- Resolves: #440534 Some unmatched OpenVPN log lines
- add parsing of new logw to audit and cron service
This commit is contained in:
parent
76f3cdb747
commit
0b230704cb
30
logwatch-7.3.6-audit2.patch
Normal file
30
logwatch-7.3.6-audit2.patch
Normal file
@ -0,0 +1,30 @@
|
||||
diff -up logwatch-7.3.6/scripts/services/audit.pom logwatch-7.3.6/scripts/services/audit
|
||||
--- logwatch-7.3.6/scripts/services/audit.pom 2008-03-05 11:18:41.000000000 +0100
|
||||
+++ logwatch-7.3.6/scripts/services/audit 2008-04-04 11:05:07.000000000 +0200
|
||||
@@ -115,6 +115,8 @@ while ($ThisLine = <STDIN>) {
|
||||
$grants{$2.' '.$3.' ('.$1.$4 . ')'}++;
|
||||
} elsif ($ThisLine =~ /security_compute_sid:\s*invalid context\s*(\S+)\s*for\s*scontext=(\S+)\s*tcontext=(\S+)\s*tclass=(\S+)/ ) {
|
||||
$InvalidContext{$4." running as ".$2." acting on ".$3." \nshould transit to invalid ".$1}++;
|
||||
+ } elsif ($ThisLine =~ /security_sid_mls_copy:\s*invalid context\s*(\S+)/) {
|
||||
+ $InvalidContext{"context: ".$1}++;
|
||||
} else {
|
||||
$othercount++;
|
||||
$ThisLine =~ s/^\s*//;
|
||||
@@ -129,6 +131,8 @@ while ($ThisLine = <STDIN>) {
|
||||
$grants{$1.' '.$2.' ('.$3 . ')'}++;
|
||||
} elsif ($ThisLine =~ /security_compute_sid:\s*invalid context\s*(\S+)\s*for\s*scontext=(\S+)\s*tcontext=\S+\s*tclass=(\S+)/ ) {
|
||||
$InvalidContext{$3." running as ".$2." should transit to invalid ".$1}++;
|
||||
+ } elsif ($ThisLine =~ /security_sid_mls_copy:\s*invalid context\s*(\S+)/) {
|
||||
+ $InvalidContext{"context: ".$1}++;
|
||||
} else {
|
||||
$othercount++;
|
||||
$ThisLine =~ s/^\s*//;
|
||||
@@ -143,6 +147,8 @@ while ($ThisLine = <STDIN>) {
|
||||
$grants{$1.' '.$2.' ('.$3 . ')'}++;
|
||||
} elsif ($ThisLine =~ /security_compute_sid:\s*invalid context\s*(\S+)\s*for\s*scontext=(\S+)\s*tcontext=\S+\s*tclass=(\S+)/ ) {
|
||||
$InvalidContext{$3." running as ".$2." should transit to invalid ".$1}++;
|
||||
+ } elsif ($ThisLine =~ /security_sid_mls_copy:\s*invalid context\s*(\S+)/) {
|
||||
+ $InvalidContext{"context: ".$1}++;
|
||||
} else {
|
||||
$othercount++;
|
||||
$ThisLine =~ s/^\s*//;
|
||||
@ -5,7 +5,7 @@
|
||||
) ) {
|
||||
$INCRONDErr{$Error}++;
|
||||
+ } elsif ( ($ThisLine =~ /crond/) &&
|
||||
+ (($Error) = ($ThisLine =~ /(failed to open PAM security session: Permission denied)/))
|
||||
+ (($Error) = ($ThisLine =~ /(failed to open PAM security session: (Permission denied|Module is unknown))/))
|
||||
+ ) {
|
||||
+ $CRONDErr{$Error}++;
|
||||
} else {
|
||||
|
||||
37
logwatch-7.3.6-openvpn2.patch
Normal file
37
logwatch-7.3.6-openvpn2.patch
Normal file
@ -0,0 +1,37 @@
|
||||
diff -up logwatch-7.3.6/scripts/services/openvpn.pom logwatch-7.3.6/scripts/services/openvpn
|
||||
--- logwatch-7.3.6/scripts/services/openvpn.pom 2008-04-04 12:35:34.000000000 +0200
|
||||
+++ logwatch-7.3.6/scripts/services/openvpn 2008-04-04 13:22:18.000000000 +0200
|
||||
@@ -51,7 +51,7 @@ while (defined($ThisLine = <STDIN>)) {
|
||||
($ThisLine =~ /^MULTI: multi_create_instance called/) or
|
||||
($ThisLine =~ /^MULTI: primary virtual IP for/) or
|
||||
($ThisLine =~ /^MULTI: TCP INIT maxclients=\d+ maxevents=\d+/) or
|
||||
- ($ThisLine =~ /^MULTI: bad source address from client .*, packet dropped/) or
|
||||
+ ($ThisLine =~ /MULTI: bad source address from client .*, packet dropped/) or
|
||||
($ThisLine =~ /^Need IPv6 code in mroute_extract_addr_from_packet/) or
|
||||
($ThisLine =~ /^NOTE: UID\/GID downgrade will be delayed because of --client, --pull, or --up-delay/) or
|
||||
($ThisLine =~ /^OPTIONS IMPORT/) or
|
||||
@@ -108,6 +108,9 @@ while (defined($ThisLine = <STDIN>)) {
|
||||
$ConnErrors{$error}{"$proto"}++;
|
||||
} elsif (($name) = ($ThisLine =~ /MULTI: new connection by client '(.*)' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect./)) {
|
||||
$ConnectCauseDrop{$name}++;
|
||||
+ } elsif ((($Err) = ($ThisLine =~ /(read UDPv4 \[ECONNREFUSED\]: Connection refused \(code=111\))/)) or
|
||||
+ (($Err) = ($ThisLine =~ /(read UDPv4 \[EHOSTUNREACH\]: No route to host \(code=113\))/))) {
|
||||
+ $Error{$Err}++;
|
||||
} else {
|
||||
# Report any unmatched entries...
|
||||
# remove PID from named messages
|
||||
@@ -199,6 +202,14 @@ if (keys %ConnectCauseDrop) {
|
||||
}
|
||||
}
|
||||
|
||||
+if (keys %Error) {
|
||||
+ print "\n UDPv4 errors:\n";
|
||||
+ foreach $Err (sort keys %Error) {
|
||||
+ print " " . $Err . ": " .$Error{$Err}. " Time(s)\n";
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+
|
||||
if (keys %OtherList) {
|
||||
print "\n**Unmatched Entries**\n";
|
||||
foreach $line (sort {$a cmp $b} keys %OtherList) {
|
||||
@ -1,7 +1,7 @@
|
||||
Summary: A log file analysis program
|
||||
Name: logwatch
|
||||
Version: 7.3.6
|
||||
Release: 20%{?dist}
|
||||
Release: 21%{?dist}
|
||||
License: MIT
|
||||
Group: Applications/System
|
||||
URL: http://www.logwatch.org/
|
||||
@ -37,6 +37,8 @@ Patch31: logwatch-7.3.6-openvpn.patch
|
||||
Patch32: logwatch-7.3.6-postfix.patch
|
||||
Patch33: logwatch-7.3.6-cron4.patch
|
||||
Patch34: logwatch-7.3.6-dovecot_back.patch
|
||||
Patch35: logwatch-7.3.6-audit2.patch
|
||||
Patch36: logwatch-7.3.6-openvpn2.patch
|
||||
|
||||
Requires: textutils sh-utils grep mailx
|
||||
Requires: perl(Date::Manip)
|
||||
@ -82,6 +84,8 @@ of the package on many systems.
|
||||
%patch32 -p1
|
||||
%patch33 -p1
|
||||
%patch34 -p1
|
||||
%patch35 -p1
|
||||
%patch36 -p1
|
||||
rm -f scripts/services/*.orig
|
||||
|
||||
%build
|
||||
@ -195,8 +199,13 @@ rm -rf %{buildroot}
|
||||
%doc License project/CHANGES
|
||||
|
||||
%changelog
|
||||
* Fri Apr 4 2008 Ivana Varekova <varekova@redhat.com> 7.3.6-21
|
||||
- Resolves: #440534
|
||||
Some unmatched OpenVPN log lines
|
||||
- add parsing of new logw to audit and cron service
|
||||
|
||||
* Wed Mar 5 2008 Ivana Varekova <varekova@redhat.com> 7.3.6-20
|
||||
- resolves 436058
|
||||
- Resolves: #436058
|
||||
dovecot script for logwatch needs fix for IPv6
|
||||
|
||||
* Thu Feb 14 2008 Ivana Varekova <varekova@redhat.com> 7.3.6-19
|
||||
|
||||
Loading…
Reference in New Issue
Block a user