From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.3 (X11; Linux i686; U;) Gecko/20020523

Description of problem:
The /etc/log.d/scripts/services/secure script fails to match messages reporting
connections to the sgi_fam service.  These appear in the "**Unmatched Entries**"
bucket rather than in the "Connections:" list where they belong.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Connect to sgi_fam one or more times.  For example, launch KDE or a version
of Nautilus built with FAM support.
2. Generate a logwatch report.

Actual Results:  In the "Connections (secure-log)" section of the report, lines
like the following appear in the "**Unmatched Entries**" area:

    xinetd[798]: START: sgi_fam pid=1113 from=<no address>

Expected Results:  Those connectios should have been tallied and reported in the
"Connections:" area instead.

Additional info:

The bug appears on line 108 of /etc/log.d/scripts/services/secure, which uses
the following regular expression:

    /^xinetd\[\d+\]: START: ([^ ]+) pid=\d+ from=([^ \n]+)$/

Observe that the "from" address cannot contain any spaces.  However, connections
to sgi_fam do not report a proper address, so the actual lines look like this:

    xinetd[798]: START: sgi_fam pid=1113 from=<no address>

Note that "<no address>" contains a space.  Therefore, the regular expression
fails to match.

I recommend changing that pattern to something like:

    /^xinetd\[\d+\]: START: ([^ ]+) pid=\d+ from=(<no address>|[^ \n]+)$/

Or even simply:

    /^xinetd\[\d+\]: START: ([^ ]+) pid=\d+ from=(.+)$/