rpms/logwatch
7
0
Fork 0
Code Issues Pull Requests Releases Activity

refix: sshd log format changed (#1317620)

Browse Source 
Related: #1317620
This commit is contained in:
Jan Synacek 2017-08-29 09:26:59 +02:00
parent 226b12e187
commit e6cf1ad203
2 changed files with 32 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
logwatch-sshd-2.patch Normal file
View File

@ -0,0 +1,26 @@
Resolves: #1317620
--- logwatch-7.4.3/scripts/services/sshd 2017-08-29 09:16:47.087028191 +0200
+++ logwatch-7.4.3-new/scripts/services/sshd 2017-08-29 09:19:37.372081596 +0200
@@ -297,7 +297,9 @@ while (defined(my $ThisLine = <STDIN>))
($ThisLine =~ /Starting session: (forced-command|subsystem|shell|command)/ ) or
($ThisLine =~ /Found matching \w+ key:/ ) or
($ThisLine =~ /User child is on pid \d/ ) or
- ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/)
+ ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/) or
+ ($ThisLine =~ /Exiting on signal .*$/) or
+ ($ThisLine =~ /Disconnected from (?:[^ ]*) port .*$/)
) {
# Ignore these
} elsif ( my ($Method,$User,$Host,$Port,$Key) = ($ThisLine =~ /^Accepted (\S+) for ((?:invalid user )?\S+) from ([\d\.:a-f]+) port (\d+) ssh[12](?:: (\w+))?/) ) {
@@ -387,7 +389,9 @@ while (defined(my $ThisLine = <STDIN>))
$RefusedConnections{$1}++;
} elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) {
$RefusedAuthentication{$Reason}++;
- } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*) port [^ ]*: (.*)$/)) {
+ # Old format: Received disconnect from 192.168.122.1: 11: disconnected by user
+ # New format: Received disconnect from 192.168.122.1 port 43680:11: disconnected by user
+ } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*)(?: port \d+)?: ?(.*)$/)) {
# Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO
if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;}
} elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) {

7
logwatch.spec
View File

@ -1,7 +1,7 @@
Summary: A log file analysis program
Name: logwatch
Version: 7.4.3
Release: 5%{?dist}
Release: 6%{?dist}
License: MIT
Group: Applications/System
URL: http://www.logwatch.org/
@ -20,6 +20,7 @@ Patch4: logwatch-postfix.patch
Patch5: logwatch-journal.patch
# https://sourceforge.net/p/logwatch/git/ci/ed6eb62f40cb97f71f3df4d982682de68cdf1037/
Patch6: logwatch-journald-source.patch
Patch7: logwatch-sshd-2.patch
BuildRequires: perl-generators
Requires: textutils sh-utils grep mailx
Requires: perl(Date::Manip)
@ -43,6 +44,7 @@ of the package on many systems.
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
rm -f scripts/services/*.orig
%build
@ -142,6 +144,9 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
%{_mandir}/man*/*
%changelog
* Tue Aug 29 2017 Jan Synáček <jsynacek@redhat.com> - 7.4.3-6
- refix: sshd log format changed (#1317620)
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7.4.3-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild