Bug 62893 - logwatch 2.6-1 after update has problems understanding log entries from IPv6 enabled ssh daemon
logwatch 2.6-1 after update has problems understanding log entries from IPv6 ...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: logwatch (Show other bugs)
2
All Linux
low Severity medium
: ---
: ---
Assigned To: Jiri Ryska
:
: 69243 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-04-07 05:11 EDT by Peter Bieringer
Modified: 2010-08-31 09:26 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-28 12:04:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Peter Bieringer 2002-04-07 05:11:24 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.78 [en] (X11; U; Linux 2.4.17-0.18 i686)

Description of problem:
Cannot interpret some log entries

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try, wait for next output tomorrow

Steps to Reproduce:
Update to newest logrotate causes this message
	

Actual Results:  Argument "Could not reverse map address 3ffe:400:100:f101::1"
isn't numeric in pack at /etc/log.d/scripts/services/sshd line 72, <STDIN> line
1.
Argument "" isn't numeric in pack at /etc/log.d/scripts/services/sshd line 72,
<STDIN> line 1.
Use of uninitialized value in pack at /etc/log.d/scripts/services/sshd line 72,
<STDIN> line 1.
Use of uninitialized value in pack at /etc/log.d/scripts/services/sshd line 72,
<STDIN> line 1.
Argument "Could not reverse map address 2002:5080:5ecd:f101:2e0:18..." isn't
numeric in pack at /etc/log.d/scripts/services/sshd line 72, <STDIN> line 7.
Argument "" isn't numeric in pack at /etc/log.d/scripts/services/sshd line 72,
<STDIN> line 7.
Use of uninitialized value in pack at /etc/log.d/scripts/services/sshd line 72,
<STDIN> line 7.
Use of uninitialized value in pack at /etc/log.d/scripts/services/sshd line 72,
<STDIN> line 7.

Expected Results:  No such error messages

Additional info:
Comment 1 Elliot Lee 2002-04-09 11:14:24 EDT
I'm not planning on fixing this terribly soon - IPv6 support is not a high
priority - but patches are welcome if my priorities don't mesh with yours.
Comment 2 Peter Bieringer 2002-04-15 16:10:19 EDT
Is "needinfo" a request for loglines?

Here they are:

Apr 15 20:37:37 tunnel sshd[29910]: Accepted publickey for user1 from 
::ffff:80.128.91.202 port 60005 ssh2
Apr 15 21:21:41 tunnel sshd[11930]: Could not reverse map address 
2002:5080:5bca:0123:2e0:18ff:fe01:2345.
Apr 15 21:21:47 tunnel sshd[11930]: Failed password for root from 
2002:5080:5bca:f101:2e0:18ff:fe01:2345 port 32932 ssh2
Apr 15 21:21:49 tunnel sshd[11930]: Accepted password for root from 
2002:5080:5bca:f101:2e0:18ff:fe01:2345 port 32932 ssh2
Comment 3 Elliot Lee 2002-04-15 16:15:37 EDT
Just a parking state until someone submits a patch or the upstream version fixes it.
Comment 4 Elliot Lee 2002-07-19 11:26:08 EDT
*** Bug 69243 has been marked as a duplicate of this bug. ***
Comment 5 Peter Bieringer 2003-12-03 04:45:46 EST
I'm using now logwatch-4.3.1-2 from RHL 9 on RHL 7.2 and 7.3 systems.
Update causes no problem (thanks to Perl...).
Comment 6 Zenon Panoussis 2004-07-06 04:32:53 EDT
Logwatch on a fedora 2 machine:

--------------------- SSHD Begin ------------------------ 

Argument "2001:470:1f80:176:1::feed" isn't numeric in pack at
/etc/log.d//lib/Logwatch.pm line 286, <STDIN> line 1.
Character in 'C' format wrapped in pack at /etc/log.d//lib/Logwatch.pm
line 286, <STDIN> line 1.

Users logging in through sshd:
   zenon:
      unknown.Level3.net (2001:470:1f80:176:1::feed): 1 time

 ---------------------- SSHD End ------------------------- 

Obviously, this bug resurrected. Will you please change the
product/version and re-open it? 

Comment 7 Peter Bieringer 2004-07-19 16:18:29 EDT
Fedora Core 2 contain version:

# rpm -q logwatch
logwatch-5.1-3
Comment 8 Peter Bieringer 2004-07-19 16:19:49 EDT
Forgotten: I can confirm that logwatch-5.1-3 has the same problem like
2.6-1
Comment 9 Peter Bieringer 2004-08-06 05:35:36 EDT
Downgrading to logwatch-4.3.2-2.noarch.rpm of RHEL3U2 will solve this
issue again. Upgrading to logwatch-5.2.2-1.noarch.rpm from
logwatch.org also.
So looks like logwatch-developers have fixed the bug, please provide
new FC packages.

Example of 5.2.2-1:

Failed logins from these:
   root/password from 2001:7b0:1101:****: 1 Time(s)

Users logging in through sshd:
   root:
      unresolved IPv6 addr: 2001:7b0:1101:*****: 2 times

Refused incoming connections:
      ::ffff:210.114.***.*** (::ffff:210.114.***.****): 6 Time(s)


But anyway, there is still a bug in logwatch-5.2.2-1, because 
      unresolved IPv6 addr: 2001:7b0:1101:*****: 2 times
is not proper, it is resolvable...will dig into code now.
Comment 10 Peter Bieringer 2004-08-06 05:49:53 EDT
Found, Logwatch.pm still doesn't support IPv6 reverse lookup
resolving...probably because delivered Perl currently contain no
module, which supports handling IPv6 addresses (here e.g. expanding
compressed ones).

   if ($Addr =~ /:/ and $Addr !~ /^::ffff:(\d+\.\d+\.\d+\.\d+)/) {
       return "unresolved IPv6 addr: $Addr";
   }
   $Addr =~ s/::ffff://;
   my $PackedAddr = pack('C4', split /\./,$Addr);
   if (my $name = gethostbyaddr ($PackedAddr,2)) {
       my $val = "$name ($Addr)";
       $LookupCache{$Addr} = $val;
       return $val;
   } else {
       $LookupCache{$Addr} = $Addr;
       return ($Addr);
   }
Comment 11 Elliot Lee 2004-08-20 13:23:12 EDT
It sounds like the issue now is that logwatch doesn't know how to
resolve IPv6 addresses. There is a perl Socket6 module that provides
access to getaddrinfo(), but for now I don't see that getting pulled
in. Perhaps a future perl release will include it, or perhaps upstream
logwatch will know how to make use of it if it is installed...? I
don't see any actions to take right now, though.
Comment 12 Peter Bieringer 2004-08-28 10:03:28 EDT
See also
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=123088
Comment 13 Matthew Miller 2005-04-26 12:16:02 EDT
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Comment 14 Peter Bieringer 2005-04-28 10:04:09 EDT
FC3 contain logwatch-5.2.2-1.FC3.1, so the original bug is gone away.

The other issue "unresolvable IPv6 address" is in conjunction with missing IPv6
support in Perl.

Mho: close this entry.
Comment 15 Brian Epstein 2010-08-31 09:26:13 EDT
*** Bug 616828 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.