Created attachment 1414257 [details] Patch to fix the described problem Description of problem: Logwatch doesn't parse Queue ID correctly for sendmail on long-running system with kernel.pid_max greater than 999999. Version-Release number of selected component (if applicable): 7.4.3-6, but master branch has the same bug. How reproducible: Always. Steps to Reproduce: 1. Assign any number greater than 999999 to kernel.pid_max sysctl variable ("/proc/sys/kernel/pid_max" file). 2. Run your Linux server with sendmail long enough that PIDs become 7-digit. 3. See full unparsed log sendmail lines in your daily logwatch report. Actual results: Unparsed sendmail log lines in logwatch report. Expected results: Summary of parsed sendmail log. Additional info: Sendmail 8.15 uses the following format for queue id: - 6 letters or digits dependent on date and time, - 2 letters or digits dependent on random sequence ID, - PID of sendmail process formatted by snprintf using "%06d" format. Format "%06d" means that resulting string has *minimal* length of 6 characters, padded with leading zeroes if necessary. But if PID is greater than 999999, the resulting string can be longer, up to 7 characters if kernel.pid_max sysctl parameter is big enough. By default it's 32768, but can be up to 4194304 on 64-bit systems. Unfortunately, logwatch uses this to parse sendmail queue ID: my $QueueIDFormat = "(?:\\w{7,9}\\d{5}|NOQUEUE)"; This means that once PIDs become larger that 999999, log entries start appearing in "/var/log/maillog" that logwatch fails to parse correctly. This is example of such log line: Mar 28 03:20:51 jr sendmail[1237122]: w2S2Ko8R1237121: to=XXXXXX, ctladdr=<YYYYYY> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=31031, relay=[192.168.255.1] [192.168.255.1], dsn=2.0.0, stat=Sent (w2S2KoP91285063 Message accepted for delivery) (real email addresses replaced with "XXXXXX" and "YYYYYY" to protect privacy). The patch attached fixes this problem.
I can confirm both the reported issue and the effectiveness of the proposed patch. (Thanks for the patch.)
logwatch-7.4.3-10.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9cc045c23
logwatch-7.4.3-10.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-948f036ba1
(In reply to Oleg Girko from comment #0) > Created attachment 1414257 [details] > Patch to fix the described problem Thank you for the patch! Since you authored the patch, could you please also propose it upstream (https://sourceforge.net/p/logwatch/git/) ?
logwatch-7.4.3-10.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9cc045c23
logwatch-7.4.3-10.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-948f036ba1
logwatch-7.4.3-10.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.