rpms/logwatch
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: rpms:c8s
Branches Tags
rpms:c8s
rpms:c9s
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c8
rpms:c8-beta
rpms:imports/c10s/logwatch-7.11-5.el10
rpms:imports/c9/logwatch-7.5.5-8.el9
rpms:imports/c9-beta/logwatch-7.5.5-8.el9
rpms:imports/c10s/logwatch-7.11-4.el10
rpms:imports/c10s/logwatch-7.11-3.el10
rpms:imports/c9-beta/logwatch-7.5.5-7.el9
rpms:imports/c10s/logwatch-7.11-2.el10
rpms:imports/c10s/logwatch-7.10-3.el10
rpms:imports/c10s/logwatch-7.10-2.el10
rpms:imports/c8/logwatch-7.4.3-21.el8
rpms:imports/c9/logwatch-7.5.5-6.el9
rpms:imports/c8-beta/logwatch-7.4.3-21.el8
rpms:imports/c9-beta/logwatch-7.5.5-6.el9
rpms:imports/c9/logwatch-7.5.5-4.el9
rpms:imports/c9-beta/logwatch-7.5.5-4.el9
rpms:imports/c8/logwatch-7.4.3-11.el8
rpms:imports/c8-beta/logwatch-7.4.3-11.el8
rpms:imports/c8-beta/logwatch-7.4.3-9.el8
rpms:imports/c8/logwatch-7.4.3-9.el8
rpms:imports/c8s/logwatch-7.4.3-11.el8
...
pull from: rpms:c9s
Branches Tags
rpms:c9s
rpms:c10s
rpms:c9
rpms:c9-beta
rpms:c8
rpms:c8-beta
rpms:c8s
rpms:imports/c10s/logwatch-7.11-5.el10
rpms:imports/c9/logwatch-7.5.5-8.el9
rpms:imports/c9-beta/logwatch-7.5.5-8.el9
rpms:imports/c10s/logwatch-7.11-4.el10
rpms:imports/c10s/logwatch-7.11-3.el10
rpms:imports/c9-beta/logwatch-7.5.5-7.el9
rpms:imports/c10s/logwatch-7.11-2.el10
rpms:imports/c10s/logwatch-7.10-3.el10
rpms:imports/c10s/logwatch-7.10-2.el10
rpms:imports/c8/logwatch-7.4.3-21.el8
rpms:imports/c9/logwatch-7.5.5-6.el9
rpms:imports/c8-beta/logwatch-7.4.3-21.el8
rpms:imports/c9-beta/logwatch-7.5.5-6.el9
rpms:imports/c9/logwatch-7.5.5-4.el9
rpms:imports/c9-beta/logwatch-7.5.5-4.el9
rpms:imports/c8/logwatch-7.4.3-11.el8
rpms:imports/c8-beta/logwatch-7.4.3-11.el8
rpms:imports/c8-beta/logwatch-7.4.3-9.el8
rpms:imports/c8/logwatch-7.4.3-9.el8
rpms:imports/c8s/logwatch-7.4.3-11.el8

No commits in common. "c8s" and "c9s" have entirely different histories.
c8s ... c9s

28 changed files with 195 additions and 662 deletions
Show Stats Expand all files Collapse all files

22
.gitignore vendored
View File

@ -1,2 +1,22 @@
SOURCES/logwatch-7.4.3.tar.gz
logwatch-7.3.6.tar.gz
/logwatch-20110113.tar.xz
/logwatch-20110201.tar.xz
/logwatch-svn25.tar.xz
/logwatch-svn46.tar.xz
/logwatch-svn50.tar.xz
/logwatch-svn85.tar.xz
/logwatch-svn100.tar.xz
/logwatch-svn110.tar.xz
/logwatch-svn127.tar.xz
/logwatch-svn140.tar.xz
/logwatch-svn198.tar.xz
/logwatch-svn242.tar.xz
/logwatch-svn293.tar.xz
/logwatch-7.4.2.tar.gz
/logwatch-7.4.3.tar.gz
/logwatch-7.5.0.tar.gz
/logwatch-7.5.1.tar.gz
/logwatch-7.5.2.tar.gz
/logwatch-7.5.3.tar.gz
/logwatch-7.5.4.tar.gz
/logwatch-7.5.5.tar.gz

19
auditd-startup-messages.patch
View File

@ -1,19 +0,0 @@
--- a/scripts/services/audit 2022/01/22 17:22:03
+++ b/scripts/services/audit 2022/01/22 17:35:34
@@ -134,10 +134,13 @@
( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): table=/) or
( $ThisLine =~ /audit_printk_skb: [0-9]* callbacks suppressed/) or
( $ThisLine =~ /item=[0-9] name="\S*" inode=[0-9]+ dev=\S* mode=[0-9]* ouid=[0-9]* ogid=[0-9]* rdev=[0-9:]* obj=\S*/) or
- ( $ThisLine =~ /^auditctl(?:\[[0-9]+\])?: No rules$/ )
+ ( $ThisLine =~ /^auditctl(?:\[[0-9]+\])?: No rules$/ ) or
+ ( $ThisLine =~ /No plugins found, not dispatching events/ )
) {
# Ignore these entries
- } elsif ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/) {
+ } elsif (( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): initialized$/ ) or
+ ( $ThisLine =~ /audit\([0-9]{10}.[0-9]{3}:[0-9]\): state=initialized / )
+ ) {
$NumberOfInits++;
} elsif ( $ThisLine =~ /Init complete, audit pid set to: [0-9]+/) {
$NumberOfDStartsPid++;

14
cron.patch Normal file
View File

@ -0,0 +1,14 @@
diff --git a/scripts/services/cron b/scripts/services/cron
index 869b515..45b857f 100644
--- a/scripts/services/cron
+++ b/scripts/services/cron
@@ -63,6 +63,9 @@ while (defined($ThisLine = <STDIN>)) {
if ($ThisLine =~ s/^CMD \((.+)\)\s*$/$1/) {
$Runs->{$User}->{$ThisLine}++;
$ExecutedCommand{$PID} = {command=>$ThisLine, user=>$User};
+ } elsif ($ThisLine =~ /^CMDEND/) {
+ # Ignore - already counted above
+ next;
} elsif ($ThisLine =~ s/^CMD FINISH \((.+)\)\s*$/$1/) {
$Runs->{$User}->{$ThisLine}++;
} elsif ($ThisLine =~ s/^(END|CMD START) \((.+)\)\s*$/$1/) {

11
deduplicate-sudo.patch
View File

@ -1,11 +0,0 @@
--- a/conf/services/secure.conf 2016-03-30 23:32:33.000000000 +0200
+++ b/conf/services/secure.conf 2023-06-27 19:42:42.296713366 +0200
@@ -24,7 +24,7 @@
# Use this to ignore certain services in the secure log.
# You can ignore as many services as you would like.
# (we ignore sshd because its entries are processed by the sshd script)
-$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd
+$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd sudo
# For these services, summarize only (i.e. don't least each IP, just
# list the number of connections total)

12
dnf-rpm.conf Normal file
View File

@ -0,0 +1,12 @@
# What actual file? Defaults to LogPath if not absolute path....
LogFile = dnf.rpm.log
Archive = dnf.rpm.log.*
Archive = dnf.rpm.log-*
# Keep only the lines in the proper date range...
#*ApplyStdDate = "%b %d %H:%M:%S"
# New date format for DNF 4.4
*ApplyStdDate = "%FT%H:%M:%S%z"
# vi: shiftwidth=3 tabstop=3 et

2
gating.yaml
View File

@ -1,6 +1,6 @@
--- !Policy
product_versions:
- rhel-8
- rhel-9
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}

13
ignore-server-ready.patch
View File

@ -1,13 +0,0 @@
--- a/scripts/services/fail2ban
+++ b/scripts/services/fail2ban
@@ -91,7 +91,8 @@
($ThisLine =~ /INFO\s+(Stopping all jails|Exiting Fail2ban)/) or
($ThisLine =~ /INFO\s+Initiated '.*' backend/) or
($ThisLine =~ /INFO\s+(Added logfile = .*|Set maxRetry = \d+|Set findtime = \d+|Set banTime = \d+)/) or
- ($ThisLine =~ /Unable to find a corresponding IP address for .*: \[Errno -2\] Name or service not known/)
+ ($ThisLine =~ /Unable to find a corresponding IP address for .*: \[Errno -2\] Name or service not known/) or
+ ($ThisLine =~ /: Server ready$/)
)
{
if ( $Debug >= 6 ) {

13
logwatch-dovecot.patch
View File

@ -1,13 +0,0 @@
diff --git a/scripts/services/dovecot b/scripts/services/dovecot
index 95fc6e9..c9fccbc 100755
--- a/scripts/services/dovecot
+++ b/scripts/services/dovecot
@@ -186,7 +186,7 @@ while (defined($ThisLine = <STDIN>)) {
$Deliver{$User}{$Mailbox}++;
# For Sieve-based delivery
- } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\): sieve: msgid=.*: stored mail into mailbox '(.*)'/ ) ) {
+ } elsif ( ($User, $Mailbox) = ( $ThisLine =~ /^$dovecottag (?:lda|deliver)\((.*)\)(?:<[^>]+><[^>]+>)?: sieve: msgid=.*: stored mail into mailbox '(.*)'/ ) ) {
$Deliver{$User}{$Mailbox}++;
# LMTP-based delivery

20
logwatch-failed-login.patch
View File

@ -1,20 +0,0 @@
--- a/scripts/services/sshd 2022/01/20 15:28:35 1.1
+++ b/scripts/services/sshd 2022/01/20 15:32:01
@@ -1,3 +1,5 @@
+#!/usr/bin/env perl
+
##########################################################################
# $Id$
##########################################################################
@@ -376,6 +378,11 @@
print STDERR "DEBUG: Found -Failed login- line\n";
}
$BadLogins{$Host}{"$User/$Method"}++;
+ } elsif ( my ($User,$Host) = ( $ThisLine =~ m/^Disconnected from authenticating user (\S+) (\S+) / ) ) {
+ if ( $Debug >= 5 ) {
+ print STDERR "DEBUG: Found -Disconnected Failed login- line\n";
+ }
+ $BadLogins{$Host}{$User}++;
} elsif ($ThisLine =~ s/^(log: )?Could not reverse map address ([^ ]*).*$/$2/) {
$NoRevMap{$ThisLine}++;
} elsif ( my ($Address) = ($ThisLine =~ /^reverse mapping checking getaddrinfo for (\S+( \[\S+\])?) failed - POSSIBLE BREAK-IN ATTEMPT!/)) {

95
logwatch-journal.patch
View File

@ -1,95 +0,0 @@
commit 23e714ad43285d59c5b5852ef2c6013593d64671
Author: bjorn <bjorn1@users.sourceforge.net>
Date: Sun May 15 13:49:08 2016 -0700
[journalctl] Added shared script contributed by Mark Grimes.
diff --git a/scripts/shared/journalctl b/scripts/shared/journalctl
new file mode 100755
index 0000000..1627fd4
--- /dev/null
+++ b/scripts/shared/journalctl
@@ -0,0 +1,83 @@
+#!/usr/bin/perl
+#
+# The purpose of this script is to pass the output of the journalctl
+# command to the logwatch parsers. The corresponding conf/logfile
+# can be simple. The following example shows a logfile with two lines:
+# LogFile = /dev/null
+# *JournalCtl = "--output=cat --unit=service_name.service"
+#
+# In the example above, the arguments to the JournalCtl command are
+# passed to the journalctl system command. It is advised to delimit
+# the arguments in double quotes to preserve mixed case, if
+# applicable.
+
+use strict;
+use warnings;
+
+eval "use Date::Manip";
+my $hasDM = $@ ? 0 : 1;
+
+# logwatch passes arguments as one string delimited by single quotes
+my @args = split(" ", $ARGV[0]);
+my @range = get_range( $ENV{LOGWATCH_DATE_RANGE} );
+
+my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
+
+if ($Debug > 5) {
+ warn join " ", 'journalctl', @args, @range, "\n";
+}
+
+system( 'journalctl', @args, @range );
+
+sub get_range {
+ my $range = lc( shift || 'all' );
+ my @range;
+
+ if ( !$range || $range eq 'all' ) {
+ @range = ();
+ } elsif ( $range eq 'yesterday' ) {
+ push @range, '--since', 'yesterday', '--until', 'today';
+ } elsif ( $range eq 'today' ) {
+ push @range, '--since', 'today', '--until', 'tomorrow';
+ } elsif ($hasDM) {
+
+ # Strip off any period
+ $range =~
+ s/for\s+(?:those|that|this)\s+((year|month|day|hour|minute|second)s?)\s*$//;
+
+ # Look for between x and y
+ my ( $range1, $range2 ) =
+ ( $range =~ /^between\s+(.*)\s+and\s+(.*)\s*$/ );
+
+ # Look for since x
+ if ( $range =~ /^\s*since\s+/ ) {
+ ($range1) = ( $range =~ /\s*since\s+(.*)/ );
+ $range2 = "now";
+ }
+
+ # Now convert to journalctl friendly dates
+ if ( $range1 && $range2 ) {
+
+ # Parse dates
+ my $date1 = ParseDate($range1);
+ my $date2 = ParseDate($range2);
+
+ # Switch if date2 is before date1
+ if ( $date1 && $date2 and Date_Cmp( $date1, $date2 ) > 0 ) {
+ my $switch_date = $date1;
+ $date1 = $date2;
+ $date2 = $switch_date;
+ }
+
+ # If we ask for 1/1 to 1/2, we mean 1/2 inclusive. DM returns
+ # 1/2 00:00:00. So we add 1 day to the end time.
+ $date2 = DateCalc( $date2, '1 day' );
+
+ my $fmt = "%Y-%m-%d %H:%M:%S";
+ push @range, '--since', UnixDate( $date1, $fmt ), '--until',
+ UnixDate( $date2, $fmt );
+ }
+ }
+
+ return @range;
+}

38
logwatch-journald-source.patch
View File

@ -1,38 +0,0 @@
commit ed6eb62f40cb97f71f3df4d982682de68cdf1037
Author: Stefan Jakobs <projects@localside.net>
Date: Tue May 31 23:34:11 2016 +0200
support journald as source
diff --git a/scripts/services/syslog-ng b/scripts/services/syslog-ng
old mode 100755
new mode 100644
index dcd1692..d78c835
--- a/scripts/services/syslog-ng
+++ b/scripts/services/syslog-ng
@@ -1,5 +1,5 @@
###########################################################################
-# $Id$
+# $Id: syslog-ng 280 2014-12-24 15:29:13Z stefjakobs $
###########################################################################
###########################################################################
@@ -168,7 +168,7 @@ while (defined($ThisLine = <STDIN>)) {
$Stats_dest{$processed[$i+1]} =
$Stats_dest{$processed[$i+1]} + $processed[$i+2];
} elsif ($processed[$i] eq "source" || $processed[$i] eq "src.internal" ||
- $processed[$i] eq 'src.none' ) {
+ $processed[$i] eq 'src.none' || $processed[$i] eq 'src.journald') {
$Stats_source{$processed[$i+1]} =
$Stats_source{$processed[$i+1]} + $processed[$i+2];
} elsif ($processed[$i] eq "global") {
@@ -366,7 +366,8 @@ if (keys %Stats_center || keys %Stats_dest || keys %Stats_source ||
$lost_rcvd = 0 - $Stats_center{received};
map {
# skip 'src#X' as this seams to be aggregated into 'src'
- $lost_rcvd = $lost_rcvd + $Stats_source{$_} unless ($_ =~ /src#\d+/);
+ # skip 'journal' as this is not counted.
+ $lost_rcvd = $lost_rcvd + $Stats_source{$_} unless ($_ =~ /(?:src#\d+|journal)/);
} keys %Stats_source;
}
if ($Stats_center{queued} && %Stats_dest) {

74
logwatch-oldfiles.patch
View File

@ -1,74 +0,0 @@
Add '--no-oldfiles-log' option that suppresses a warning about old files in the
logwatch temporary directory.
Author: Ivana Varekova <varekova@redhat.com>
RH-Bugzilla: #230974
Backported-By: Jan Synacek <jsynacek@redhat.com>
--- logwatch-svn198/logwatch.8 2014-01-26 13:46:02.000000000 +0100
+++ logwatch-svn198/logwatch.8 2014-07-04 10:03:26.870415276 +0200
@@ -35,7 +35,7 @@
.I report format
.B ] [--encode
.I encoding to use
-.B ] [--numeric] [--version] [--help|--usage]
+.B ] [--numeric] [--no-oldfiles-log] [--version] [--help|--usage]
.SH DESCRIPTION
.B Logwatch
is a customizable, pluggable log-monitoring system. It will go
@@ -111,6 +111,9 @@
Number of characters that html output should be wrapped to. Default is 80.
.IP "\fB--numeric\fR"
Inhibits additional name lookups, displaying IP addresses numerically.
+.IP "\fB--no-oldfiles-log\fR"
+Suppress the logwatch log, which informs about the
+old files in logwatch tmpdir.
.IP "\fB--usage\fR"
Displays usage information
.IP "\fB--help\fR"
--- logwatch-svn198/scripts/logwatch.pl 2014-07-04 10:02:23.930302006 +0200
+++ logwatch-svn198/scripts/logwatch.pl 2014-07-04 10:05:01.588585717 +0200
@@ -187,6 +187,7 @@
my @TempServiceList = ();
my $Help = 0;
my $ShowVersion = 0;
+my $NoOldfilesLog = 0;
my ($tmp_mailto, $tmp_savefile);
&GetOptions ("d|detail=s" => \$Config{'detail'},
@@ -209,6 +210,7 @@
"hostformat=s" => \$Config{'hostformat'},
"hostlimit=s" => \$Config{'hostlimit'},
"html_wrap=s" => \$Config{'html_wrap'},
+ "no-oldfiles-log" => \$NoOldfilesLog,
"subject=s" => \$Config{'subject'}
) or &Usage();
@@ -632,7 +634,7 @@
opendir(TMPDIR, $Config{'tmpdir'}) or die "$Config{'tmpdir'} $!";
my @old_dirs = grep { /^logwatch\.\w{8}$/ && -d "$Config{'tmpdir'}/$_" }
readdir(TMPDIR);
-if (@old_dirs) {
+if ((@old_dirs) && ($NoOldfilesLog==0)) {
print "You have old files in your logwatch tmpdir ($Config{'tmpdir'}):\n\t";
print join("\n\t", @old_dirs);
print "\nThe directories listed above were most likely created by a\n";
@@ -1085,7 +1087,7 @@
sub Usage () {
# Show usage for this program
print "\nUsage: $0 [--detail <level>] [--logfile <name>] [--output <output_type>]\n" .
- " [--format <format_type>] [--encode <enconding>] [--numeric]\n" .
+ " [--format <format_type>] [--encode <enconding>] [--numeric] [--no-oldfiles-log]\n" .
" [--mailto <addr>] [--archives] [--range <range>] [--debug <level>]\n" .
" [--filename <filename>] [--help|--usage] [--version] [--service <name>]\n" .
" [--hostformat <host_format type>] [--hostlimit <host1,host2>] [--html_wrap <num_characters>]\n\n";
@@ -1096,6 +1098,8 @@
print "--output <output type>: Report Output - stdout [default], mail, file.\n"; #8.0
print "--format <formatting>: Report Format - text [default], html.\n"; #8.0
print "--encode <encoding>: Enconding to use - none [default], base64.\n"; #8.0
+ print "--no-oldfiles-log: Suppress the logwatch log, which informs about the\n";
+ print " old files in logwatch tmpdir.\n";
print "--mailto <addr>: Mail report to <addr>.\n";
print "--archives: Use archived log files too.\n";
print "--filename <filename>: Used to specify they filename to save to. --filename <filename> [Forces output to file].\n";

20
logwatch-pam-unix.patch
View File

@ -1,20 +0,0 @@
===================================================================
RCS file: /usr/share/logwatch/scripts/services/RCS/pam_unix,v
retrieving revision 1.1
diff -u -r1.1 /usr/share/logwatch/scripts/services/pam_unix
--- a/scripts/services/pam_unix 2022/01/20 14:21:24 1.1
+++ b/scripts/services/pam_unix 2022/01/20 14:22:35
@@ -340,6 +340,12 @@
} else {
$data{$service}{'Unknown Entries'}{$line}++;
}
+ } elsif ($service eq 'systemd-user') {
+ if ($line =~ /session (?:opened|closed) for user /) {
+ # ignore this line
+ } else {
+ $data{$service}{'Unknown Entries'}{$line}++;
+ }
} else {
$data{$service}{'Unknown Entries'}{$line}++;
}

49
logwatch-postfix.patch
View File

@ -1,49 +0,0 @@
From eb8c0256997b8d7f2cccdd37ab78674fe9c769c1 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 10 May 2016 13:34:05 +0200
Subject: [PATCH] postfix: fix column alignment in output
Some sections are clearly longer than 23 chars, which might result in a
misaligned output:
3602 Connections 3,602
82 Connections lost (inbound) 82
3602 Disconnections 3,602
12 Timeouts (inbound) 12
16 DNS lookup errors 16
46 Hostname verification errors (FCRDNS) 46
49 SMTP protocol violations 49
2154 TLS connections (server) 2,154
Align to 39 chars now, which is currently the length of the longest
description in the output table plus one.
---
scripts/services/postfix | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/scripts/services/postfix b/scripts/services/postfix
index 9f8e07f..ddd5968 100755
--- a/scripts/services/postfix
+++ b/scripts/services/postfix
@@ -1360,7 +1360,7 @@ sub print_summary_report (\@) {
my ($numfmt, $desc, $divisor) = ($sref->{FMT}, $sref->{TITLE}, $sref->{DIVISOR});
my $fmt = '%8';
- my $extra = ' %25s';
+ my $extra = ' %9s';
my $total = $Totals{$keyname};
# Z format provides unitized or unaltered totals, as appropriate
@@ -1383,7 +1383,7 @@ sub print_summary_report (\@) {
}
else {
push @{$lines[$cur_level]},
- sprintf "$fmt %-23s $extra\n", $total, $desc, commify ($Totals{$keyname});
+ sprintf "$fmt %-39s $extra\n", $total, $desc, commify ($Totals{$keyname});
}
}
}
--
2.7.4

25
logwatch-secure-userhelper.patch
View File

@ -1,25 +0,0 @@
Fix misparsing of userhelper log entries for hddtemp that specify a device
using a name that includes a slash (e.g. '/usr/sbin/hddtemp -n -q /dev/sda').
Additional slashes after the process name confuse logwatch as it considers the
last word behind the last slash the process' name.
Author: Jan Synacek <jsynacek@redhat.com>
RH-Bugzilla: #867290
--- logwatch-svn110/scripts/services/secure.orig 2012-10-18 11:13:33.000000000 +0200
+++ logwatch-svn110/scripts/services/secure 2012-10-18 11:31:08.987571713 +0200
@@ -843,8 +843,13 @@ if (keys %Executed_app) {
print "\nUserhelper executed applications:\n";
foreach (keys %Executed_app) {
($longapp,$asuser,$user) = split ",";
+ $longapp_orig = $longapp;
+ $i = index($longapp, " ");
+ if ($i > 0) {
+ $longapp = substr($longapp, 0, $i);
+ }
$app = substr($longapp,rindex($longapp,"/")+1);
- print " $user -> $app as $asuser: ".$Executed_app{"$longapp,$asuser,$user"}." Time(s)\n";
+ print " $user -> $app as $asuser: ".$Executed_app{"$longapp_orig,$asuser,$user"}." Time(s)\n";
}
}

26
logwatch-sshd-2.patch
View File

@ -1,26 +0,0 @@
Resolves: #1317620
--- logwatch-7.4.3/scripts/services/sshd 2017-08-29 09:16:47.087028191 +0200
+++ logwatch-7.4.3-new/scripts/services/sshd 2017-08-29 09:19:37.372081596 +0200
@@ -297,7 +297,9 @@ while (defined(my $ThisLine = <STDIN>))
($ThisLine =~ /Starting session: (forced-command|subsystem|shell|command)/ ) or
($ThisLine =~ /Found matching \w+ key:/ ) or
($ThisLine =~ /User child is on pid \d/ ) or
- ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/)
+ ($ThisLine =~ /Nasty PTR record .* is set up for [\da-fA-F.:]+, ignoring/) or
+ ($ThisLine =~ /Exiting on signal .*$/) or
+ ($ThisLine =~ /Disconnected from (?:[^ ]*) port .*$/)
) {
# Ignore these
} elsif ( my ($Method,$User,$Host,$Port,$Key) = ($ThisLine =~ /^Accepted (\S+) for ((?:invalid user )?\S+) from ([\d\.:a-f]+) port (\d+) ssh[12](?:: (\w+))?/) ) {
@@ -387,7 +389,9 @@ while (defined(my $ThisLine = <STDIN>))
$RefusedConnections{$1}++;
} elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) {
$RefusedAuthentication{$Reason}++;
- } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*) port [^ ]*: (.*)$/)) {
+ # Old format: Received disconnect from 192.168.122.1: 11: disconnected by user
+ # New format: Received disconnect from 192.168.122.1 port 43680:11: disconnected by user
+ } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*)(?: port \d+)?: ?(.*)$/)) {
# Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO
if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;}
} elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) {

26
logwatch-sshd.patch
View File

@ -1,26 +0,0 @@
From 256829aeb864a25a3542aaacfb2a7ff62b77e7f4 Mon Sep 17 00:00:00 2001
From: Jan Synacek <jsynacek@redhat.com>
Date: Tue, 15 Mar 2016 10:29:17 +0100
Subject: [PATCH] sshd: fix unmatched entries because of the output change in
openssh-7.2p2
---
scripts/services/sshd | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/scripts/services/sshd b/scripts/services/sshd
index e238863..b94ea5a 100755
--- a/scripts/services/sshd
+++ b/scripts/services/sshd
@@ -387,7 +387,7 @@ while (defined(my $ThisLine = <STDIN>)) {
$RefusedConnections{$1}++;
} elsif ( my ($Reason) = ($ThisLine =~ /^Authentication refused: (.*)$/ ) ) {
$RefusedAuthentication{$Reason}++;
- } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*): (.*)$/)) {
+ } elsif ( my ($Host,$Reason) = ($ThisLine =~ /^Received disconnect from ([^ ]*) port [^ ]*: (.*)$/)) {
# Reason 11 (SSH_DISCONNECT_BY_APPLICATION) is expected, and logged at severity level INFO
if ($Reason != 11) {$DisconnectReceived{$Reason}{$Host}++;}
} elsif ( my ($Host) = ($ThisLine =~ /^ROOT LOGIN REFUSED FROM ([^ ]*)$/)) {
--
2.7.2

1
logwatch-tmpfiles.conf Normal file
View File

@ -0,0 +1 @@
d /var/cache/logwatch 0755 root root - -

62
logwatch-vsftpd.patch
View File

@ -1,62 +0,0 @@
Correctly apply time filter when parsing vsftpd log messages.
Author: Ivana Varekova <varekova@redhat.com>
RH-Bugzilla: #217226
--- logwatch-7.3.1/scripts/logwatch.pl.pom 2006-09-16 06:04:14.000000000 +0200
+++ logwatch-7.3.1/scripts/logwatch.pl 2006-11-29 13:16:22.000000000 +0100
@@ -917,11 +917,16 @@
my $FilterText = " ";
foreach (sort keys %{$LogFileData{$LogFile}}) {
my $cmd = $_;
+
if ($cmd =~ s/^\d+-\*//) {
if (-f "$ConfigDir/scripts/shared/$cmd") {
$FilterText .= ("| $PerlVersion $ConfigDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" );
} elsif (-f "$BaseDir/scripts/shared/$cmd") {
- $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" );
+ if ($LogFile =~ /^vsftpd$/ ) {
+ $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/applyvsftpddate '$LogFileData{$LogFile}{$_}'" );
+ } else {
+ $FilterText .= ("| $PerlVersion $BaseDir/scripts/shared/$cmd '$LogFileData{$LogFile}{$_}'" );
+ }
} else {
die "Cannot find shared script $cmd\n";
}
--- logwatch-7.3.1/scripts/shared/applyvsftpddate.pom 2006-11-29 13:13:28.000000000 +0100
+++ logwatch-7.3.1/scripts/shared/applyvsftpddate 2006-11-29 13:10:26.000000000 +0100
@@ -0,0 +1,34 @@
+##########################################################################
+# $Id: applystddate,v 1.18 2005/10/22 00:19:56 bjorn Exp $
+##########################################################################
+
+########################################################
+# This was written and is maintained by:
+# Kirk Bauer <kirk@kaybee.org>
+#
+# Please send all comments, suggestions, bug reports,
+# etc, to logwatch-devel@logwatch.org
+########################################################
+
+use Logwatch ':dates';
+
+my $Debug = $ENV{'LOGWATCH_DEBUG'} || 0;
+
+$SearchDate = TimeFilter('%b %e %H:%M:%S 20%y');
+
+# The date might be "Dec 09", but it needs to be "Dec 9"...
+#$SearchDate =~ s/ 0/ /;
+# The format of Fri Nov 29 20:59:09 2005
+
+if ( $Debug > 5 ) {
+ print STDERR "DEBUG: Inside ApplyStdDate...\n";
+ print STDERR "DEBUG: Looking For: " . $SearchDate . "\n";
+}
+
+while (defined($ThisLine = <STDIN>)) {
+ if ($ThisLine =~ m/(Mon|Tue|Wed|Thu|Fri|Sat|Sun) $SearchDate/o) {
+ print "$ThisLine";
+ }
+}
+
+# vi: shiftwidth=3 syntax=perl tabstop=3 et

186
logwatch.spec
View File

@ -1,45 +1,31 @@
%global _unitdir /usr/lib/systemd/system
Summary: A log file analysis program
Name: logwatch
Version: 7.4.3
Release: 21%{?dist}
Version: 7.5.5
Release: 9%{?dist}
License: MIT
Group: Applications/System
URL: http://www.logwatch.org/
URL: https://sourceforge.net/projects/logwatch
Source0: logwatch-%{version}.tar.gz
Source1: logwatch-tmpfiles.conf
Patch0: cron.patch
Patch1: systemd-deactivated.patch
Patch2: sshd-sort-by-count.patch
Patch3: zstd-log-support.patch
#Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar.gz
# Needs proper fix. Not applied by the upstream.
Patch0: logwatch-vsftpd.patch
# Not applied by upstream.
Patch1: logwatch-oldfiles.patch
Patch2: logwatch-secure-userhelper.patch
# Submitted upstream.
Patch3: logwatch-sshd.patch
# Submitted upstream: https://sourceforge.net/p/logwatch/mailman/message/35076800/
Patch4: logwatch-postfix.patch
# https://sourceforge.net/p/logwatch/git/ci/23e714ad43285d59c5b5852ef2c6013593d64671/
Patch5: logwatch-journal.patch
# https://sourceforge.net/p/logwatch/git/ci/ed6eb62f40cb97f71f3df4d982682de68cdf1037/
Patch6: logwatch-journald-source.patch
Patch7: logwatch-sshd-2.patch
# https://sourceforge.net/p/logwatch/git/ci/b325c68f83ef6c3e3ec9f35c8fdeff5b43fd8559/
# cherry-pick hunk at @@ -224,7 +224,7 @@
Patch8: logwatch-dovecot.patch
Patch9: logwatch-pam-unix.patch
Patch10: logwatch-failed-login.patch
Patch11: systemd-noise-filter.patch
Patch12: auditd-startup-messages.patch
Patch13: ignore-server-ready.patch
Patch14: ras-correctable-errors.patch
Patch15: deduplicate-sudo.patch
Patch16: polkit-startup-messages.patch
Patch17: sshd-sort-by-count.patch
Patch18: sendmail-6-digit-pid.patch
BuildRequires: perl-generators
Requires: grep mailx
BuildRequires: systemd-rpm-macros
Requires: grep
Requires: /usr/bin/mailx
Requires: perl(Date::Manip)
Requires: perl(diagnostics)
Requires: perl(Errno)
Requires: perl(File::Basename)
Requires: perl(lib)
Requires: perl(Socket)
Requires: perl(Sys::CPU)
Requires: perl(Sys::MemInfo)
Requires: perl(Time::Local)
Requires: perl(URI::URL)
Requires: crontabs
BuildArchitectures: noarch
@ -55,22 +41,6 @@ of the package on many systems.
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
rm -f scripts/services/*.orig
%build
@ -118,19 +88,16 @@ install -m 0644 override.conf.5 %{buildroot}%{_mandir}/man5
install -m 0644 logwatch.conf.5 %{buildroot}%{_mandir}/man5
install -m 0644 logwatch.8 %{buildroot}%{_mandir}/man8
install -m 0755 logwatch.cron %{buildroot}%{_sysconfdir}/cron.daily/0logwatch
install -m 0755 scheduler/logwatch.cron %{buildroot}%{_sysconfdir}/cron.daily/0logwatch
mkdir -p %{buildroot}%{_unitdir}
install -m 0644 scheduler/logwatch.timer %{buildroot}%{_unitdir}/logwatch.timer
install -m 0644 scheduler/logwatch.service %{buildroot}%{_unitdir}/logwatch.service
install -m 0755 -d %{buildroot}%{_tmpfilesdir}
install -m 0644 %{SOURCE1} %{buildroot}%{_tmpfilesdir}/logwatch.conf
ln -s ../../%{_datadir}/logwatch/scripts/logwatch.pl %{buildroot}/%{_sbindir}/logwatch
# Do not install zz-fortune service on RHEL
%if 0%{?rhel}
rm -f %{buildroot}%{_datadir}/logwatch/scripts/services/zz-fortune* \
%{buildroot}%{_datadir}/logwatch/conf/services/zz-fortune* \
%{buildroot}%{_datadir}/logwatch/conf/logfiles/fortune*
touch %{buildroot}%{_datadir}/logwatch/scripts/services/zz-fortune
chmod 644 %{buildroot}%{_datadir}/logwatch/scripts/services/zz-fortune
%endif
echo "###### REGULAR EXPRESSIONS IN THIS FILE WILL BE TRIMMED FROM REPORT OUTPUT #####" > %{buildroot}%{_sysconfdir}/logwatch/conf/ignore.conf
echo "# Local configuration options go here (defaults are in %{_datadir}/logwatch/default.conf/logwatch.conf)" > %{buildroot}%{_sysconfdir}/logwatch/conf/logwatch.conf
echo "# Configuration overrides for specific logfiles/services may be placed here." > %{buildroot}%{_sysconfdir}/logwatch/conf/override.conf
@ -167,53 +134,86 @@ echo "# Configuration overrides for specific logfiles/services may be placed her
%dir %{_datadir}/logwatch/default.conf/html
%{_datadir}/logwatch/default.conf/html/*.html
%{_mandir}/man*/*
%{_unitdir}/logwatch.service
%{_unitdir}/logwatch.timer
%{_tmpfilesdir}/logwatch.conf
%changelog
* Wed Jun 28 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-21
- fix sendmail logwatch script to allow 6-digit PIDs
- Resolves: rhbz#2046459
* Wed Jan 08 2026 Vincent Mihalkovic <vmihalko@redhat.com> - 7.5.5-9
- Install and use systemd-tmpfiles.d mechanism
- Resolves: RHEL-105257
* Wed Jun 28 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-20
- sshd sort failed logins and illegal users by count, not IP address
- Resolves: rhbz#2044101
* Mon Aug 04 2025 Pavel Simovec <psimovec@redhat.com>
- Add support for zstd-compressed log files
- Resolves: RHEL-97021
* Wed Jun 28 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-19
- ignore harmless polkit startup messages
- Resolves: rhbz#2043952
* Thu Nov 28 2024 Pavel Simovec <psimovec@redhat.com> - 7.5.5-7
- sshd: sort IP addresses reported by count
- Resolves: RHEL-69277
* Tue Jun 27 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-18
- ignore sudo service as it is already reported in secure service
- Resolves: rhbz#2043951
* Fri Apr 14 2023 Pavel Šimovec <psimovec@redhat.com> - 7.5.5-6
- Add patch to fix systemd messages containing "Deactivated"
- Resolves: rhbz:2160770
* Tue Jun 27 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-17
- do not treat "RAS: Correctable Errors collector initialized" message as an error
- Resolves: rhbz#2043946
* Thu Mar 02 2023 Pavel Šimovec <psimovec@redhat.com> - 7.5.5-5
- Add patch to remove CMDEND from cron service
Resolves: rhbz#2158271
* Tue Jun 27 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-16
- ignore normal "Server ready" startup message from fail2ban
- Resolves: rhbz#2043944
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.5-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Tue Jun 27 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-15
- ignore a couple of normal auditd startup messages
- Resolves: rhbz#2043942
* Wed Jun 02 2021 Lukas Nykryn <lnykryn@redhat.com> - 7.5.5-3
- change the mailx dependency to a binary
* Tue Jun 27 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-14
- patch to logwatch systemd script to add some filtering
- Resolves: rhbz#2043109
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 7.5.5-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
* Thu Apr 20 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-13
- fix unrecognized "Disconnected from authenticating user" failed logins
- Resolves: rhbz#2043088
* Tue Jan 26 2021 Frank Crawford <frank@crawford.emu.id.au> - 7.5.5-1
- Update to 7.5.5
* Thu Apr 20 2023 Pavel Šimovec <psimovec@redhat.com> - 7.4.3-12
- add logwatch-pam-unix.patch
- Resolves: rhbz#2043044
* Mon Dec 14 2020 Orion Poplawski <orion@nwra.com> - 7.5.4-4
- Systemd unit files are not executable
* Fri May 07 2021 Vincent Mihalkovic <vmihalko@redhat.com> - 7.4.3-11
- add gating.yaml file
* Mon Nov 23 2020 Frank Crawford <frank@crawford.emu.id.au> - 7.5.4-3
- Handle changes for DNF 4.4
* Thu May 06 2021 Vincent Mihalkovic <vmihalko@redhat.com> - 7.4.3-10
- fix dovecot statements (#1952629)
* Mon Nov 09 2020 Frank Crawford <frank@crawford.emu.id.au> - 7.5.4-2
- Add requires for perl-diagnostics (#1893671) and perl-lib (#1893503)
- Add other requires as nothing is now automatically supplied
* Mon Aug 03 2020 Jan Synáček <jsynacek@redhat.com> - 7.5.4-1
- Update to 7.5.4 (#1862935)
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Tue Feb 25 2020 Jan Synáček <jsynacek@redhat.com> - 7.5.3-1
- Update to 7.5.3 (#1800953)
* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Fri Oct 25 2019 Jan Synáček <jsynacek@redhat.com> - 7.5.2-1
- Update to 7.5.2 (#1765446)
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Fri Feb 01 2019 Fedora Release Engineering <releng@fedoraproject.org> - 7.5.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
* Mon Jan 28 2019 Jan Synáček <jsynacek@redhat.com> - 7.5.1-1
- Update to 7.5.1 (#1669972)
* Fri Jan 4 2019 Jan Synáček <jsynacek@redhat.com> - 7.5.0-1
- Update to 7.5.0 (#1663428)
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 7.4.3-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon May 21 2018 Jan Synáček <jsynacek@redhat.com> - 7.4.3-10
- Fix parsing of log entries produced by sendmail process with 7-digit PID (#1561587)
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 7.4.3-9
- Escape macros in %%changelog

13
polkit-startup-messages.patch
View File

@ -1,13 +0,0 @@
--- a/scripts/services/secure
+++ b/scripts/services/secure
@@ -273,6 +273,9 @@
( $ThisLine =~ /polkit-grant-helper-pam\[\d+\]: pam_thinkfinger\(polkit:auth\): conversation failed/) or
( $ThisLine =~ /polkitd\(authority=.*\): (Unr|R)egistered Authentication Agent/) or
( $ThisLine =~ /polkitd\(authority=.*\): Operator of unix-session:/) or
+ ( $ThisLine =~ /polkitd.*Acquired the name .* on the system bus/) or
+ ( $ThisLine =~ /polkitd.*Finished loading, compiling/) or
+ ( $ThisLine =~ /polkitd.*Loading rules from directory /) or
( $ThisLine =~ /(gdm-session-worker|gdm-password|gnome-screensaver-dialog)\[\d+\]: gkr-pam: no password is available for user/) or
( $ThisLine =~ /gkr-pam: the password for the login keyring was invalid/) or
( $ThisLine =~ /groupadd\[\d+\]: group added to /) or # Details in other messages

11
ras-correctable-errors.patch
View File

@ -1,11 +0,0 @@
--- a/scripts/services/kernel
+++ b/scripts/services/kernel
@@ -135,6 +135,7 @@
$SkipError = 1 if $ThisLine =~ /ERST: Error Record Serialization Table \(ERST\) support is initialized/;
$SkipError = 1 if $ThisLine =~ /GHES: Generic hardware error source: \d+ notified via .* is not supported/;
$SkipError = 1 if $ThisLine =~ /PCIe errors handled by (?:BIOS|OS)/;
+ $SkipError = 1 if $ThisLine =~ /RAS: Correctable Errors collector initialized\.$/;
# These happen when kerberos tickets expire, which can be normal
$SkipError = 1 if $ThisLine =~ /Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server/ && $Ignore_rpcsec_expired;
# filter out mount options

12
sendmail-6-digit-pid.patch
View File

@ -1,12 +0,0 @@
--- a/scripts/services/sendmail
+++ b/scripts/services/sendmail
@@ -388,7 +388,7 @@
}
# QueueID formats: in 8.11 it was \w{7}\d{5}, in 8.12+ it is \w{8}\d{6}
-my $QueueIDFormat = "(?:\\w{7,9}\\d{5}|NOQUEUE)";
+my $QueueIDFormat = "(?:\\w{7,9}\\d{5,6}|NOQUEUE)";
# ENOENT refers to "no such file or directory"
my $ENOENT = Errno::ENOENT();

3
sources
View File

@ -1 +1,2 @@
SHA512 (logwatch-7.4.3.tar.gz) = 716d87238f487010f2bdf230fc66c16f3c3fe769e6bef04b0e7881c6b0563e1a4b4741235b8a40a16ab21d3803562e87e6bcf5cfbd0ace42414f1d1feae7a13a
SHA512 (logwatch-7.5.4.tar.gz) = 6e6a5e8b7ae977244ea97895e06cccde320fce3dfbd2b1c58c945fc8872325a9676c8afe122b1f7230cb6617b64813caf90ef37fc472a1b200eb0b24ea72fa9b
SHA512 (logwatch-7.5.5.tar.gz) = 71df4d69d7e580b21dc0a0f813201822a161ada68a19c6d3f0df9c8576f22c8d43ebe90643d6184e91ee1c6628de9501896a9444ff7ad6af6fe17eba5d3573f2

15
sshd-sort-by-count.patch
View File

@ -1,6 +1,6 @@
--- a/scripts/services/sshd
+++ b/scripts/services/sshd
@@ -566,7 +566,8 @@
--- a/scripts/services/sshd 2021-01-22 21:59:40.000000000 +0100
+++ b/scripts/services/sshd 2024-11-28 10:33:31.199069612 +0100
@@ -515,7 +515,8 @@
if (keys %BadLogins) {
print "\nFailed logins from:\n";
@ -10,14 +10,13 @@
my $name = LookupIP($ip);
my $totcount = 0;
foreach my $user (keys %{$BadLogins{$ip}}) {
@@ -587,7 +588,8 @@
if (keys %IllegalUsers) {
print "\nIllegal users from:\n";
@@ -538,7 +539,8 @@
print " (with threshold >= $IllegalUsersThreshold)";
}
print ":\n";
- foreach my $ip (sort SortIP keys %IllegalUsers) {
+ my $totalSort = TotalCountOrder(%IllegalUsers, \&SortIP);
+ foreach my $ip (sort $totalSort keys %IllegalUsers) {
my $name = LookupIP($ip);
my $totcount = 0;
foreach my $user (keys %{$IllegalUsers{$ip}}) {

13
systemd-deactivated.patch Normal file
View File

@ -0,0 +1,13 @@
diff --git a/scripts/services/systemd b/scripts/services/systemd
index f1da2ac..44cc7a9 100644
--- a/scripts/services/systemd
+++ b/scripts/services/systemd
@@ -70,7 +70,7 @@ while (defined(my $ThisLine = <STDIN>)) {
# crond will never restart process when it is restarted
$ThisLine =~ /^crond\.service: Found left-over process \d+ \(.*\) in control group while starting unit\. Ignoring\.$/ or
$ThisLine =~ /^Received SIGINT\./ or
- $ThisLine =~ /^Deactivated / or
+ $ThisLine =~ /: Deactivated / or
$ThisLine =~ /^Detected (architecture|virtualization) / or
$ThisLine =~ /^Found device / or
$ThisLine =~ /Got automount request for \/proc\// or

31
systemd-noise-filter.patch
View File

@ -1,31 +0,0 @@
--- a/scripts/services/systemd 2022/01/20 16:00:56 1.1
+++ b/scripts/services/systemd 2022/01/20 16:14:16
@@ -42,7 +42,7 @@
$ThisLine =~ / failed\.$/ or
$ThisLine =~ /: (control|main) process exited, code=(exited|killed),? status=/ or
# Informational
- $ThisLine =~ /^Closed .* socket\.$/ or
+ $ThisLine =~ /^Closed .* [Ss]ocket\.$/ or
$ThisLine =~ /^Closed udev / or
$ThisLine =~ /^Detected (architecture|virtualization) / or
$ThisLine =~ /^Found device / or
@@ -76,11 +76,17 @@
$ThisLine =~ /^Configuration file \/usr\/lib\/systemd\/system\/wpa_supplicant\.service is marked executable/ or
# https://bugzilla.redhat.com/show_bug.cgi?id=1306452
$ThisLine =~ /^tmp\.mount: Directory \/tmp to mount over is not empty, mounting anyway\.$/ or
- $ThisLine =~ /^Received SIGRTMIN\+2[01] from PID \d+ \(plymouthd\)\.$/ or
+ $ThisLine =~ /^Received SIGRTMIN\+2[01] from PID \d+ \((?:plymouthd|n\/a)\)\.$/ or
# https://bugzilla.redhat.com/show_bug.cgi?id=1072368
$ThisLine =~ /^Received SIGRTMIN\+24 from PID \d+ \(kill\)\.$/ or
$ThisLine =~ /^Removed slice / or
- $ThisLine =~ /^pam_unix\(systemd-user:session\): session (?:opened|closed) for user/
+ $ThisLine =~ /^pam_unix\(systemd-user:session\): session (?:opened|closed) for user/ or
+ # Ex: user-runtime-dir@1001.service: Succeeded.
+ $ThisLine =~ /: Succeeded\.$/ or
+ # Ex: Reloading Fail2Ban Service.
+ $ThisLine =~ /^Reloading .*\.$/ or
+ # Ex: Set up automount Arbitrary Executable File Formats File System Automount Point.
+ $ThisLine =~ /^Set up .*\.$/
) {
# Ignore these
} elsif (my ($service) = ($ThisLine =~ /^Unit (.*) entered failed state\.$/)) {

31
zstd-log-support.patch Normal file
View File

@ -0,0 +1,31 @@
diff --color -urN a/scripts/logwatch.pl b/scripts/logwatch.pl
--- a/scripts/logwatch.pl 2025-07-15 12:47:54.869744800 +0200
+++ b/scripts/logwatch.pl 2025-07-15 16:34:26.473278680 +0200
@@ -96,6 +96,7 @@
$Config{'pathtozcat'} = "zcat";
$Config{'pathtobzcat'} = "bzcat";
$Config{'pathtoxzcat'} = "xzcat";
+$Config{'pathtozstdcat'} = "zstdcat";
$Config{'output'} = "stdout"; #8.0
$Config{'format'} = "text"; #8.0
$Config{'encode'} = "none"; #8.0
@@ -746,7 +747,7 @@
# Handle compressed log files using the archive codepath
foreach my $lf (@{$LogFileData{$LogFile}{'logfiles'}}) {
- if ($lf =~ /\.(?:gz|bz2|xz)$/) {
+ if ($lf =~ /\.(?:gz|bz2|xz|zst)$/) {
push @{$LogFileData{$LogFile}{'archives'}}, $lf;
} else {
push @FileList, $lf;
@@ -798,6 +799,10 @@
my $arguments = "'${Archive}' 2>/dev/null >> $DestFile";
system("$Config{'pathtoxzcat'} $arguments") == 0
or die "system '$Config{'pathtoxzcat'} $arguments' failed: $?"
+ } elsif (($Archive =~ m/zst$/) && (-f "$Archive") && (-s "$Archive")) {
+ my $arguments = "'${Archive}' 2>/dev/null >> $DestFile";
+ system("$Config{'pathtozstdcat'} $arguments") == 0
+ or die "system '$Config{'pathtozstdcat'} $arguments' failed: $?"
} elsif ((-f "$Archive") && (-s "$Archive")) {
my $arguments = "'${Archive}' >> $DestFile";
system("$Config{'pathtocat'} $arguments") == 0