Description of problem: logwatch fails to parse some postfix logs Version-Release number of selected component (if applicable): logwatch 7.3.6-22.fc9 postfix 2:2.5.1-2.fc9 How reproducible: every time Steps to Reproduce: 1. Run logwatch on a busy postfix machine 2. notice all the unparsed logfile lines 3. Actual results: lots of unparsed lines in the logwatch output Expected results: no unparsed lines Additional info: An example patch is attached.
Created attachment 316666 [details] an example patch The patch didn't seem to make it. Here it is again.
I noticed this problem today. logwatch 7.3.6 was released in May 2007 and has a very old version of the postfix script, which can be downloaded from here: http://www.mikecappella.com/logwatch/ I've just replaced the logwatch script on my system and ran it to get yesterday's details and it seems to work fine. (Had to remove -T from the first line, though.) It might be good to include this new postfix script in the logwatch package, until logwatch itself gets an update.
ad comment 0,1 - thanks postfix script is fixed in logwatch-7.3.6-28.fc10, logwatch-7.3.6-23.fc9. ad comment 2 - thanks Richard - it would be great to have the changes in upstream directly - could you send the link to upstream?
logwatch-7.3.6-23.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/logwatch-7.3.6-23.fc9
logwatch-7.3.6-23.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update logwatch'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-8081
--------------------- Logwatch ------------------------ Nested quantifiers in regex; marked by <-- HERE in m/[<(]?+ <-- HERE ._-dwsujbm[>)]?\W*/ at /usr/share/logwatch/scripts/services/postfix line 2166, <> line 78873. Nested quantifiers in regex; marked by <-- HERE in m/[<(]?+ <-- HERE ._-user[>)]?\W*/ at /usr/share/logwatch/scripts/services/postfix line 2166, <> line 34488. -------------maillog ---------------------------- Sep 29 08:48:25 mx1 postfix/smtp[12289]: 28383850F: to=<+._-user>, relay=mail.domain.cz[180.195.19.16]:25, delay=49137, delays=49110/27/0.02/0, dsn=4.7.0, status=.... It seems that character "+" in e-mail address logwatch script can't parse. Dusan
Richard, please could you attach here the part of logwatch output with the list of unmatched entries?
Dusan which version of logwatch do you use?
I have logwatch-7.3.6-15.fc8 I also have another bad character... See logwatch mail: --------------------- Postfix Begin ------------------------ Nested quantifiers in regex; marked by <-- HERE in m/[<(]??? <-- HERE ??@dankong.net[>)]?\W*/ at /usr/share/logwatch/scripts/services/postfix line 2166, <> line 311694. Thanks Dusan
Created attachment 320353 [details] examples of unmatched entries A few examples of unmatched entries, as requested in comment 7
logwatch-7.3.6-25.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/logwatch-7.3.6-25.fc9
Dusan, I split the problem you reported and create a separate bugzilla for it- https://bugzilla.redhat.com/show_bug.cgi?id=467378.
logwatch-7.3.6-25.fc9 deals with the "too many errors" lines. Thanks!
logwatch-7.3.6-25.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.