Bug 1652962 - logwatch sshd fails to match "Disconnected from user $USER $IP port $PORT : $NUM time(s)"
Summary: logwatch sshd fails to match "Disconnected from user $USER $IP port $PORT : $...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: 28
Hardware: Unspecified
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Jan Synacek
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-23 17:17 UTC by Lonni J Friedman
Modified: 2019-01-04 11:24 UTC (History)
5 users (show)

Fixed In Version: logwatch-7.5.0-1.fc30
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-01-04 11:24:25 UTC
Type: Bug


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 1317620 0 unspecified CLOSED sshd log format changed, lots of excess unmatched output showing up in logwatch 2021-02-22 00:41:40 UTC

Description Lonni J Friedman 2018-11-23 17:17:29 UTC
Description of problem:
Whenever logwatch runs and parses sshd activity, it fails to match log entries such as:
 **Unmatched Entries**
 Disconnected from user netllama 10.0.0.206 port 38311 : 1 time(s)
 Disconnected from user netllama 69.53.240.71 port 6197 : 1 time(s)
 Disconnected from user netllama 10.0.0.206 port 39201 : 1 time(s)
 Disconnected from user netllama 10.0.0.206 port 38829 : 1 time(s)
 Disconnected from user netllama 10.0.0.206 port 38375 : 1 time(s)
 Disconnected from user netllama 69.53.240.71 port 4291 : 1 time(s)


Version-Release number of selected component (if applicable):
logwatch-7.4.3-10.fc28.noarch

How reproducible:
Whenever logwatch runs.

Steps to Reproduce:
1.turn on logwatch
2.update openssh-server
3.see extra message start to appear

Actual results:
extra messages

Expected results:
logwatch quiet about perfectly normal activity like logging out.

Additional info:
I'm using openssh-server-7.8p1-3.fc28.x86_64


This appears to be the same problem as was reported in https://bugzilla.redhat.com/show_bug.cgi?id=1317620 .  However, it doesn't seem like it was fixed.

Comment 1 Lonni J Friedman 2018-11-23 17:38:18 UTC
This change fixes the bug for me:

https://sourceforge.net/u/jsoref/logwatch/ci/f8aae45768d5ddf01e55b86afa9af90757530089/


Note You need to log in before you can comment on or make changes to this bug.