Bug 162947 - egrep problems cause empty report section
egrep problems cause empty report section
Product: Fedora
Classification: Fedora
Component: logwatch (Show other bugs)
noarch Linux
medium Severity high
: ---
: ---
Assigned To: Ivana Varekova
: 166864 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2005-07-11 15:25 EDT by Stuart
Modified: 2007-11-30 17:11 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-07-15 02:14:05 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
diff of the new v6 (.orig) scripts vs the old v5 scripts (1.90 KB, patch)
2005-07-11 15:32 EDT, Stuart
no flags Details | Diff

  None (edit)
Description Stuart 2005-07-11 15:25:43 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Description of problem:
logwatch in FC4 appears to have changed /etc/log.d/scripts/shared/onlycontains and /etc/log.d/scripts/shared/remove, specifically in the way that egrep is called.  In FC3, my ipchains logs would be summarized in the Kernel section of the dayily logwatch report.  In FC4, I've been seeing only the following:

 --------------------- Kernel Begin ------------------------ 

 egrep: module: No such file or directory
 ---------------------- Kernel End ------------------------- 

I didn't have time to troubleshoot the problem too much, but was able to resolve the immediate problem by replacing both scripts with the version from an FC3 system (logwatch-5.2.2-1).  By downgrading the files (/etc/log.d/scripts/shared/onlycontains and /etc/log.d/scripts/shared/remove), I was able to regain normal operation of the Kernel log summary.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Install an FC4 system, all entries in the "Kernel" section of the syslog summary will be supressed and an "egrep: module: No such file or directory" error will be listed instead.

Expected Results:  I expect the same log summarization as experienced in FC3.

Additional info:

I'm listing the severity as high since this has been my primary way of monitoring ipchains log entries and is probably the case for others as well.  In that sense, there is a loss of data and this is potentially a security problem.
Comment 1 Stuart 2005-07-11 15:32:43 EDT
Created attachment 116618 [details]
diff of the new v6 (.orig) scripts vs the old v5 scripts

Attached is a diff of the downgrade that I performed.  It appears that the new
v6 logwatch scripts are perl scripts?  Whereas the old v5 scripts are sh
Comment 2 Ivana Varekova 2005-07-12 09:24:55 EDT
Thank you for your notice,
this bug is fixed in new devel version (logwatch-6.1.2-2).
If there is any problem, please reopen this bug.
Ivana Varekova
Comment 3 Jan Kratochvil 2005-07-12 22:17:38 EDT
Isn't this problem important enough to push the new 'logwatch' for FC4 updates?
Comment 4 Stuart 2005-07-13 13:13:39 EDT
I have the same feeling as Jan - why isn't this going to be pushed as an FC4 

At the very least, can the URL to the logwatch-6.1.2-2 RPM be provided?  
Looking at the logwatch.org website, their most recent RPM is only 6.1.2-1.
Comment 5 Jan Kratochvil 2005-07-13 17:48:03 EDT
URL for RawHide i386 logwatch-6.1.2-2 RPM:
Comment 6 Ivana Varekova 2005-07-14 07:21:25 EDT
I update logwatch fc4 version too (fixed fc4 version is logwatch-6.1.2-1.fc4,
there are fixed several other bugs). This version will be in fc4 updates soon.
Comment 7 Ivana Varekova 2005-08-29 04:40:31 EDT
*** Bug 166864 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.