Description of problem: When running remote logging from a Fedora-7 to a Fedora-8 rsyslogd, the remote entry is missing a ':' which makes logwatch overlook the entry. Version-Release number of selected component (if applicable): rsyslog-1.19.11-3.fc8 sysklogd-1.4.2-9.fc7 How reproducible: Always Steps to Reproduce: 1. Setup remote logging from a Fedora-7 to a Fedora-8 machine. Actual results: Feb 5 08:41:12 remote-fc8 ntpd[2540]: synchronized to 130.235.83.190, stratum 4 Feb 5 09:30:17 remote-fc7 ntpd[3251] synchronized to 130.235.83.190, stratum 4 Feb 5 09:55:03 local-fc8 ntpd[2466]: synchronized to 130.235.83.190, stratum 4 The missing ':' after 'ntpd[3251]' for the remote-fc7 machine, makes the /usr/share/logwatch/scripts/shared/onlyservice script miss the remote-fc7 line. Expected results: Feb 5 08:41:12 remote-fc8 ntpd[2540]: synchronized to 130.235.83.190, stratum 4 Feb 5 09:30:17 remote-fc7 ntpd[3251]: synchronized to 130.235.83.190, stratum 4 Feb 5 09:55:03 local-fc8 ntpd[2466]: synchronized to 130.235.83.190, stratum 4 Additional info:
OK, problem seems to be in the processing of log-messages without a valid timestamp. Log messages received on port 514: <30>Feb 5 18:04:36 remote-fc8 ntpd[10420]: frequency initialized 218.921 PPM from /var/lib/ntp/drift <30>ntpd[20767]: frequency initialized 202.025 PPM from /var/lib/ntp/drift What goes into /var/log/messages: Feb 5 18:04:36 remote-fc8 ntpd[10420]: frequency initialized 218.921 PPM from /var/lib/ntp/drift Feb 5 18:05:34 remote-fc7 ntpd[20767] frequency initialized 202.025 PPM from /var/lib/ntp/drift
Created attachment 294028 [details] keep ':' for legacy messages without hostname
rsyslog-2.0.2-1.fc8 has been submitted as an update for Fedora 8
rsyslog-2.0.2-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.