Bug 162947 - egrep problems cause empty report section
Summary: egrep problems cause empty report section
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: 4
Hardware: noarch
OS: Linux
medium
high
Target Milestone: ---
Assignee: Ivana Varekova
QA Contact:
URL:
Whiteboard:
: 166864 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-11 19:25 UTC by Stuart
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-07-15 06:14:05 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
diff of the new v6 (.orig) scripts vs the old v5 scripts (1.90 KB, patch)
2005-07-11 19:32 UTC, Stuart 		no flags Details | Diff
View All

Description Stuart 2005-07-11 19:25:43 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Description of problem:
logwatch in FC4 appears to have changed /etc/log.d/scripts/shared/onlycontains and /etc/log.d/scripts/shared/remove, specifically in the way that egrep is called.  In FC3, my ipchains logs would be summarized in the Kernel section of the dayily logwatch report.  In FC4, I've been seeing only the following:

 --------------------- Kernel Begin ------------------------ 

 egrep: module: No such file or directory
 
 ---------------------- Kernel End ------------------------- 

I didn't have time to troubleshoot the problem too much, but was able to resolve the immediate problem by replacing both scripts with the version from an FC3 system (logwatch-5.2.2-1).  By downgrading the files (/etc/log.d/scripts/shared/onlycontains and /etc/log.d/scripts/shared/remove), I was able to regain normal operation of the Kernel log summary.


Version-Release number of selected component (if applicable):
logwatch-6.0.1-2

How reproducible:
Always

Steps to Reproduce:
Install an FC4 system, all entries in the "Kernel" section of the syslog summary will be supressed and an "egrep: module: No such file or directory" error will be listed instead.


Expected Results:  I expect the same log summarization as experienced in FC3.


Additional info:

I'm listing the severity as high since this has been my primary way of monitoring ipchains log entries and is probably the case for others as well.  In that sense, there is a loss of data and this is potentially a security problem.
Comment 1 Stuart 2005-07-11 19:32:43 UTC 
Created attachment 116618 [details]
diff of the new v6 (.orig) scripts vs the old v5 scripts

Attached is a diff of the downgrade that I performed.  It appears that the new
v6 logwatch scripts are perl scripts?  Whereas the old v5 scripts are sh
scripts.
Comment 2 Ivana Varekova 2005-07-12 13:24:55 UTC 
Thank you for your notice,
this bug is fixed in new devel version (logwatch-6.1.2-2).
If there is any problem, please reopen this bug.
Ivana Varekova
Comment 3 Jan Kratochvil 2005-07-13 02:17:38 UTC 
Isn't this problem important enough to push the new 'logwatch' for FC4 updates?
Comment 4 Stuart 2005-07-13 17:13:39 UTC 
I have the same feeling as Jan - why isn't this going to be pushed as an FC4 
update?

At the very least, can the URL to the logwatch-6.1.2-2 RPM be provided?  
Looking at the logwatch.org website, their most recent RPM is only 6.1.2-1.
Comment 5 Jan Kratochvil 2005-07-13 21:48:03 UTC 
URL for RawHide i386 logwatch-6.1.2-2 RPM:
http://ftp.nara.wide.ad.jp/pub/Linux/fedora/core/development/i386/Fedora/RPMS/logwatch-6.1.2-2.noarch.rpm
Comment 6 Ivana Varekova 2005-07-14 11:21:25 UTC 
I update logwatch fc4 version too (fixed fc4 version is logwatch-6.1.2-1.fc4,
there are fixed several other bugs). This version will be in fc4 updates soon.
Comment 7 Ivana Varekova 2005-08-29 08:40:31 UTC 
*** Bug 166864 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.