rpms/logwatch
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8s
Branches Tags
rpms:c8s
rpms:c9s
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c8
rpms:c8-beta
rpms:imports/c10s/logwatch-7.11-5.el10
rpms:imports/c9/logwatch-7.5.5-8.el9
rpms:imports/c9-beta/logwatch-7.5.5-8.el9
rpms:imports/c10s/logwatch-7.11-4.el10
rpms:imports/c10s/logwatch-7.11-3.el10
rpms:imports/c9-beta/logwatch-7.5.5-7.el9
rpms:imports/c10s/logwatch-7.11-2.el10
rpms:imports/c10s/logwatch-7.10-3.el10
rpms:imports/c10s/logwatch-7.10-2.el10
rpms:imports/c8/logwatch-7.4.3-21.el8
rpms:imports/c9/logwatch-7.5.5-6.el9
rpms:imports/c8-beta/logwatch-7.4.3-21.el8
rpms:imports/c9-beta/logwatch-7.5.5-6.el9
rpms:imports/c9/logwatch-7.5.5-4.el9
rpms:imports/c9-beta/logwatch-7.5.5-4.el9
rpms:imports/c8/logwatch-7.4.3-11.el8
rpms:imports/c8-beta/logwatch-7.4.3-11.el8
rpms:imports/c8-beta/logwatch-7.4.3-9.el8
rpms:imports/c8/logwatch-7.4.3-9.el8
rpms:imports/c8s/logwatch-7.4.3-11.el8
...
pull from: rpms:c10s
Branches Tags
rpms:c9s
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c8
rpms:c8-beta
rpms:c8s
rpms:imports/c10s/logwatch-7.11-5.el10
rpms:imports/c9/logwatch-7.5.5-8.el9
rpms:imports/c9-beta/logwatch-7.5.5-8.el9
rpms:imports/c10s/logwatch-7.11-4.el10
rpms:imports/c10s/logwatch-7.11-3.el10
rpms:imports/c9-beta/logwatch-7.5.5-7.el9
rpms:imports/c10s/logwatch-7.11-2.el10
rpms:imports/c10s/logwatch-7.10-3.el10
rpms:imports/c10s/logwatch-7.10-2.el10
rpms:imports/c8/logwatch-7.4.3-21.el8
rpms:imports/c9/logwatch-7.5.5-6.el9
rpms:imports/c8-beta/logwatch-7.4.3-21.el8
rpms:imports/c9-beta/logwatch-7.5.5-6.el9
rpms:imports/c9/logwatch-7.5.5-4.el9
rpms:imports/c9-beta/logwatch-7.5.5-4.el9
rpms:imports/c8/logwatch-7.4.3-11.el8
rpms:imports/c8-beta/logwatch-7.4.3-11.el8
rpms:imports/c8-beta/logwatch-7.4.3-9.el8
rpms:imports/c8/logwatch-7.4.3-9.el8
rpms:imports/c8s/logwatch-7.4.3-11.el8

No commits in common. "c8s" and "c10s" have entirely different histories.
c8s ... c10s

31 changed files with 588 additions and 684 deletions
Show Stats Expand all files Collapse all files

1
.fmf/version Normal file
View File

@ -0,0 +1 @@
1

12
.gitignore vendored
View File

@ -1,2 +1,10 @@
SOURCES/logwatch-7.4.3.tar.gz
/logwatch-7.4.3.tar.gz
/logwatch-*.tar.gz
/logwatch-*.tar.xz
/0README.txt
/doprep.sh
/dotest.sh
/doall.sh
/logwatch-*/
*.rpm
/.build-*.log
/results_logwatch/

19
auditd-startup-messages.patch
View File

@ -1,19 +0,0 @@
--- a/scripts/services/audit 2022/01/22 17:22:03
+++ b/scripts/services/audit 2022/01/22 17:35:34
@@ -134,10 +134,13 @@
( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): table=/) or
( $ThisLine =~ /audit_printk_skb: [0-9]* callbacks suppressed/) or
( $ThisLine =~ /item=[0-9] name="\S*" inode=[0-9]+ dev=\S* mode=[0-9]* ouid=[0-9]* ogid=[0-9]* rdev=[0-9:]* obj=\S*/) or
- ( $ThisLine =~ /^auditctl(?:\[[0-9]+\])?: No rules$/ )
+ ( $ThisLine =~ /^auditctl(?:\[[0-9]+\])?: No rules$/ ) or
+ ( $ThisLine =~ /No plugins found, not dispatching events/ )
) {
# Ignore these entries
- } elsif ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/) {
+ } elsif (( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/ ) or
+ ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): state=initialized / )
+ ) {
$NumberOfInits++;
} elsif ( $ThisLine =~ /Init complete, audit pid set to: [0-9]+/) {
$NumberOfDStartsPid++;

2
ci.fmf Normal file
View File

@ -0,0 +1,2 @@
# Docs: https://docs.fedoraproject.org/en-US/ci/tmt/#_multiple_plans
resultsdb-testcase: separate

11
deduplicate-sudo.patch
View File

@ -1,11 +0,0 @@
--- a/conf/services/secure.conf 2016-03-30 23:32:33.000000000 +0200
+++ b/conf/services/secure.conf 2023-06-27 19:42:42.296713366 +0200
@@ -24,7 +24,7 @@
# Use this to ignore certain services in the secure log.
# You can ignore as many services as you would like.
# (we ignore sshd because its entries are processed by the sshd script)
-$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd
+$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd sudo
# For these services, summarize only (i.e. don't least each IP, just
# list the number of connections total)

4
gating.yaml
View File

@ -1,6 +1,6 @@
--- !Policy
product_versions:
- rhel-8
- rhel-*
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: osci.brew-build./plans/tier1-internal.functional}

13
ignore-server-ready.patch
View File

@ -1,13 +0,0 @@
--- a/scripts/services/fail2ban
+++ b/scripts/services/fail2ban
@@ -91,7 +91,8 @@
($ThisLine =~ /INFO\s+(Stopping all jails|Exiting Fail2ban)/) or
($ThisLine =~ /INFO\s+Initiated '.*' backend/) or
($ThisLine =~ /INFO\s+(Added logfile = .*|Set maxRetry = \d+|Set findtime = \d+|Set banTime = \d+)/) or
- ($ThisLine =~ /Unable to find a corresponding IP address for .*: \[Errno -2\] Name or service not known/)
+ ($ThisLine =~ /Unable to find a corresponding IP address for .*: \[Errno -2\] Name or service not known/) or
+ ($ThisLine =~ /: Server ready$/)
)
{
if ( $Debug >= 6 ) {

13
logwatch-dovecot.patch
View File

@ -1,13 +0,0 @@
diff --git a/scripts/services/dovecot b/scripts/services/dovecot
index 95fc6e9..c9fccbc 100755
--- a/scripts/services/dovecot
+++ b/scripts/services/dovecot
@@ -186,7 +186,7 @@ while (defined($ThisLine = <STDIN>)) {
$Deliver{$User}{$Mailbox}++;
# For Sieve-based delivery
- } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\): sieve: msgid=.*: stored mail into mailbox '(.*)'/ ) ) {
+ } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\)(?:<[^>]+><[^>]+>)?: sieve: msgid=.*: stored mail into mailbox '(.*)'/ ) ) {
$Deliver{$User}{$Mailbox}++;
# LMTP-based delivery

278
logwatch-f36.patch Normal file
View File

@ -0,0 +1,278 @@
diff --git a/conf/services/fail2ban.conf b/conf/services/fail2ban.conf
index 443232e..706c493 100644
--- a/conf/services/fail2ban.conf
+++ b/conf/services/fail2ban.conf
@@ -38,3 +38,7 @@ LogFile = messages
# Default length is 80.
# This can be disabled by setting the length to 0 or -1.
# $fail2ban_error_length = 80
+
+# Set this to true if actionflush is set to true to avoid the following message:
+# ERROR: Lost track of flushing services
+# $fail2ban_ignore_flushing = 1
diff --git a/scripts/services/dovecot b/scripts/services/dovecot
index b01f3de..00a3c7c 100644
--- a/scripts/services/dovecot
+++ b/scripts/services/dovecot
@@ -134,6 +134,7 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ /discarded duplicate forward to/) or
($ThisLine =~ /discarding vacation response/) or
($ThisLine =~ /discarded vacation reply to/) or
+ ($ThisLine =~ /Warning: Shutting down logging/) or
($ThisLine =~ /Debug:/) or
($ThisLine =~ /Plaintext authentication disabled/) or
($ThisLine =~ /^$dovecottag imap\(\w+\): Mailbox renamed:/) or
diff --git a/scripts/services/fail2ban b/scripts/services/fail2ban
index 4f53f8f..175ab8c 100644
--- a/scripts/services/fail2ban
+++ b/scripts/services/fail2ban
@@ -29,6 +29,7 @@ use Logwatch ':all';
my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my $IgnoreHost = $ENV{'sshd_ignore_host'} || "";
+my $IgnoreFlushing = $ENV{'fail2ban_ignore_flushing'} || "";
my $ErrLen = $ENV{'fail2ban_error_length'} || 80;
my $DebugCounter = 0;
my $ReInitializations = 0;
@@ -40,7 +41,7 @@ my %WarningList = ();
my %InfoList = ();
my %NoticeList = ();
my %OtherList = ();
-my %Flushing = (); # keep track of which services being flushed
+my %Flushing = (); # keep track of which services being flushed
my %ServicesBans = ();
my %ServicesFound = ();
@@ -52,8 +53,8 @@ $Action, $Host, $Message,
$NumFailures, $Service
);
if ( $Debug >= 5 ) {
- print STDERR "\n\nDEBUG: Inside Fail2Ban Filter \n\n";
- $DebugCounter = 1;
+ print STDERR "\n\nDEBUG: Inside Fail2Ban Filter \n\n";
+ $DebugCounter = 1;
}
while (defined(my $ThisLine = <STDIN>)) {
@@ -88,12 +89,12 @@ while (defined(my $ThisLine = <STDIN>)) {
if ( $Debug >= 6 ) {
print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
}
- if (exists $Flushing{$Service}) {
- if ($Action =~ /Unban/) {
- $ServicesBans{$Service}{$Host}{'FlushUnban'}++;
+ if (exists $Flushing{$Service}) {
+ if ($Action =~ /Unban/) {
+ $ServicesBans{$Service}{$Host}{'FlushUnban'}++;
$ServicesBans{$Service}{"(all)"}{'FlushUnban'}++;
- } else {
- print STDERR "ERROR: Lost track of flushing services\n";
+ } elsif ( ! $IgnoreFlushing ) {
+ print STDERR "ERROR: Lost track of flushing services\n";
}
} else {
$ServicesBans{$Service}{$Host}{$Action}++;
@@ -115,7 +116,7 @@ while (defined(my $ThisLine = <STDIN>)) {
} elsif ($ThisLine =~ /ERROR.*returned \d+$/) {
push @ActionErrors, "$ThisLine\n";
} elsif (($ThisLine =~ /..,... WARNING: \#\S+ reinitialization of firewalls/) or
- ($ThisLine =~ / ERROR\s*Invariant check failed. Trying to restore a sane environment/)) {
+ ($ThisLine =~ / ERROR\s*Invariant check failed. Trying to restore a sane environment/)) {
$ReInitializations++;
} elsif ($ThisLine =~ /..,... WARNING: is not a valid IP address/) {
# just ignore - this will be fixed within fail2ban and is harmless warning
@@ -125,26 +126,26 @@ while (defined(my $ThisLine = <STDIN>)) {
$ServicesIgnored{$Service}{$Host}++;
# Generic messages
} elsif ( ($Message) = ($ThisLine =~ / ERROR (.*)$/)) {
- # Fail2ban can dump huge error messages in its logs
- if ($ErrLen > 3 && length($Message) > $ErrLen) {
+ # Fail2ban can dump huge error messages in its logs
+ if ($ErrLen > 3 && length($Message) > $ErrLen) {
$ErrorList{substr($Message,0,$ErrLen-3).'...'}++;
- } else {
+ } else {
$ErrorList{$Message}++;
}
} elsif ( ($Message) = ($ThisLine =~ / WARNING (.*)$/)) {
$WarningList{$Message}++;
} elsif ( ($Message) = ($ThisLine =~ / INFO (.*)$/)) {
$InfoList{$Message}++;
- if ( ($Service) = ($Message =~ /Jail \'(.*)\' stopped/)) {
- delete $Flushing{$Service};
+ if ( ($Service) = ($Message =~ /Jail \'(.*)\' stopped/)) {
+ delete $Flushing{$Service};
}
- if ( ($Service) = ($Message =~ /Stopping all jails|Exiting Fail2ban/)) {
- %Flushing = ();
+ if ( ($Service) = ($Message =~ /Stopping all jails|Exiting Fail2ban/)) {
+ %Flushing = ();
}
} elsif ( ($Message) = ($ThisLine =~ / NOTICE (.*)$/)) {
$NoticeList{$Message}++;
- if ( ($Service) = ($Message =~ /\[(.*)\] Flush ticket/)) {
- $Flushing{$Service} = 1;
+ if ( ($Service) = ($Message =~ /\[(.*)\] Flush ticket/)) {
+ $Flushing{$Service} = 1;
}
} else {
# Report any unmatched entries...
diff --git a/scripts/services/named b/scripts/services/named
index 2c94b30..6a85dee 100644
--- a/scripts/services/named
+++ b/scripts/services/named
@@ -129,6 +129,7 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ /configuring command channel from/) or
($ThisLine =~ /interface ignored/) or
($ThisLine =~ /no IPv6 interfaces found/) or
+ ($ThisLine =~ /IPv6 socket API is incomplete; explicitly binding to each IPv6 address separately/) or
($ThisLine =~ /using \d+ UDP listeners? per interface/) or
($ThisLine =~ /^running/) or
($ThisLine =~ /^exiting/) or
@@ -166,6 +167,7 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ /zone .*: zone serial unchanged. zone may fail to transfer to slaves/) or
($ThisLine =~ /zone .*: loading from master file .* failed/) or
($ThisLine =~ /zone .*: NS '.*' has no address records/) or
+ ($ThisLine =~ /zone .* \(signed\): receive_secure_serial: unchanged/) or
($ThisLine =~ /.*: not a valid number$/) or
($ThisLine =~ /^(.*: )?unexpected end of input/) or
($ThisLine =~ /too many timeouts resolving '.*' .*: disabling EDNS/) or
@@ -173,7 +175,8 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ /reloading zones succeeded/) or
($ThisLine =~ /generating session key/) or
($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or
- ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after reducing the advertised EDNS UDP packet size to 512 octets/) or
+ ($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or
+ ($ThisLine =~ /success resolving '.*' after disabling qname minimization due to 'failure'/) or
($ThisLine =~ /the working directory is not writable/) or
($ThisLine =~ /using default UDP\/IPv[46] port range: \[[0-9]*, [0-9]*\]/) or
($ThisLine =~ /adjusted limit on open files from [0-9]* to [0-9]*/) or
@@ -205,7 +208,7 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ /using built-in trusted-keys/) or
($ThisLine =~ /using built-in keys instead/) or
($ThisLine =~ /set up managed keys zone/) or
- ($ThisLine =~ /managed-keys-zone.*key now trusted/) or
+ ($ThisLine =~ /managed-keys-zone.*[Kk]ey .*now trusted/) or
($ThisLine =~ /forwarding update for zone/) or
($ThisLine =~ /forwarded dynamic update: master [^ ]* returned: (NXRRSET|YXDOMAIN)/) or
($ThisLine =~ /using .* as GeoIP directory/) or
@@ -416,28 +419,28 @@ while (defined(my $ThisLine = <STDIN>)) {
} elsif (($Client,$Net,$Zone,$Response) = ($ThisLine =~/client ([^#]+)(?:#\d+)? \(.*\): (?:view \w+: )?rate limit slip response to (\S+)(?: for (\S+))? (.*) +\(/)) {
$Zone = "None" unless defined($Zone);
$LimitSlip{$Zone}{$Response}{$Net}{$Client}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): got insecure response; parent indicates it should be secure/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): got insecure response; parent indicates it should be secure/)) {
$DNSSECInsec{'__Total__'}++;
$DNSSECInsec{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): no valid signature found/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): no valid signature found/)) {
$DNSSECInvalid{'__Total__'}++;
$DNSSECInvalid{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): bad cache hit/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): bad cache hit/)) {
$DNSSECBadCache{'__Total__'}++;
$DNSSECBadCache{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): verify failed due to bad signature/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating \@0x[[:xdigit:]]+: (.*) (\w+): verify failed due to bad signature/)) {
$DNSSECInvalid{'__Total__'}++;
$DNSSECInvalid{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): got insecure response; parent indicates it should be secure/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating ([^\/]*)\/(\w+): got insecure response; parent indicates it should be secure/)) {
$DNSSECInsec{'__Total__'}++;
$DNSSECInsec{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): no valid signature found/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating ([^\/]*)\/(\w+): no valid signature found/)) {
$DNSSECInvalid{'__Total__'}++;
$DNSSECInvalid{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): verify failed due to bad signature/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating ([^\/]*)\/(\w+): verify failed due to bad signature/)) {
$DNSSECInvalid{'__Total__'}++;
$DNSSECInvalid{$Zone}{$RR}++;
- } elsif (($Zone,$RR) = ($ThisLine =~ /^\s*validating ([^\/]*)\/(\w+): bad cache hit/)) {
+ } elsif (($Zone,$RR) = ($ThisLine =~ /^(?:view \w+:)\s*validating ([^\/]*)\/(\w+): bad cache hit/)) {
$DNSSECBadCache{'__Total__'}++;
$DNSSECBadCache{$Zone}{$RR}++;
} elsif (($Error,$Host) = ($ThisLine =~ /^(?:error \()?(.*)\)? resolving '([^']+)':/)) {
diff --git a/scripts/services/nut b/scripts/services/nut
index a55a764..c31e291 100644
--- a/scripts/services/nut
+++ b/scripts/services/nut
@@ -64,7 +64,9 @@ while (defined(my $ThisLine = <STDIN>)) {
or $ThisLine =~ /^upsdrvctl: Using subdriver:/
or $ThisLine =~ /^upsdrvctl: using '.*' to set battery low state/
or $ThisLine =~ /^upsd: listening on /
+ or $ThisLine =~ /^upsd: mainloop: Interrupted system call/
or $ThisLine =~ /^upsd: Network UPS Tools upsd/
+ or $ThisLine =~ /^upsd: fopen \S+\/upsd.pid: No such file or directory/
or $ThisLine =~ /^upsmon: Connected to/
or $ThisLine =~ /^upsmon: Connecting in SSL to/
or $ThisLine =~ /^upsmon: Certificate verification is disabled/
diff --git a/scripts/services/systemd b/scripts/services/systemd
index 3ba8ab7..e3d63a3 100644
--- a/scripts/services/systemd
+++ b/scripts/services/systemd
@@ -84,6 +84,7 @@ while (defined(my $ThisLine = <STDIN>)) {
# Extransous scope messages with LanSweeper - revisit with EL8.4
$ThisLine =~ /: Failed to add PIDs to scope's control group: No such process/ or
$ThisLine =~ /scope: Failed with result 'resources'/ or
+ $ThisLine =~ /session-[[:xdigit:]]+\.scope: Deactivated successfully\./ or
$ThisLine =~ /^Found device / or
$ThisLine =~ /Found dependency on / or
$ThisLine =~ /Got automount request for \/proc\// or
@@ -115,7 +116,7 @@ while (defined(my $ThisLine = <STDIN>)) {
$ThisLine =~ /^systemd .* running in system mode/ or
# This is preceeded by a more descriptive message
$ThisLine =~ /^This usually indicates unclean termination of a previous run, or service implementation deficiencies\.$/ or
- $ThisLine =~ /Transaction is destructive\./ or
+ $ThisLine =~ /Transaction (for .*)?is destructive/ or
$ThisLine =~ /^Unit .* is bound to inactive unit .*\. Stopping, too\./ or
$ThisLine =~ /Unit (.* is )?not needed anymore\. Stopping\./ or
$ThisLine =~ /[Ss]tart(-pre)? operation timed out\. Terminating\./ or
@@ -191,7 +192,7 @@ while (defined(my $ThisLine = <STDIN>)) {
} elsif (($target) = ($ThisLine =~ /^Reached target (.*)\.$/)) {
$Target{$target}++;
$LastTarget = $target;
- } elsif (($session, $user) = ($ThisLine =~ /^Started Session ([[:xdigit:]]+) of [uU]ser (.*)\.$/)) {
+ } elsif (($session, $user) = ($ThisLine =~ /^Started (?:session-[[:xdigit:]]+\.scope - )?Session ([[:xdigit:]]+) of [uU]ser (.*)\.$/)) {
$UserSession{$user}->{$session}++;
} elsif (($service) = ($ThisLine =~ /^Activated (.*)\.$/)) {
$Activated{$service}++;
diff --git a/scripts/services/xntpd b/scripts/services/xntpd
index 0e6c330..ad40274 100644
--- a/scripts/services/xntpd
+++ b/scripts/services/xntpd
@@ -89,6 +89,13 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ m/0\.0\.0\.0 [[:xdigit:]]{4} [[:xdigit:]]{2} /) or # startup
($ThisLine =~ m/Soliciting .*server/) or # startup
($ThisLine =~ m/kernel reports .*: Clock Unsynchronized/) or # startup
+ ($ThisLine =~ m/Starting/) or # startup
+ ($ThisLine =~ m/(Built|Running) with /) or # startup
+ ($ThisLine =~ m/successfully locked into RAM/) or # startup
+ ($ThisLine =~ m/Using SO_TIMESTAMPNS/) or # startup
+ ($ThisLine =~ m/MRU \d+ entries, \d+ hash bits, \d+ bytes/) or # startup
+ ($ThisLine =~ m/readconfig: parsing file:/) or # startup
+ ($ThisLine =~ m/Using system default root certificates\./) or # startup
($ThisLine =~ m/select([^\)]) error: Interrupted system call/) or
($ThisLine =~ m/signal_no_reset: signal \d+ had flags \d+/) or
($ThisLine =~ /Deleting interface \#[0-9]+ [^,]*, [^,]*, interface stats: received=.*, sent=.*, dropped=.*, active_time=.* secs/) or
@@ -99,6 +106,11 @@ while (defined(my $ThisLine = <STDIN>)) {
($ThisLine =~ /.* interface .* -> .*/) or
($ThisLine =~ /.* local addr .* -> .*/) or
($ThisLine =~ /Deferring DNS for/) or
+ ($ThisLine =~ /DNS: dns_take_status: /) or
+ ($ThisLine =~ /DNS: dns_probe: \S+, cast_flags:.+, flags:/) or
+ ($ThisLine =~ /DNS: dns_check: processing /) or
+ ($ThisLine =~ /DNS: (Server|Pool) taking: /) or
+ ($ThisLine =~ /SYNC: Found \d+ servers, suggest minsane /) or
($ThisLine =~ /ntp_io: estimated max descriptors: \d*, initial socket boundary: \d*/) or
($ThisLine =~ /peers refreshed$/) or
($ThisLine =~ /restrict: error in address/) or
@@ -119,6 +131,8 @@ while (defined(my $ThisLine = <STDIN>)) {
push @TimeReset, $TimeStep;
} elsif ( (undef,$TimeStep) = ($ThisLine =~ /(step|adjust) time server [^ ]+ offset ([^ ]+) sec$/ )) {
push @TimeReset, $TimeStep;
+ } elsif ( ($TimeStep) = ($ThisLine =~ /time stepped by ([^ ]+)$/ )) {
+ push @TimeReset, $TimeStep;
} elsif ( ($TimeStep) = ($ThisLine =~ /adjusting local clock by ([^ ]+)s$/ )) {
# Jacob Joseph (12/8/06)
push @TimeReset, $TimeStep;

20
logwatch-failed-login.patch
View File

@ -1,20 +0,0 @@
--- a/scripts/services/sshd 2022/01/20 15:28:35 1.1
+++ b/scripts/services/sshd 2022/01/20 15:32:01
@@ -1,3 +1,5 @@
+#!/usr/bin/env perl
+
##########################################################################
# $Id$
##########################################################################
@@ -376,6 +378,11 @@
print STDERR "DEBUG: Found -Failed login- line\n";
}
$BadLogins{$Host}{"$User/$Method"}++;
+ } elsif ( my ($User,$Host) = ( $ThisLine =~ m/^Disconnected from authenticating user (\S+) (\S+) / ) ) {
+ if ( $Debug >= 5 ) {
+ print STDERR "DEBUG: Found -Disconnected Failed login- line\n";
+ }
+ $BadLogins{$Host}{$User}++;
} elsif ($ThisLine =~ s/^(log: )?Could not reverse map address ([^ ]*).*$/$2/) {
$NoRevMap{$ThisLine}++;
} elsif ( my ($Address) = ($ThisLine =~ /^reverse mapping checking getaddrinfo for (\S+( \[\S+\])?) failed - POSSIBLE BREAK-IN ATTEMPT!/)) {

95
logwatch-journal.patch
View File

@ -1,95 +0,0 @@
commit 23e714ad43285d59c5b5852ef2c6013593d64671
Author: bjorn <bjorn1@users.sourceforge.net>
Date: Sun May 15 13:49:08 2016 -0700
[journalctl] Added shared script contributed by Mark Grimes.
diff --git a/scripts/shared/journalctl b/scripts/shared/journalctl
new file mode 100755
index 0000000..1627fd4
--- /dev/null
+++ b/scripts/shared/journalctl
@@ -0,0 +1,83 @@
+#!/usr/bin/perl
+#
+# The purpose of this script is to pass the output of the journalctl
+# command to the logwatch parsers. The corresponding conf/logfile
+# can be simple. The following example shows a logfile with two lines:
+# LogFile = /dev/null
+# *JournalCtl = "--output=cat --unit=service_name.service"
+#
+# In the example above, the arguments to the JournalCtl command are
+# passed to the journalctl system command. It is advised to delimit
+# the arguments in double quotes to preserve mixed case, if
+# applicable.
+
+use strict;
+use warnings;
+
+eval "use Date::Manip";
+my $hasDM = $@ ? 0 : 1;
+
+# logwatch passes arguments as one string delimited by single quotes
+my @args = split(" ", $ARGV[0]);
+my @range = get_range( $ENV{LOGWATCH_DATE_RANGE} );
+
+my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
+
+if ($Debug > 5) {
+ warn join " ", 'journalctl', @args, @range, "\n";
+}
+
+system( 'journalctl', @args, @range );
+
+sub get_range {
+ my $range = lc( shift || 'all' );
+ my @range;
+
+ if ( !$range || $range eq 'all' ) {
+ @range = ();
+ } elsif ( $range eq 'yesterday' ) {
+ push @range, '--since', 'yesterday', '--until', 'today';
+ } elsif ( $range eq 'today' ) {
+ push @range, '--since', 'today', '--until', 'tomorrow';
+ } elsif ($hasDM) {
+
+ # Strip off any period
+ $range =~
+ s/for\s+(?:those|that|this)\s+((year|month|day|hour|minute|second)s?)\s*$//;
+
+ # Look for between x and y
+ my ( $range1, $range2 ) =
+ ( $range =~ /^between\s+(.*)\s+and\s+(.*)\s*$/ );
+
+ # Look for since x
+ if ( $range =~ /^\s*since\s+/ ) {
+ ($range1) = ( $range =~ /\s*since\s+(.*)/ );
+ $range2 = "now";
+ }
+
+ # Now convert to journalctl friendly dates
+ if ( $range1 && $range2 ) {
+
+ # Parse dates
+ my $date1 = ParseDate($range1);
+ my $date2 = ParseDate($range2);
+
+ # Switch if date2 is before date1
+ if ( $date1 && $date2 and Date_Cmp( $date1, $date2 ) > 0 ) {
+ my $switch_date = $date1;
+ $date1 = $date2;
+ $date2 = $switch_date;
+ }
+
+ # If we ask for 1/1 to 1/2, we mean 1/2 inclusive. DM returns
+ # 1/2 00:00:00. So we add 1 day to the end time.
+ $date2 = DateCalc( $date2, '1 day' );
+
+ my $fmt = "%Y-%m-%d %H:%M:%S";
+ push @range, '--since', UnixDate( $date1, $fmt ), '--until',
+ UnixDate( $date2, $fmt );
+ }
+ }
+
+ return @range;
+}

38
logwatch-journald-source.patch
View File

@ -1,38 +0,0 @@
commit ed6eb62f40cb97f71f3df4d982682de68cdf1037
Author: Stefan Jakobs <projects@localside.net>
Date: Tue May 31 23:34:11 2016 +0200
support journald as source
diff --git a/scripts/services/syslog-ng b/scripts/services/syslog-ng
old mode 100755
new mode 100644
index dcd1692..d78c835
--- a/scripts/services/syslog-ng
+++ b/scripts/services/syslog-ng
@@ -1,5 +1,5 @@
###########################################################################
-# $Id$
+# $Id: syslog-ng 280 2014-12-24 15:29:13Z stefjakobs $
###########################################################################
###########################################################################
@@ -168,7 +168,7 @@ while (defined($ThisLine = <STDIN>)) {
$Stats_dest{$processed[$i+1]} =
$Stats_dest{$processed[$i+1]} + $processed[$i+2];
} elsif ($processed[$i] eq "source" || $processed[$i] eq "src.internal" ||
- $processed[$i] eq 'src.none' ) {
+ $processed[$i] eq 'src.none' || $processed[$i] eq 'src.journald') {
$Stats_source{$processed[$i+1]} =
$Stats_source{$processed[$i+1]} + $processed[$i+2];
} elsif ($processed[$i] eq "global") {
@@ -366,7 +366,8 @@ if (keys %Stats_center || keys %Stats_dest || keys %Stats_source ||
$lost_rcvd = 0 - $Stats_center{received};
map {
# skip 'src#X' as this seams to be aggregated into 'src'
- $lost_rcvd = $lost_rcvd + $Stats_source{$_} unless ($_ =~ /src#\d+/);
+ # skip 'journal' as this is not counted.
+ $lost_rcvd = $lost_rcvd + $Stats_source{$_} unless ($_ =~ /(?:src#\d+|journal)/);
} keys %Stats_source;
}
if ($Stats_center{queued} && %Stats_dest) {

74
logwatch-oldfiles.patch
View File

@ -1,74 +0,0 @@
Add '--no-oldfiles-log' option that suppresses a warning about old files in the
logwatch temporary directory.
Author: Ivana Varekova <varekova@redhat.com>
RH-Bugzilla: #230974
Backported-By: Jan Synacek <jsynacek@redhat.com>
--- logwatch-svn198/logwatch.8 2014-01-26 13:46:02.000000000 +0100
+++ logwatch-svn198/logwatch.8 2014-07-04 10:03:26.870415276 +0200
@@ -35,7 +35,7 @@
.I report format
.B ] [--encode
.I encoding to use
-.B ] [--numeric] [--version] [--help|--usage]
+.B ] [--numeric] [--no-oldfiles-log] [--version] [--help|--usage]
.SH DESCRIPTION
.B Logwatch
is a customizable, pluggable log-monitoring system. It will go
@@ -111,6 +111,9 @@
Number of characters that html output should be wrapped to. Default is 80.
.IP "\fB--numeric\fR"
Inhibits additional name lookups, displaying IP addresses numerically.
+.IP "\fB--no-oldfiles-log\fR"
+Suppress the logwatch log, which informs about the
+old files in logwatch tmpdir.
.IP "\fB--usage\fR"
Displays usage information
.IP "\fB--help\fR"
--- logwatch-svn198/scripts/logwatch.pl 2014-07-04 10:02:23.930302006 +0200
+++ logwatch-svn198/scripts/logwatch.pl 2014-07-04 10:05:01.588585717 +0200
@@ -187,6 +187,7 @@
my @TempServiceList = ();
my $Help = 0;
my $ShowVersion = 0;
+my $NoOldfilesLog = 0;
my ($tmp_mailto, $tmp_savefile);
&GetOptions ("d|detail=s" => \$Config{'detail'},
@@ -209,6 +210,7 @@
"hostformat=s" => \$Config{'hostformat'},
"hostlimit=s" => \$Config{'hostlimit'},
"html_wrap=s" => \$Config{'html_wrap'},
+ "no-oldfiles-log" => \$NoOldfilesLog,
"subject=s" => \$Config{'subject'}
) or &Usage();
@@ -632,7 +634,7 @@
opendir(TMPDIR, $Config{'tmpdir'}) or die "$Config{'tmpdir'} $!";
my @old_dirs = grep { /^logwatch\.\w{8}$/ && -d "$Config{'tmpdir'}/$_" }
readdir(TMPDIR);
-if (@old_dirs) {
+if ((@old_dirs) && ($NoOldfilesLog==0)) {
print "You have old files in your logwatch tmpdir ($Config{'tmpdir'}):\n\t";
print join("\n\t", @old_dirs);
print "\nThe directories listed above were most likely created by a\n";
@@ -1085,7 +1087,7 @@
sub Usage () {
# Show usage for this program
print "\nUsage: $0 [--detail <level>] [--logfile <name>] [--output <output_type>]\n" .
- " [--format <format_type>] [--encode <enconding>] [--numeric]\n" .
+ " [--format <format_type>] [--encode <enconding>] [--numeric] [--no-oldfiles-log]\n" .
" [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]\n" .
" [--filename <filename>] [--help|--usage] [--version] [--service <name>]\n" .
" [--hostformat <host_format type>] [--hostlimit <host1,host2>] [--html_wrap <num_characters>]\n\n";
@@ -1096,6 +1098,8 @@
print "--output <output type>: Report Output - stdout [default], mail, file.\n"; #8.0
print "--format <formatting>: Report Format - text [default], html.\n"; #8.0
print "--encode <encoding>: Enconding to use - none [default], base64.\n"; #8.0
+ print "--no-oldfiles-log: Suppress the logwatch log, which informs about the\n";
+ print " old files in logwatch tmpdir.\n";
print "--mailto <addr>: Mail report to <addr>.\n";
print "--archives: Use archived log files too.\n";
print "--filename <filename>: Used to specify they filename to save to. --filename <filename> [Forces output to file].\n";

20
logwatch-pam-unix.patch
View File

@ -1,20 +0,0 @@
===================================================================
RCS file: /usr/share/logwatch/scripts/services/RCS/pam_unix,v
retrieving revision 1.1
diff -u -r1.1 /usr/share/logwatch/scripts/services/pam_unix
--- a/scripts/services/pam_unix 2022/01/20 14:21:24 1.1
+++ b/scripts/services/pam_unix 2022/01/20 14:22:35
@@ -340,6 +340,12 @@
} else {
$data{$service}{'Unknown Entries'}{$line}++;
}
+ } elsif ($service eq 'systemd-user') {
+ if ($line =~ /session (?:opened|closed) for user /) {
+ # ignore this line
+ } else {
+ $data{$service}{'Unknown Entries'}{$line}++;
+ }
} else {
$data{$service}{'Unknown Entries'}{$line}++;
}

49
logwatch-postfix.patch
View File

@ -1,49 +0,0 @@
From eb8c0256997b8d7f2cccdd37ab78674fe9c769c1 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 10 May 2016 13:34:05 +0200
Subject: [PATCH] postfix: fix column alignment in output
Some sections are clearly longer than 23 chars, which might result in a
misaligned output:
3602 Connections 3,602
82 Connections lost (inbound) 82
3602 Disconnections 3,602
12 Timeouts (inbound) 12
16 DNS lookup errors 16
46 Hostname verification errors (FCRDNS) 46
49 SMTP protocol violations 49
2154 TLS connections (server) 2,154
Align to 39 chars now, which is currently the length of the longest
description in the output table plus one.
---
scripts/services/postfix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/services/postfix b/scripts/services/postfix
index 9f8e07f..ddd5968 100755
--- a/scripts/services/postfix
+++ b/scripts/services/postfix
@@ -1360,7 +1360,7 @@ sub print_summary_report (\@) {
my ($numfmt, $desc, $divisor) = ($sref->{FMT}, $sref->{TITLE}, $sref->{DIVISOR});
my $fmt = '%8';
- my $extra = ' %25s';
+ my $extra = ' %9s';
my $total = $Totals{$keyname};
# Z format provides unitized or unaltered totals, as appropriate
@@ -1383,7 +1383,7 @@ sub print_summary_report (\@) {
}
else {
push @{$lines[$cur_level]},
- sprintf "$fmt %-23s $extra\n", $total, $desc, commify ($Totals{$keyname});
+ sprintf "$fmt %-39s $extra\n", $total, $desc, commify ($Totals{$keyname});
}
}
}
--
2.7.4

25
logwatch-secure-userhelper.patch
View File

@ -1,25 +0,0 @@
Fix misparsing of userhelper log entries for hddtemp that specify a device
using a name that includes a slash (e.g. '/usr/sbin/hddtemp -n -q /dev/sda').
Additional slashes after the process name confuse logwatch as it considers the
last word behind the last slash the process' name.
Author: Jan Synacek <jsynacek@redhat.com>
RH-Bugzilla: #867290
--- logwatch-svn110/scripts/services/secure.orig 2012-10-18 11:13:33.000000000 +0200
+++ logwatch-svn110/scripts/services/secure 2012-10-18 11:31:08.987571713 +0200
@@ -843,8 +843,13 @@ if (keys %Executed_app) {
print "\nUserhelper executed applications:\n";
foreach (keys %Executed_app) {
($longapp,$asuser,$user) = split ",";
+ $longapp_orig = $longapp;
+ $i = index($longapp, " ");
+ if ($i > 0) {
+ $longapp = substr($longapp, 0, $i);
+ }
$app = substr($longapp,rindex($longapp,"/")+1);
- print " $user -> $app as $asuser: ".$Executed_app{"$longapp,$asuser,$user"}." Time(s)\n";
+ print " $user -> $app as $asuser: ".$Executed_app{"$longapp_orig,$asuser,$user"}." Time(s)\n";
}
}

26
logwatch-sshd-2.patch
View File

@ -1,26 +0,0 @@
Resolves: #1317620
--- logwatch-7.4.3/scripts/services/sshd 2017-08-29 09:16:47.087028191 +0200
+++ logwatch-7.4.3-new/scripts/services/sshd 2017-08-29 09:19:37.372081596 +0200
@@ -297,7 +297,9 @@ while (defined(my $ThisLine = <STDIN>))
($ThisLine =~ /Starting session: (forced-command|subsystem|shell|command)/ ) or
($ThisLine =~ /Found matching \w+ key:/ ) or
($ThisLine =~ /User child is on pid \d/ ) or
- ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/)
+ ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/) or
+ ($ThisLine =~ /Exiting on signal .*$/) or
+ ($ThisLine =~ /Disconnected from (?:[^ ]*) port .*$/)
) {
# Ignore these
} elsif ( my ($Method,$User,$Host,$Port,$Key) = ($ThisLine =~ /^Accepted (\S+) for ((?:invalid user )?\S+) from ([\d\.:a-f]+) port (\d+) ssh[12](?:: (\w+))?/) ) {
@@ -387,7 +389,9 @@ while (defined(my $ThisLine = <STDIN>))
$RefusedConnections{$1}++;
} elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) {
$RefusedAuthentication{$Reason}++;
- } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*) port [^ ]*: (.*)$/)) {
+ # Old format: Received disconnect from 192.168.122.1: 11: disconnected by user
+ # New format: Received disconnect from 192.168.122.1 port 43680:11: disconnected by user
+ } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*)(?: port \d+)?: ?(.*)$/)) {
# Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO
if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;}
} elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) {

26
logwatch-sshd.patch
View File

@ -1,26 +0,0 @@
From 256829aeb864a25a3542aaacfb2a7ff62b77e7f4 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 15 Mar 2016 10:29:17 +0100
Subject: [PATCH] sshd: fix unmatched entries because of the output change in
openssh-7.2p2
---
scripts/services/sshd | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/services/sshd b/scripts/services/sshd
index e238863..b94ea5a 100755
--- a/scripts/services/sshd
+++ b/scripts/services/sshd
@@ -387,7 +387,7 @@ while (defined(my $ThisLine = <STDIN>)) {
$RefusedConnections{$1}++;
} elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) {
$RefusedAuthentication{$Reason}++;
- } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*): (.*)$/)) {
+ } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*) port [^ ]*: (.*)$/)) {
# Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO
if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;}
} elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) {
--
2.7.2

2
logwatch-tmpfiles.conf Normal file
View File

@ -0,0 +1,2 @@
d /var/cache/logwatch 0755 root root - -

62
logwatch-vsftpd.patch
View File

@ -1,62 +0,0 @@
Correctly apply time filter when parsing vsftpd log messages.
Author: Ivana Varekova <varekova@redhat.com>
RH-Bugzilla: #217226
--- logwatch-7.3.1/scripts/logwatch.pl.pom 2006-09-16 06:04:14.000000000 +0200
+++ logwatch-7.3.1/scripts/logwatch.pl 2006-11-29 13:16:22.000000000 +0100
@@ -917,11 +917,16 @@
my $FilterText = " ";
foreach (sort keys %{$LogFileData{$LogFile}}) {
my $cmd = $_;
+
if ($cmd =~ s/^\d+-\*//) {
if (-f "$ConfigDir/scripts/shared/$cmd") {
$FilterText .= ("| $PerlVersion $ConfigDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" );
} elsif (-f "$BaseDir/scripts/shared/$cmd") {
- $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" );
+ if ($LogFile =~ /^vsftpd$/ ) {
+ $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/applyvsftpddate '$LogFileData{$LogFile}{$_}'" );
+ } else {
+ $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" );
+ }
} else {
die "Cannot find shared script $cmd\n";
}
--- logwatch-7.3.1/scripts/shared/applyvsftpddate.pom 2006-11-29 13:13:28.000000000 +0100
+++ logwatch-7.3.1/scripts/shared/applyvsftpddate 2006-11-29 13:10:26.000000000 +0100
@@ -0,0 +1,34 @@
+##########################################################################
+# $Id: applystddate,v 1.18 2005/10/22 00:19:56 bjorn Exp $
+##########################################################################
+
+########################################################
+# This was written and is maintained by:
+# Kirk Bauer <kirk@kaybee.org>
+#
+# Please send all comments, suggestions, bug reports,
+# etc, to logwatch-devel@logwatch.org
+########################################################
+
+use Logwatch ':dates';
+
+my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
+
+$SearchDate = TimeFilter('%b %e %H:%M:%S 20%y');
+
+# The date might be "Dec 09", but it needs to be "Dec 9"...
+#$SearchDate =~ s/ 0/ /;
+# The format of Fri Nov 29 20:59:09 2005
+
+if ( $Debug > 5 ) {
+ print STDERR "DEBUG: Inside ApplyStdDate...\n";
+ print STDERR "DEBUG: Looking For: " . $SearchDate . "\n";
+}
+
+while (defined($ThisLine = <STDIN>)) {
+ if ($ThisLine =~ m/(Mon|Tue|Wed|Thu|Fri|Sat|Sun) $SearchDate/o) {
+ print "$ThisLine";
+ }
+}
+
+# vi: shiftwidth=3 syntax=perl tabstop=3 et

283
logwatch.spec
View File

@ -1,45 +1,29 @@
Summary: A log file analysis program
%global _unitdir /usr/lib/systemd/system
Summary: Analyzes and Reports on system logs
Name: logwatch
Version: 7.4.3
Release: 21%{?dist}
Version: 7.11
Release: 5%{?dist}
License: MIT
Group: Applications/System
URL: http://www.logwatch.org/
Source0: logwatch-%{version}.tar.gz
#Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
# Needs proper fix. Not applied by the upstream.
Patch0: logwatch-vsftpd.patch
# Not applied by upstream.
Patch1: logwatch-oldfiles.patch
Patch2: logwatch-secure-userhelper.patch
# Submitted upstream.
Patch3: logwatch-sshd.patch
# Submitted upstream: https://sourceforge.net/p/logwatch/mailman/message/35076800/
Patch4: logwatch-postfix.patch
# https://sourceforge.net/p/logwatch/git/ci/23e714ad43285d59c5b5852ef2c6013593d64671/
Patch5: logwatch-journal.patch
# https://sourceforge.net/p/logwatch/git/ci/ed6eb62f40cb97f71f3df4d982682de68cdf1037/
Patch6: logwatch-journald-source.patch
Patch7: logwatch-sshd-2.patch
# https://sourceforge.net/p/logwatch/git/ci/b325c68f83ef6c3e3ec9f35c8fdeff5b43fd8559/
# cherry-pick hunk at @@ -224,7 +224,7 @@
Patch8: logwatch-dovecot.patch
Patch9: logwatch-pam-unix.patch
Patch10: logwatch-failed-login.patch
Patch11: systemd-noise-filter.patch
Patch12: auditd-startup-messages.patch
Patch13: ignore-server-ready.patch
Patch14: ras-correctable-errors.patch
Patch15: deduplicate-sudo.patch
Patch16: polkit-startup-messages.patch
Patch17: sshd-sort-by-count.patch
Patch18: sendmail-6-digit-pid.patch
URL: https://sourceforge.net/projects/logwatch/
Source0: https://sourceforge.net/projects/logwatch/files/%{name}-%{version}/%{name}-%{version}.tar.gz
Source1: logwatch-tmpfiles.conf
Patch0: sshd-sort-by-count.patch
Patch1: zstd-log-support.patch
BuildRequires: perl-generators
Requires: grep mailx
BuildRequires: systemd-rpm-macros
Requires: grep
Requires: perl(Date::Manip)
Requires: perl(Sys::CPU)
Requires: perl(Sys::MemInfo)
Requires: perl(diagnostics)
Requires: perl(Errno)
Requires: perl(File::Basename)
Requires: perl(lib)
Requires: perl(re)
Requires: perl(Socket)
Requires: perl(subs)
Requires: perl(Time::Local)
Requires: perl(URI::URL)
Requires: perl(vars)
Requires: perl(warnings)
Requires: crontabs
BuildArchitectures: noarch
@ -50,27 +34,7 @@ that you wish with the detail that you wish. Easy to use - works right out
of the package on many systems.
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
rm -f scripts/services/*.orig
%autosetup -p1
%build
@ -91,46 +55,47 @@ install -m 0755 -d %{buildroot}%{_datadir}/logwatch/scripts/services
install -m 0755 -d %{buildroot}%{_datadir}/logwatch/scripts/shared
install -m 0755 -d %{buildroot}%{_datadir}/logwatch/lib
install -m 0755 -d %{buildroot}%{_sbindir}
install -m 0755 -d %{buildroot}%{_mandir}/man1
install -m 0755 -d %{buildroot}%{_mandir}/man5
install -m 0755 -d %{buildroot}%{_mandir}/man8
for i in scripts/logfiles/*; do
if [ $(ls $i | wc -l) -ne 0 ]; then
install -m 0755 -d %{buildroot}%{_datadir}/logwatch/$i
install -m 0644 $i/* %{buildroot}%{_datadir}/logwatch/$i
fi
for i in scripts/logfiles/* ; do
if [ $(ls $i | wc -l) -ne 0 ] ; then
install -m 0755 -d %{buildroot}%{_datadir}/logwatch/$i
install -m 0644 $i/* %{buildroot}%{_datadir}/logwatch/$i
fi
done
install -m 0755 scripts/logwatch.pl %{buildroot}%{_datadir}/logwatch/scripts/logwatch.pl
install -m 0644 scripts/services/* %{buildroot}%{_datadir}/logwatch/scripts/services
install -m 0644 scripts/shared/* %{buildroot}%{_datadir}/logwatch/scripts/shared
install -m 0644 conf/logwatch.conf %{buildroot}%{_datadir}/logwatch/default.conf/logwatch.conf
install -m 0644 conf/*.conf %{buildroot}%{_datadir}/logwatch/default.conf
install -m 0644 conf/logfiles/* %{buildroot}%{_datadir}/logwatch/default.conf/logfiles
install -m 0644 conf/services/* %{buildroot}%{_datadir}/logwatch/default.conf/services
install -m 0644 conf/html/* %{buildroot}%{_datadir}/logwatch/default.conf/html
install -m 0644 lib/Logwatch.pm %{buildroot}%{_datadir}/logwatch/lib/Logwatch.pm
install -m 0644 lib/* %{buildroot}%{_datadir}/logwatch/lib
install -m 0644 ignore.conf.5 %{buildroot}%{_mandir}/man5
install -m 0644 override.conf.5 %{buildroot}%{_mandir}/man5
install -m 0644 amavis-logwatch.1 %{buildroot}%{_mandir}/man1
install -m 0644 postfix-logwatch.1 %{buildroot}%{_mandir}/man1
install -m 0644 logwatch.conf.5 %{buildroot}%{_mandir}/man5
ln -s logwatch.conf.5 %{buildroot}%{_mandir}/man5/ignore.conf.5
ln -s logwatch.conf.5 %{buildroot}%{_mandir}/man5/override.conf.5
install -m 0644 logwatch.8 %{buildroot}%{_mandir}/man8
install -m 0755 logwatch.cron %{buildroot}%{_sysconfdir}/cron.daily/0logwatch
install -m 0755 scheduler/logwatch.cron %{buildroot}%{_sysconfdir}/cron.daily/0logwatch
mkdir -p %{buildroot}%{_unitdir}
install -m 0644 scheduler/logwatch.timer %{buildroot}%{_unitdir}/logwatch.timer
install -m 0644 scheduler/logwatch.service %{buildroot}%{_unitdir}/logwatch.service
install -m 0644 scheduler/systemd.conf %{buildroot}%{_datadir}/logwatch/default.conf/systemd.conf
install -m 0755 -d %{buildroot}%{_tmpfilesdir}
install -m 0644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/logwatch.conf
ln -s ../../%{_datadir}/logwatch/scripts/logwatch.pl %{buildroot}/%{_sbindir}/logwatch
# Do not install zz-fortune service on RHEL
%if 0%{?rhel}
rm -f %{buildroot}%{_datadir}/logwatch/scripts/services/zz-fortune* \
%{buildroot}%{_datadir}/logwatch/conf/services/zz-fortune* \
%{buildroot}%{_datadir}/logwatch/conf/logfiles/fortune*
touch %{buildroot}%{_datadir}/logwatch/scripts/services/zz-fortune
chmod 644 %{buildroot}%{_datadir}/logwatch/scripts/services/zz-fortune
%endif
echo "###### REGULAR EXPRESSIONS IN THIS FILE WILL BE TRIMMED FROM REPORT OUTPUT #####" > %{buildroot}%{_sysconfdir}/logwatch/conf/ignore.conf
echo "# Local configuration options go here (defaults are in %{_datadir}/logwatch/default.conf/logwatch.conf)" > %{buildroot}%{_sysconfdir}/logwatch/conf/logwatch.conf
echo "# Configuration overrides for specific logfiles/services may be placed here." > %{buildroot}%{_sysconfdir}/logwatch/conf/override.conf
@ -158,7 +123,7 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
%{_datadir}/logwatch/scripts/services
%{_datadir}/logwatch/scripts/logfiles
%dir %{_datadir}/logwatch/lib
%{_datadir}/logwatch/lib/Logwatch.pm
%{_datadir}/logwatch/lib/*
%dir %{_datadir}/logwatch/default.conf
%dir %{_datadir}/logwatch/default.conf/services
%{_datadir}/logwatch/default.conf/services/*.conf
@ -167,53 +132,145 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
%dir %{_datadir}/logwatch/default.conf/html
%{_datadir}/logwatch/default.conf/html/*.html
%{_mandir}/man*/*
%{_unitdir}/logwatch.service
%{_unitdir}/logwatch.timer
%{_tmpfilesdir}/logwatch.conf
%changelog
* Wed Jun 28 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-21
- fix sendmail logwatch script to allow 6-digit PIDs
- Resolves: rhbz#2046459
* Wed Jan 07 2026 Vincent Mihalkovic <vmihalko@redhat.com> - 7.11-5
- Install and use systemd-tmpfiles.d mechanism
- Resolves: RHEL-138672
* Wed Jun 28 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-20
- sshd sort failed logins and illegal users by count, not IP address
- Resolves: rhbz#2044101
* Mon Aug 04 2025 Pavel Simovec <psimovec@redhat.com> - 7.11-4
- rebuilt
- Resolves: RHEL-102044
* Wed Jun 28 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-19
- ignore harmless polkit startup messages
- Resolves: rhbz#2043952
* Tue Jul 15 2025 Pavel Simovec <psimovec@redhat.com> - 7.11-3
- Add support for zstd-compressed log files
- Resolves: RHEL-102044
* Tue Jun 27 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-18
- ignore sudo service as it is already reported in secure service
- Resolves: rhbz#2043951
* Wed Nov 27 2024 Pavel Simovec <psimovec@redhat.com> - 7.11-2
- sshd: sort IP adresses by report count
- Resolves: RHEL-58995
* Tue Jun 27 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-17
- do not treat "RAS: Correctable Errors collector initialized" message as an error
- Resolves: rhbz#2043946
* Mon Nov 25 2024 Pavel Simovec <psimovec@redhat.com> - 7.11-1
- Update to 7.11
- Resolves: RHEL-58713
* Tue Jun 27 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-16
- ignore normal "Server ready" startup message from fail2ban
- Resolves: rhbz#2043944
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 7.10-3
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Tue Jun 27 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-15
- ignore a couple of normal auditd startup messages
- Resolves: rhbz#2043942
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 7.10-2
- Bump release for June 2024 mass rebuild
* Tue Jun 27 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-14
- patch to logwatch systemd script to add some filtering
- Resolves: rhbz#2043109
* Sun Jan 28 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.10-1
- Update to 7.10
* Thu Apr 20 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-13
- fix unrecognized "Disconnected from authenticating user" failed logins
- Resolves: rhbz#2043088
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Thu Apr 20 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-12
- add logwatch-pam-unix.patch
- Resolves: rhbz#2043044
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 7.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri May 07 2021 Vincent Mihalkovic <vmihalko@redhat.com> - 7.4.3-11
- add gating.yaml file
* Thu Aug 10 2023 Jitka Plesnikova <jplesnik@redhat.com> - 7.9-2
- Remove unused dependencies perl(Sys::CPU), perl(Sys::MemInfo)
* Thu May 06 2021 Vincent Mihalkovic <vmihalko@redhat.com> - 7.4.3-10
- fix dovecot statements (#1952629)
* Sun Jul 23 2023 Frank Crawford <frank@crawford.emu.id.au> - 7.9-1
- Update to 7.9
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.8-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Fri May 19 2023 Frank Crawford <frank@crawford.emu.id.au> - 7.8-3
- Add missing dependencies to fix BZ2203367
- Convert to autosetup macro
* Sun May 07 2023 Frank Crawford <frank@crawford.emu.id.au> - 7.8-2
- Add patch to mdadm to fix BZ2192995 for F38
- Fix reports for named
* Sun Jan 22 2023 Frank Crawford <frank@crawford.emu.id.au> - 7.8-1
- Update to 7.8
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 7.7-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Mon Nov 21 2022 Frank Crawford <frank@crawford.emu.id.au> - 7.7-3
- SPDX license update - type MIT:Modern Style with sublicense
* Sun Sep 04 2022 Frank Crawford <frank@crawford.emu.id.au> - 7.7-2
- Add patches for F36 that missed latest release
* Sun Jul 24 2022 Frank Crawford <frank@crawford.emu.id.au> - 7.7-1
- Update to 7.7
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Sun Jan 23 2022 Frank Crawford <frank@crawford.emu.id.au> - 7.6-1
- Update to 7.6 (note new version convention - major.minor)
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Sat Aug 28 2021 Frank Crawford <frank@crawford.emu.id.au> - 7.5.6-2
- Match minor change in systemd
* Sat Jul 24 2021 Frank Crawford <frank@crawford.emu.id.au> - 7.5.6-1
- Update to 7.5.6
* Thu Jul 22 2021 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Tue Apr 06 2021 Frank Crawford <frank@crawford.emu.id.au> - 7.5.5-2
- Add patch to remove CMDEND from cron service
* Tue Jan 26 2021 Frank Crawford <frank@crawford.emu.id.au> - 7.5.5-1
- Update to 7.5.5
* Mon Dec 14 2020 Orion Poplawski <orion@nwra.com> - 7.5.4-4
- Systemd unit files are not executable
* Mon Nov 23 2020 Frank Crawford <frank@crawford.emu.id.au> - 7.5.4-3
- Handle changes for DNF 4.4
* Mon Nov 09 2020 Frank Crawford <frank@crawford.emu.id.au> - 7.5.4-2
- Add requires for perl-diagnostics (#1893671) and perl-lib (#1893503)
- Add other requires as nothing is now automatically supplied
* Mon Aug 03 2020 Jan Synáček <jsynacek@redhat.com> - 7.5.4-1
- Update to 7.5.4 (#1862935)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Feb 25 2020 Jan Synáček <jsynacek@redhat.com> - 7.5.3-1
- Update to 7.5.3 (#1800953)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Oct 25 2019 Jan Synáček <jsynacek@redhat.com> - 7.5.2-1
- Update to 7.5.2 (#1765446)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 28 2019 Jan Synáček <jsynacek@redhat.com> - 7.5.1-1
- Update to 7.5.1 (#1669972)
* Fri Jan 4 2019 Jan Synáček <jsynacek@redhat.com> - 7.5.0-1
- Update to 7.5.0 (#1663428)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.4.3-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon May 21 2018 Jan Synáček <jsynacek@redhat.com> - 7.4.3-10
- Fix parsing of log entries produced by sendmail process with 7-digit PID (#1561587)
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 7.4.3-9
- Escape macros in %%changelog

13
mdadm.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/scripts/services/mdadm b/scripts/services/mdadm
index 4257977..808825b 100644
--- a/scripts/services/mdadm
+++ b/scripts/services/mdadm
@@ -36,7 +36,7 @@ my $mdadm;
if (
open($mdadm, "<", "/etc/mdadm.conf") or
open($mdadm, "<", "/etc/mdadm/mdadm.conf") or
- open($mdadm, "<", "mdadm --detail --scan 2>/dev/null|")) {
+ open($mdadm, "-|", "mdadm --detail --scan")) {
while (<$mdadm>) {
if (/^ARRAY/) {
push(@devices,(split())[1]);

51
named.patch Normal file
View File

@ -0,0 +1,51 @@
diff --git a/scripts/services/named b/scripts/services/named
index 9c83563..0770066 100644
--- a/scripts/services/named
+++ b/scripts/services/named
@@ -69,7 +69,7 @@ my (
%LimitSlip, %NError, %NUR,
%NoSOA, %OtherList, %StartLog,
%UnknownCCCommands, %BadCookie, %Timeout,
-%LoopDetected, %MissingCookie,
+%LoopDetected, %MissingCookie, %FormatError,
);
# Avoid "Use of uninitialized value" warning messages.
sub ValueOrDefault {
@@ -368,10 +368,15 @@ while (defined(my $ThisLine = <STDIN>)) {
# Remove port number, for proper IP sorting
$Host =~ s/#.*//;
$UnexpRCODE{$Rcode}{$Zone}{$Host}++;
- } elsif ( ($ThisLine =~ /(?:error \()?FORMERR\)? resolving '[^ ]+: [.0-9a-fA-F:#]+/) or
- ($ThisLine =~ /DNS format error from [^ ]+ resolving [^ ]+( for( client)? [^ ]+)?: .*/) ) {
+ } elsif ( ($Problem,$Addr,$Server) = ($ThisLine =~ /((?:error \()??FORMERR\)? resolving) '([^ \/]+)(?:\/[^ ]+)?': ([.0-9a-fA-F:]+)(?:#\d+)?/) ) {
+ $FormatError{$Problem}{$Addr}{$Server}++;
+ } elsif ($ThisLine =~ /(?:error \()?FORMERR\)? resolving .*/) {
chomp($ThisLine);
$FormErr{$ThisLine}++;
+ } elsif ( ($Server,$Addr,$Host,$Problem) = ($ThisLine =~ /DNS format error from ([.0-9a-fA-F:]+)(?:#\d+)? resolving ([^ \/]+)(?:\/[^ ]+)? for(?: client)? ([^ #]+)(?:#\d+)?: (.*) -- invalid response/) ) {
+ $FormatError{$Problem}{$Addr}{$Server}++;
+ } elsif ( ($Server,$Addr,$Host,$Problem) = ($ThisLine =~ /DNS format error from ([.0-9a-fA-F:]+)(?:#\d+)? resolving ([^ \/]+)(?:\/[^ ]+)? for(?: client)? ([^ #]+)(?:#\d+)?: (.*)/) ) {
+ $FormatError{$Problem}{$Addr}{$Server}++;
} elsif ( ($ThisLine =~ /found [0-9]* CPU(s)?, using [0-9]* worker thread(s)?/) ) {
chomp($ThisLine);
$StartLog{$ThisLine}++;
@@ -876,6 +881,19 @@ if (($Detail >= 5) and (keys %FormErr)) {
}
}
+if (($Detail >= 5) and (keys %FormatError)) {
+ print "\nDNS Format Error:\n";
+ foreach my $Problem (sort {$a cmp $b} keys %FormatError) {
+ print " " . $Problem . ":\n";
+ foreach my $Addr (sort {$a cmp $b} keys %{$FormatError{$Problem}}) {
+ print " " . $Addr . ":\n";
+ foreach my $Server (sort SortIP keys %{$FormatError{$Problem}{$Addr}}) {
+ print " " . $Server . ": " . $FormatError{$Problem}{$Addr}{$Server} . " Time(s)\n";
+ }
+ }
+ }
+}
+
if (($Detail >= 10) and (keys %StartLog)) {
print "\nNamed startup logs:\n";
foreach my $ThisOne (keys %StartLog) {

10
plans.fmf Normal file
View File

@ -0,0 +1,10 @@
/tier1-internal:
discover:
how: fmf
url: https://pkgs.devel.redhat.com/git/tests/logwatch
filter: 'tier: 1 | tag: CI-Tier-1'
execute:
how: tmt
adjust:
enabled: false
when: distro == centos-stream or distro == fedora

13
polkit-startup-messages.patch
View File

@ -1,13 +0,0 @@
--- a/scripts/services/secure
+++ b/scripts/services/secure
@@ -273,6 +273,9 @@
( $ThisLine =~ /polkit-grant-helper-pam\[\d+\]: pam_thinkfinger\(polkit:auth\): conversation failed/) or
( $ThisLine =~ /polkitd\(authority=.*\): (Unr|R)egistered Authentication Agent/) or
( $ThisLine =~ /polkitd\(authority=.*\): Operator of unix-session:/) or
+ ( $ThisLine =~ /polkitd.*Acquired the name .* on the system bus/) or
+ ( $ThisLine =~ /polkitd.*Finished loading, compiling/) or
+ ( $ThisLine =~ /polkitd.*Loading rules from directory /) or
( $ThisLine =~ /(gdm-session-worker|gdm-password|gnome-screensaver-dialog)\[\d+\]: gkr-pam: no password is available for user/) or
( $ThisLine =~ /gkr-pam: the password for the login keyring was invalid/) or
( $ThisLine =~ /groupadd\[\d+\]: group added to /) or # Details in other messages

11
ras-correctable-errors.patch
View File

@ -1,11 +0,0 @@
--- a/scripts/services/kernel
+++ b/scripts/services/kernel
@@ -135,6 +135,7 @@
$SkipError = 1 if $ThisLine =~ /ERST: Error Record Serialization Table \(ERST\) support is initialized/;
$SkipError = 1 if $ThisLine =~ /GHES: Generic hardware error source: \d+ notified via .* is not supported/;
$SkipError = 1 if $ThisLine =~ /PCIe errors handled by (?:BIOS|OS)/;
+ $SkipError = 1 if $ThisLine =~ /RAS: Correctable Errors collector initialized\.$/;
# These happen when kerberos tickets expire, which can be normal
$SkipError = 1 if $ThisLine =~ /Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server/ && $Ignore_rpcsec_expired;
# filter out mount options

12
sendmail-6-digit-pid.patch
View File

@ -1,12 +0,0 @@
--- a/scripts/services/sendmail
+++ b/scripts/services/sendmail
@@ -388,7 +388,7 @@
}
# QueueID formats: in 8.11 it was \w{7}\d{5}, in 8.12+ it is \w{8}\d{6}
-my $QueueIDFormat = "(?:\\w{7,9}\\d{5}|NOQUEUE)";
+my $QueueIDFormat = "(?:\\w{7,9}\\d{5,6}|NOQUEUE)";
# ENOENT refers to "no such file or directory"
my $ENOENT = Errno::ENOENT();

2
sources
View File

@ -1 +1 @@
SHA512 (logwatch-7.4.3.tar.gz) = 716d87238f487010f2bdf230fc66c16f3c3fe769e6bef04b0e7881c6b0563e1a4b4741235b8a40a16ab21d3803562e87e6bcf5cfbd0ace42414f1d1feae7a13a
SHA512 (logwatch-7.11.tar.gz) = 1af075ad2459fade202396af5fa50b705b4635b71b5fc3be832df80c491baa1dd726b3023f84ecbb621e0e19004a0f8cdb017e657c4511bcd4cbd3205177ce22

15
sshd-sort-by-count.patch
View File

@ -1,6 +1,6 @@
--- a/scripts/services/sshd
+++ b/scripts/services/sshd
@@ -566,7 +566,8 @@
--- a/scripts/services/sshd 2022-12-29 01:34:28.000000000 +0100
+++ b/scripts/services/sshd 2024-11-27 13:33:50.590755283 +0100
@@ -548,7 +548,8 @@
if (keys %BadLogins) {
print "\nFailed logins from:\n";
@ -10,14 +10,13 @@
my $name = LookupIP($ip);
my $totcount = 0;
foreach my $user (keys %{$BadLogins{$ip}}) {
@@ -587,7 +588,8 @@
if (keys %IllegalUsers) {
print "\nIllegal users from:\n";
@@ -571,7 +572,8 @@
print " (with threshold >= $IllegalUsersThreshold)";
}
print ":\n";
- foreach my $ip (sort SortIP keys %IllegalUsers) {
+ my $totalSort = TotalCountOrder(%IllegalUsers, \&SortIP);
+ foreach my $ip (sort $totalSort keys %IllegalUsers) {
my $name = LookupIP($ip);
my $totcount = 0;
foreach my $user (keys %{$IllegalUsers{$ip}}) {

31
systemd-noise-filter.patch
View File

@ -1,31 +0,0 @@
--- a/scripts/services/systemd 2022/01/20 16:00:56 1.1
+++ b/scripts/services/systemd 2022/01/20 16:14:16
@@ -42,7 +42,7 @@
$ThisLine =~ / failed\.$/ or
$ThisLine =~ /: (control|main) process exited, code=(exited|killed),? status=/ or
# Informational
- $ThisLine =~ /^Closed .* socket\.$/ or
+ $ThisLine =~ /^Closed .* [Ss]ocket\.$/ or
$ThisLine =~ /^Closed udev / or
$ThisLine =~ /^Detected (architecture|virtualization) / or
$ThisLine =~ /^Found device / or
@@ -76,11 +76,17 @@
$ThisLine =~ /^Configuration file \/usr\/lib\/systemd\/system\/wpa_supplicant\.service is marked executable/ or
# https://bugzilla.redhat.com/show_bug.cgi?id=1306452
$ThisLine =~ /^tmp\.mount: Directory \/tmp to mount over is not empty, mounting anyway\.$/ or
- $ThisLine =~ /^Received SIGRTMIN\+2[01] from PID \d+ \(plymouthd\)\.$/ or
+ $ThisLine =~ /^Received SIGRTMIN\+2[01] from PID \d+ \((?:plymouthd|n\/a)\)\.$/ or
# https://bugzilla.redhat.com/show_bug.cgi?id=1072368
$ThisLine =~ /^Received SIGRTMIN\+24 from PID \d+ \(kill\)\.$/ or
$ThisLine =~ /^Removed slice / or
- $ThisLine =~ /^pam_unix\(systemd-user:session\): session (?:opened|closed) for user/
+ $ThisLine =~ /^pam_unix\(systemd-user:session\): session (?:opened|closed) for user/ or
+ # Ex: user-runtime-dir@1001.service: Succeeded.
+ $ThisLine =~ /: Succeeded\.$/ or
+ # Ex: Reloading Fail2Ban Service.
+ $ThisLine =~ /^Reloading .*\.$/ or
+ # Ex: Set up automount Arbitrary Executable File Formats File System Automount Point.
+ $ThisLine =~ /^Set up .*\.$/
) {
# Ignore these
} elsif (my ($service) = ($ThisLine =~ /^Unit (.*) entered failed state\.$/)) {

41
zstd-log-support.patch Normal file
View File

@ -0,0 +1,41 @@
diff --color -urN a/conf/logwatch.conf b/conf/logwatch.conf
--- a/conf/logwatch.conf 2025-07-15 12:47:54.895159550 +0200
+++ b/conf/logwatch.conf 2025-07-15 16:35:29.127282999 +0200
@@ -191,5 +191,6 @@
# PathTozcat = "zcat"
# PathTobzcat = "bzcat"
# PathToxzcat = "zxcat"
+# PathTozstdcat = "zstdcat"
# vi: shiftwidth=3 tabstop=3 et
diff --color -urN a/scripts/logwatch.pl b/scripts/logwatch.pl
--- a/scripts/logwatch.pl 2025-07-15 12:47:54.869744800 +0200
+++ b/scripts/logwatch.pl 2025-07-15 16:34:26.473278680 +0200
@@ -96,6 +96,7 @@
$Config{'pathtozcat'} = "zcat";
$Config{'pathtobzcat'} = "bzcat";
$Config{'pathtoxzcat'} = "xzcat";
+$Config{'pathtozstdcat'} = "zstdcat";
$Config{'output'} = "stdout"; #8.0
$Config{'format'} = "text"; #8.0
$Config{'encode'} = "none"; #8.0
@@ -746,7 +747,7 @@
# Handle compressed log files using the archive codepath
foreach my $lf (@{$LogFileData{$LogFile}{'logfiles'}}) {
- if ($lf =~ /\.(?:gz|bz2|xz)$/) {
+ if ($lf =~ /\.(?:gz|bz2|xz|zst)$/) {
push @{$LogFileData{$LogFile}{'archives'}}, $lf;
} else {
push @FileList, $lf;
@@ -798,6 +799,10 @@
my $arguments = "'${Archive}' 2>/dev/null >> $DestFile";
system("$Config{'pathtoxzcat'} $arguments") == 0
or die "system '$Config{'pathtoxzcat'} $arguments' failed: $?"
+ } elsif (($Archive =~ m/zst$/) && (-f "$Archive") && (-s "$Archive")) {
+ my $arguments = "'${Archive}' 2>/dev/null >> $DestFile";
+ system("$Config{'pathtozstdcat'} $arguments") == 0
+ or die "system '$Config{'pathtozstdcat'} $arguments' failed: $?"
} elsif ((-f "$Archive") && (-s "$Archive")) {
my $arguments = "'${Archive}' >> $DestFile";
system("$Config{'pathtocat'} $arguments") == 0