Bug 196856 - Logwatch does not cater for gssftp.
Logwatch does not cater for gssftp.
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: logwatch (Show other bugs)
4.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Ivana Varekova
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-06-27 06:59 EDT by Friedrich Clausen
Modified: 2007-11-30 17:07 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-24 04:13:59 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Patch to add gssftp filter support. (2.11 KB, patch)
2006-06-27 06:59 EDT, Friedrich Clausen
no flags Details | Diff

  None (edit)
Description Friedrich Clausen 2006-06-27 06:59:12 EDT
Description of problem:

NOTE: I found minor typo in the ftpd-messages filter that I will report in
another report.

logwatch does not match the gssftp server's logging output. 

Version-Release number of selected component (if applicable):

logwatch-4.3.2-2

How reproducible:

Enable the "gssftp" service in xinet.d. Then let some ftp traffic happen. After
that all ftpd related entries are unmatched.

Steps to Reproduce:
1. Start gssftp
2. Login a few times via ftp
3. Run logwatch (eg. logwatch --print --range Today)
  
Actual results:

 --------------------- ftpd-messages Begin ------------------------

**Unmatched Entries**
connection from 172.31.254.18 (dns1.example.com) at Mon Jun 26 00:00:00 2006 
FTP LOGIN FROM 172.31.254.18, dns1.example.com (update)
connection from 172.31.3.6 (iss1.example.com) at Mon Jun 26 00:00:34 2006 
FTP LOGIN FROM 172.31.3.6, iss1.example.com (update)
connection from 172.31.254.18 (dns1.example.com) at Mon Jun 26 00:05:00 2006 
FTP LOGIN FROM 172.31.254.18, dns1.example.com (update)

 ---------------------- ftpd-messages End -------------------------


Expected results:

Something like this:

--------------------- ftpd-messages Begin ------------------------ 


18 of 19 Connections Succeeded:
   host1.example.com (10.1.2.3): user1 - 9 Time(s)
   host2.example.com (172.1.1.6): another-user - 9 Time(s)

 ---------------------- ftpd-messages End ------------------------- 

Additional info:

I have attached a patch to generate the sample output I gave above. Note that
gssftp does not seem to report failed login attempts, either in /var/log/secure
or messages. The documentation in /usr/share/doc/krb5-workstation-1.2.7 does not
say how to enable this if it is possible. But I am hoping the patch will be of
use as it is now.
Comment 1 Friedrich Clausen 2006-06-27 06:59:12 EDT
Created attachment 131594 [details]
Patch to add gssftp filter support.
Comment 2 Friedrich Clausen 2006-06-27 07:05:34 EDT
I should note that this is for Red Hat Enterprise Linux 3, I selected Q3 Errata
Beta by mistake (not sure which RHEL version that applies to).
Comment 3 Ivana Varekova 2007-01-24 04:13:59 EST
For RHEL3 we're looking only for security and performance related bugs. I'm
closing this bug as WONTFIX.

Note You need to log in before you can comment on or make changes to this bug.