From Bugzilla Helper: User-Agent: Mozilla/5.0 Galeon/1.2.3 (X11; Linux i686; U;) Gecko/20020523 Description of problem: The /etc/log.d/scripts/services/secure script fails to match messages reporting connections to the sgi_fam service. These appear in the "**Unmatched Entries**" bucket rather than in the "Connections:" list where they belong. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Connect to sgi_fam one or more times. For example, launch KDE or a version of Nautilus built with FAM support. 2. Generate a logwatch report. Actual Results: In the "Connections (secure-log)" section of the report, lines like the following appear in the "**Unmatched Entries**" area: xinetd[798]: START: sgi_fam pid=1113 from=<no address> Expected Results: Those connectios should have been tallied and reported in the "Connections:" area instead. Additional info: The bug appears on line 108 of /etc/log.d/scripts/services/secure, which uses the following regular expression: /^xinetd\[\d+\]: START: ([^ ]+) pid=\d+ from=([^ \n]+)$/ Observe that the "from" address cannot contain any spaces. However, connections to sgi_fam do not report a proper address, so the actual lines look like this: xinetd[798]: START: sgi_fam pid=1113 from=<no address> Note that "<no address>" contains a space. Therefore, the regular expression fails to match. I recommend changing that pattern to something like: /^xinetd\[\d+\]: START: ([^ ]+) pid=\d+ from=(<no address>|[^ \n]+)$/ Or even simply: /^xinetd\[\d+\]: START: ([^ ]+) pid=\d+ from=(.+)$/
Fixed & lightly tested (and also fixed matching to find xinetd-ipv6 lines, yay for me :)