if kernel.pid_max sysctl parameter is big enough. By default it's 32768, but can be up to 4194304 on 64-bit systems.

Unfortunately, logwatch uses this to parse sendmail queue ID:

    my $QueueIDFormat = "(?:\\w{7,9}\\d{5}|NOQUEUE)";

This means that once PIDs become larger that 999999, log entries start appearing in "/var/log/maillog" that logwatch fails to parse correctly. This is example of such log line:

    Mar 28 03:20:51 jr sendmail[1237122]: w2S2Ko8R1237121: to=XXXXXX, ctladdr=<YYYYYY> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=31031, relay=[192.168.255.1] [192.168.255.1], dsn=2.0.0, stat=Sent (w2S2KoP91285063 Message accepted for delivery)

(real email addresses replaced with "XXXXXX" and "YYYYYY" to protect privacy).

The patch attached fixes this problem.

Comment 1 Glenn Zazulia 2018-05-13 05:06:37 UTC
I can confirm both the reported issue and the effectiveness of the proposed patch.

(Thanks for the patch.)

Comment 2 Fedora Update System 2018-05-21 10:57:16 UTC
logwatch-7.4.3-10.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9cc045c23

Comment 3 Fedora Update System 2018-05-21 10:57:25 UTC
logwatch-7.4.3-10.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-948f036ba1

Comment 4 Jan Synacek 2018-05-21 11:00:09 UTC
(In reply to Oleg Girko from comment #0)
> Created attachment 1414257 [details]
> Patch to fix the described problem

Thank you for the patch!

Since you authored the patch, could you please also propose it upstream (https://sourceforge.net/p/logwatch/git/) ?

Comment 5 Fedora Update System 2018-05-21 16:36:02 UTC
logwatch-7.4.3-10.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9cc045c23

Comment 6 Fedora Update System 2018-05-21 17:16:07 UTC
logwatch-7.4.3-10.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-948f036ba1

Comment 7 Fedora Update System 2018-05-30 14:08:43 UTC
logwatch-7.4.3-10.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.