Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package logwatch for openSUSE:Factory
checked in at 2023-09-06 18:59:44
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/logwatch (Old)
and /work/SRC/openSUSE:Factory/.logwatch.new.1766 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "logwatch"
Wed Sep 6 18:59:44 2023 rev:51 rq:1109227 version:7.9
Changes:
--------
--- /work/SRC/openSUSE:Factory/logwatch/logwatch.changes 2023-07-28
22:20:40.085309509 +0200
+++ /work/SRC/openSUSE:Factory/.logwatch.new.1766/logwatch.changes
2023-09-06 19:04:04.892152969 +0200
@@ -1,0 +2,7 @@
+Wed Aug 16 09:28:34 UTC 2023 - ecsos <ec...@opensuse.org>
+
+- Update to 7.9
+ See /usr/share/doc/packages/logwatch/ChangeLog for details
+- Add missing systemd.conf for scheduling.
+
+-------------------------------------------------------------------
Old:
----
logwatch-7.8.tar.gz
New:
----
logwatch-7.9.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ logwatch.spec ++++++
--- /var/tmp/diff_new_pack.pvDAiu/_old 2023-09-06 19:04:06.292202878 +0200
+++ /var/tmp/diff_new_pack.pvDAiu/_new 2023-09-06 19:04:06.300203164 +0200
@@ -17,7 +17,7 @@
Name: logwatch
-Version: 7.8
+Version: 7.9
Release: 0
Summary: Tool to analyze and report on system logs
License: MIT
@@ -121,6 +121,7 @@
install -D -m 644 scheduler/logwatch.service
%{buildroot}%{_unitdir}/logwatch.service
install -D -m 644 scheduler/logwatch.timer
%{buildroot}%{_unitdir}/logwatch.timer
+install -D -m 644 scheduler/systemd.conf
%{buildroot}%{_datadir}/logwatch/default.conf/systemd.conf
install -D -m 644 Logwatch_Setup_Files/logwatch_dmeventd.service
%{buildroot}%{_unitdir}/logwatch_dmeventd.service
install -D -m 644 Logwatch_Setup_Files/logwatch_dmeventd.timer
%{buildroot}%{_unitdir}/logwatch_dmeventd.timer
install -m 0755 -d %{buildroot}%{_sbindir}
@@ -129,6 +130,7 @@
ln -s %{_datadir}/logwatch/scripts/logwatch.pl %{buildroot}%{_sbindir}/logwatch
echo "###### REGULAR EXPRESSIONS IN THIS FILE WILL BE TRIMMED FROM REPORT
OUTPUT #####" > %{buildroot}%{_sysconfdir}/logwatch/conf/ignore.conf
echo "# Local configuration options go here (defaults are in
%{_datadir}/logwatch/default.conf/logwatch.conf)" >
%{buildroot}%{_sysconfdir}/logwatch/conf/logwatch.conf
+echo "# Local configuration options go here (defaults are in
%{_datadir}/logwatch/default.conf/systemd.conf)" >
%{buildroot}%{_sysconfdir}/logwatch/conf/systemd.conf
echo "# Configuration overrides for specific logfiles/services may be placed
here." > %{buildroot}%{_sysconfdir}/logwatch/conf/override.conf
#
++++++ ChangeLog ++++++
--- /var/tmp/diff_new_pack.pvDAiu/_old 2023-09-06 19:04:06.356205160 +0200
+++ /var/tmp/diff_new_pack.pvDAiu/_new 2023-09-06 19:04:06.360205303 +0200
@@ -2,6 +2,282 @@
control logs (e.g. 'git log --oneline v1..v2'), as the Logwatch project does
not release a change log themselves. ***
+==== 7.9 ====
+9393486 [rpm] corrected dates in specfile changelog, not released
+c3df994 [logwatch.spec,logwatch.pl] Preparing 7.9 release.
+59b947b [dovecot] Disconnects may occur because of inactivity, but other
reason still logged and displayed.
+b5a183e [postfix] Removed extra parenthesis.
+a1fd923 [zz-sys] Better printing and syntax.
+850be85 [zz-sys] No longer using obsolete Sys::CPU and Sys::MemInfo Perl
modules. Reported by Jitka Plesnikova.
+9362481 [postfix] Added detection of enhanced SMTP status for SPF Fail.
Reported by Anotnio Querubin.
+f23081b Merge branch 'master' of ssh://git.code.sf.net/p/logwatch/git
+7b5c2eb [named] Handle policy zone changed messages
+8dcdbe4 [kernel] Handle cpu clock throttled messages
+e927bc6 [lvm] Ignore some pvscan informational messages
+0dc6b1f [named] Handle rewrite messages
+a6d553b [dovecot] Added logging of failed authentications, by Reio Remma.
+79d6013 [snort] Added files for snort (network intrusion detection), by Darold
Gilles.
+3083b74 [sendmail] Better handling of "Unmatched entries" and TLS errors.
+dbd3675 [logwatch.pl] Corrected delineation of "To:" headers, by submitter Mr.
Lazy.
+554af3b [sudo] Handle entries with TSID; Handle parse error messages
+3661a13 [evtmswindows] More de-duplication; ignore some routine messages
+7e64fdf [evtapplication] More de-duplication; Ignore openvpnserv "The
operation completed successfully."
+7790402 [fail2ban] Add option to ignore latency warnings
+fa2f60b Do new report for DNS format errors
+557c355 Update to fix Redhat BZ2192995
+f79b300 [nut] Ignore "wall: cannot get tty name: Inappropriate ioctl for
device"
+59fadad [nut] Handle Instant command messages
+12aba8e [kernel] Report megaraid_sas CRIT messages
+
+==== 7.8 ====
+87eff61 Logwatch 7.8-3 update for linux noarch version
+14186cc fix typo in specfile, take 2
+0db0810 fix typo
+3bd9d75 fix RPM specfile
+c841f03 fix RPM specfile
+34fd821 [logwatch.spec,logwatch.pl] Preparing 7.8 release.
+ecdfa52 [syslog-ng] Ignore "Configuration reload finished;" since we already
process initial message; Suppress Starts/Stops/Reloads if Detail == 0
+fdccdf3 Better handling of spaces in DNSSEC errors
+220affa Handle missing cookie messages
+9a61853 [sudo] Cleanup and ignore more pam messages
+e814db8 [system] Relax "has no hold-off time.*, scheduling restart" regex
+89876ef Ignore adb growth messages as informational
+ee803dc Ignore messages about an inactive service
+cc78b40 Allow multiple spaces when matching views
+31287e7 Updated to match older systemd
+70ac84f Merge with recent updates
+d7cc3c1 Merge branch 'master' of ssh://git.code.sf.net/p/logwatch/git
+84657e7 Handle bad cookies and new errors in latest named
+0c8f9a7 Catch a few new errors from systemd
+05f57e3 Catch a few new error from systemd
+fab9ad0 Ignore OpenSSL initialisation message
+e29f625 [dropbear] Initial version
+a9f41ca [evtsystem] De-dupe via rounded human readable byte counts
+67e13c6 [evtsecurity] More de-duplication
+4ff9137 [systemd] sssd users @ in usernames
+590e54d [nut] Handle 2.8.0 messages, new service names; Fix handling of
current communication state
+be3eb25 [nut] Ignore "upsd: Running as foreground process, not saving a PID
file"
+e7ea1a3 [system] Ignore "bpf-lsm: LSM BPF program attached"
+5a3e737 [system] Relax regex for "Arbitrary Executable File Formats File
System Automount Point"
+ab74b31 [systemd] Move Skipped before Failed to catch "was skipped because all
trigger condition checks failed." messages
+6bd137d Updated for multiline key exchange errors
+0dc010f Process MaxStartups messages as requested by Joe Horn
+ef69221 [kernel] Correct filter on killed process, by Artur Jaroschek
+9fff4bd [extreme-networks] Fixed incorrect syntax on 'use' statement, by Bryce
Harrington
+7790708 Merge branch 'master' of ssh://git.code.sf.net/p/logwatch/git
+6932a22 [postfix] Additional filtering, by Vladimir Elisseev.
+4cc503d [syslog-ng] add XML support
+377722f [logwatch.pl] Add basic support for XML, services are free to define
their own schema.
+48b7736 [syslog-ng] fixed typo in format string
+3e05c6f [zz-disk_space] Print error messages to STDERR
+1300096 [logwatch.pl and shared] Replace calls to egrep by grep -E, by Andreas
Stieger
+7c6c302 Merge branch 'master' of ssh://git.code.sf.net/p/logwatch/git
+d8a261e Update for some message format changes
+e9c8335 Ignore startup messages and handle other minor changes
+c36e4a5 Handle some minor message format changes
+efd9abe Ignore message on informational messages
+0fa0a4d Ignore message on logging shutdown
+7addc60 Merge branch 'master' of ssh://git.code.sf.net/p/logwatch/git
+9cb5863 [fail2ban] Add fail2ban_ignore_flushing option to ignore issues with
flushing tracking - needed when fail2ban jail actionflush is set to true to
disable it
+5d89705 [fail2ban] Whitespace cleanup
+f18e5c9 [zz-lmsensors] Significant rewrite, by Marius Feraru
+
+==== 7.7 ====
+ec13cea [logwatch.spec,logwatch.pl] Preparing 7.7 release.
+0948a3c [systemd] Improved filtering of CPU time, by Marius Feraru.
+42c132a [dirsrv] Ignore warning that should not be a warning
+8827d6a [pam] sssd on Fedora includes status message when shutting down
+5e97cc5 [pam] Ignore sssd messages leaking in
+4427ab7 [eventlogonlyservice] Fix message; Use ?: in regex pattern
+52d3d25 [clam-update] Add option to ignore when no updates have occurred
+f12c6f1 [clamav] Reset Errors as well
+8aade3e [fail2ban] Only emit banned summary for Detail > 0
+4e31514 [systemd] Add "was skipped because" wording
+605ef78 [logwatch.spec] Add s-nail as a mailer package option, per Reio Remma
+092b228 [smartd] Allowing raw temperature values.
+42f0372 [dovecot,sudo] Allow for undef variables.
+905b365 Merge branch 'master' of ssh://git.code.sf.net/p/logwatch/git
+873958b [journalctl] Updated documentation for LogFile, and allowing for
multiple sources, by Anders Blomdell.
+6ed3155 [systemd] Relax slow start regex for EL7
+c6241c9 [systemd] Ignore "Current command vanished from the unit file,
execution of the command list won't be resumed."
+28cc428 [named] Remove port number, for proper IP sorting
+a92f495 [sshd] Removed PotentialIllegalUsers variable, and coalescing under
IllegalUsers variable.
+6473fa7 [Logwatch.pm,named,secure] Setting global default to no reverse DNS
lookup, and enabled DoLookup call in named and secure.
+358f426 Merge branch 'master' of ssh://git.code.sf.net/p/logwatch/git
+823553a [Logwatch.pm,iptables,named,secure,sshd] Using lexical variable for
DoLookup, per Daniel Lewart.
+136aab2 [evtmswindows] Add evtmswindows.conf; Drop unused
ignore_profile_program option
+745c7c7 [nut] Add cannot_connect_threshold
+305c866 [pureftpd] Meant to expand the suppressed warning on Noel's patch.
+ca11a60 [dovecot,pureftpd,secure,smartd,sshd] Suppressing warnings, by Noel
Butler
+375d9da [logwatch.pl,iptables] Adding sort for configuration printout, and
sorting of iptables by protocol.
+402295c Accommodating delaycompress by adding archive files with '.1' suffix,
reported by Daniel Lewart
+
+==== 7.6 ====
+cedf583 [7.6] Updated logwatch.spec and logwatch.pl with new versions
+5787b25 [systemd] Various
+2d896b1 [sudo] Ignore "User info message: Authenticated with cached
credentials"
+de333e7 [rsyslog] Handle "messages lost due to rate-limiting"; Make threshold
>=; Ignore some write failed messages that match with connection closed
+8dcfb5d [nut] Ignore SSL/Timer messages; Relax connect failed regex
+f3f022c [lvm] Ignore "dmeventd detected break" message from shutdown
+97d009e [cron] Handle PAM ERROR messages
+abfa36d [named] Various fixes
+ecd4726 [lvm] Handle "activating all complete VGs for init"; relax regex for
"WARNING: lvmetad is being updated, retrying"
+8333116 [secure] handle su-l pam service with pam_succeed_if
+fbd8323 [nut] Handle "Cannot connect to UPS server", "UPS is unavailable" and
self-test passed; Exclude cupsd messages; Ignore more messages
+bde6701 [named] Ignore "dumping all zones, removing journal files: success"
from rndc flush; Ignore RRL bins increase message; Only show CCMessages2
(freeze/thaw) with detail
+31a402e [sssd] Handle "Cannot contact any KDC for realm" messages; Add
offline_okay option to ignore it
+b0fc3ea [sshd] Handle another variant of "Connection closed by remote host"
+66f3f9e [secure] Ignore more gkr-pam messages
+e35c9cf [rsyslogd] Handle remote closed connection with threshold; Fix
variable names in conf file
+6250dc1 [nut] Add NUT UPS script
+1eaea40 [rsyslogd] Handle "cannot connect" messages
+5bf2424 [sssd] Handle multiple domains
+bb1a9c1 Merge branch 'master' of ssh://git.code.sf.net/p/logwatch/git
+9ad3e2e Ignore Sanescan found message this is caught by ClamAV already -mgt
+df65c4f [dovecot] Check existence of hash entry before print.
+78a2b81 [fail2ban] Checking for existence of hash entries before print, and
improved multiline print.
+09cb3d9 Under Centos 6.10 / dovecot-2.0.9-23.el6 imap-login messages missed no
session tag. This patch catches that. -mgt
+19bb7ee [pam_unix] Fixed bug resulting from low-priority 'or'.
+18e4270 [dhcpd] Corrected bashism to proper Perl syntax for backreference.
+dcc57aa Correct some extra warning errors -mgt
+2ccbe13 Restored use Logwatch -mgt
+3cdf010 Forgot to restore use Logwatch -mgt
+a6fcae8 Removed my declares from ThisLine loop Added Init String Containers
-mgt
+8540454 Removed my declares from ThisLine loop Adde init String Containers -mgt
+9e0f20c Duplicate my for debug and detail -mgt
+f98e701 Removed my delcare from ThisLine loop Added Init String Containers
-mgt:wq
+9131f96 Cleaned up many variables in assorted scripts. Functionality should
not have changed.
+0130e1e Added init string containers and some scope cleanup -mgt
+5cb3449 Removed my from line 440 because it was done in the match above it -mgt
+6127ffa Removed my delcares from ThisLine loop Added init strings -mgt
+84a86a5 Remeoved some my declares from ThisLine loop Added some variables to
Init Strings -mgt
+65c54ec Removed one instance of my Startups -mgt
+5ef92b2 Removed my from ThisLine loop Added Init String Containers -mgt
+436d4fa Remived my from ThisLine loop Added more entries to existing Init
String Container -mgt
+a76271a Removed my inside ThisLine loop Added Init String Containers -mgt
+58418e0 Removed my inside ThisLine loop Added Init String Container -mgt
+dfd82b4 Removed my declares in ThisLine loop Added Init String Containers -mgt
+4b2303a Removed my inside the ThisLine stdin main loop, Added Init String
Containers instead passes -w test -mgt
+77fcc46 Added use strict; -mgt
+f364b14 Added use strict Init Strings Hashes and Arrays -mgt
+f3004b3 Added use strict Init Strings and hashes -mgt
+478e2ca Added use strict Init Strings Hashes -mgt
+7fd09e2 Added use strict and Init Strings and hashes -mgt
+1d59421 Added use strict and Init Strings and Hashes -mgt
+e220a5c Added use strict; Init Strings and Hashes -mgt
+6c84d0d Added use strict init Strings and Hashes -mgt
+d99a0a2 Added use strict; Init Strings Hashes -mgt
+5d92e51 Added use strict; Init Strings and hashes -mgt
+e467208 Added use strict Init Strings Hashes and Arrays -mgt
+bc6dcac Reenabled Logwatch lib -mgt
+c87877b Added use strict and Init Hashes and Strings -mgt
+0c3b282 Added use strict init hashes -mgt
+780ad64 Added use strict and init strings arrays and hashes -mgt
+1771fd8 Adding 'use script' to scripts/logfiles/*/* files. TBD: I believe some
could be converted to applystddate with parametric strings.
+0e29cde Added use strict init counter and hashes -mgt
+2c7eda6 Added use strict init strings and arrays -mgt
+0e57650 Added use strict; Init strings array and hashes -mgt
+ab21eab Added use strict; init hashes and strings -mgt
+6a43eb1 Added use strict; -mgt
+a1cb153 Added use strict Line 172 has $tmpEntry = (); as reset but I can't see
why I removed it -mgt
+29b9db1 Added use strict -mgt
+68c6a26 Added use strict and init hashes -mgt
+1bbfb87 Added use strict and init hashes -mgt
+75a8b53 Added use strict nad init hashes -mgt
+d30bdb1 Added use strict; -mgt
+cca6ee6 Added use strict; Init Array and hashes -mgt
+a4d1b12 Added use strict and init hashes -mgt
+1eb7283 Added use strict; -mgt
+4c8c962 erge Bjorn shareed scripts -mgt Merge branch 'master' of
ssh://git.code.sf.net/p/logwatch/git
+49e9197 Added use strict; init arrays hashes and strings -mgt
+cdaa12c Adding 'use strict' to remaining scripts/shared programs
+8855faf Added use strict init strings arrays and hashes -mgt
+1327d75 Added use strict; -mgt
+dfc88ca Added use strict init strings hashes and array there was a bug with
$dfields as array that didn't exist -mgt
+f9fa57c Added use strict init strings and hashes -mgt
+55dc5ae Added use strict and init counters strings and hashes Did some proper
scoping on this one -mgt
+9b666cf Added use strict; init hashes and couple of strings -mgt
+aed2737 Added use strict; hashes and string comtainer -mgt
+e1a8cd1 Added use strict; init strings array and hashes Bug with variable
$Notices line 225 should have been $Notice -mgt
+a2de701 Added use strict and init strings and hashes -mgt
+612e334 Added use strict and init strings (hash ref) array and hashes -mgt
+82a0987 Added use strict; -mgt
+8122344 Added use strict; and a few inits -mgt
+c1c431c Added use strict; -mgt
+9f18b7f Added use strict init strings and hashes -mgt
+db458d9 Ignore Activating the newly loaded database this is covered already by
Database Reload -mgt
+c042b07 Added use strict a few inits -mgt
+fe1cf91 Cleanup on string containers removed lowercase Pid and user Tested
script in Alma 8.4 A lot of this service is ancient and modern installs use pam
and other service to summarize the secure/authlogs. It could use a good testing
and possible cleanup against host logs that do not use pam. -mgt
+8f33498 Added use strict; Init hashes strings Did a fair amount of scope
initalization I think there is a big with $ChangedUserName I will test this
commit and make more changes as needed -mgt
+9c406a0 Added use string; init strings and hashes -mgt
+d2c5db0 Added use strict; init counters and arrays -mgt
+db29707 Added use strict; init hashes, init array, init string containers -mgt
+4eca6bd Added use strict and init string containers -mgt
+aa37e37 Added use strict; Not sure this service is really needed anymore -mgt
+2ed8827 Added use strict; -mgt
+b8d0073 Added use strict and init hashes and strings. Odd ball onj style hash
counter SuccessfulLogin -mgt
+bd100b1 Added use strict and init hashes -mgt
+178abfd Added use strict and Init hashes arrays and strings -mgt
+2250574 Added use strict and init hashes. The %second and %thirdtotals should
scoped to the functions if anyone edits this in the future -mgt
+e0476ef Added use strict and init hashes and strings -mgt
+aa7c991 Added use strict -mgt
+b46d170 Added use strict and init hashes and array, a few scoped strings -mgt
+b268a98 Added use strict and my $DebugCounter -mgt
+294e821 Added use strict; -mgt
+5901a87 Added use strict a couple inits pretty simple -mgt
+9d7b264 Added use strict -mgt
+e9e16cd added use strict only change -mgt
+3d69e47 Step 2 all the rest, needs test Note I start doing scope inside the
elsif but in the end init'd about half the variable as global, can fixed up in
the future is anyone is workng on this one -mgt
+001f151 Step 1 towards use strict on named Init Hash complete -mgt
+82020b0 Added use strict - Line 103 $Cause was bug fixed to $Status -mgt
+0c1f6a5 Added use strict to denyhosts this one was trivial -mgt
+0be0ed4 Added use strict to cron. Test Alma 8.4 Not totally happy with User
and Error string useage -mgt
+959acd3 use strict enabled on mailscanner - tested on Alma 8.4 -mgt
+f47508b Step 2 mailscanner init counters and init ThisOne and line -mgt
+c3db606 Initalize hashes step 1 for use strict -mgt
+e90145f [exim] Additional correction to SelfSignedH, by Daniel Lewart.
+30da30a [sendmail] Handling of unknown hostname for split envelopes
+61341e7 [systemd] Ignore all "Closed" messages
+9e6031e fix https://sourceforge.net/p/logwatch/bugs/99/
+b46107f [Added Restored Bans and Flush Bans to report, as requested by
Christophe Perez
+97c94fb [exim] Fix to unitialized $bb, reported by Roland Heymanns. Fix to
unitialized $SelfSigned, reported by Daniel Lewart.
+816c571 [kernel] Ignore slightly different format audit records
+fd89382 [postfix] Handle some client certificate messages
+f4b28e4 [systemd] Ignore "Sent signal SIGHUP to main process .* on client
request" messages
+f6a14e1 Match minor change in systemd
+2fc19db Merge branch 'master' of ssh://git.code.sf.net/p/logwatch/git
+b048086 [sendmail] sendmail-8.17.1 may add a stat=0 to tls features statement.
+6afa677 Merge /u/stone-free/logwatch/ branch fail2ban-regex into master
+372c5b7 Merge /u/bgordon/logwatch/ branch fedora34 into master
+1fe2a92 fix fail2ban regex
+526c64b [sshd] Ignore banner format errors
+3a66775 [sshd] Accept zone in IPv6 addresses
+de8ec57 [pam_unix] Add cinnamon-screensaver
+
+==== 7.5.6 ====
+65a105b [logwatch] Preparing the 7.5.6 release.
+b19a8f3 Minor update to systemd from Glenn
+2f0f6d7 [logwatch.pl] Corrected syntax error.
+2d34929 Adding Encode option for 7bit. Requested by Don Cohen.
+67fc3de [postfix.conf] Allowing for multiple services. Reported by Francisco
Paletta.
+fe60fe9 [fail2ban] Accounting for restored bans. Reported by Christophe Perez.
+bd0ee91 [amavis] Allowing for space in LMTP log statement. Reported by Simon
Wilson.
+5314007 Accept sshd patch from Allen J Newton -mgt
+953be00 [systemd] Ignore "Closed REST API socket for" messages
+732f2b4 [zz-disk_space] Added check for existence of directory.
+d2f2a1c [fail2ban] Corrected NoticeList, as reported by Thomas Wilhelmi.
+5d4904c [zz-zfs] Reverting to hard-coded paths for zfs and zpool. Reported by
Marcel Telka.
+d28953b [cron] Fix copy/paste error
+0a7fdef [cron] Ignore CMDEND lines
+97800b8 [omsa] Update non-certified drive regex
+f87a57c [systemd] Ignore more messages; Handle new Deactivated message format
+61d2755 [evtmswindows] General application event logs
+8fd2d31 [evt*] More de-duplication
+4b841e4 [system] Unit entered failed state became a debug message; trigger on"
Failed with result"
+9a0423a [dhcpd] Ignore "GSSAPI Authentication for LDAP will not be used"
+f44f342 [pam_unix] Ignore "received for user" messages; handle some messages
generically for all services
+8c0f772 [sudo] Allow for missing TTY= with commands
+
==== 7.5.5 (2021-01-23) ====
a8bdb8b [logwatch] Preparing new release 7.5.5
c3fbbc2 Merge /u/fcrawford/logwatch/ branch frank-lvm into master
++++++ logwatch-7.8.tar.gz -> logwatch-7.9.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/conf/logfiles/snort.conf
new/logwatch-7.9/conf/logfiles/snort.conf
--- old/logwatch-7.8/conf/logfiles/snort.conf 1970-01-01 01:00:00.000000000
+0100
+++ new/logwatch-7.9/conf/logfiles/snort.conf 2023-07-22 18:26:37.000000000
+0200
@@ -0,0 +1,21 @@
+# Logfile definition for snort
+
+# What actual file? Defaults to LogPath if not absolute path....
+LogFile = snort/alert_fast.txt
+LogFile = snort/snort.alert.fast
+LogFile = snort/alert_fast.txt.1
+LogFile = snort/snort.alert.fast.1
+
+# If the archives are searched, here is one or more line
+# (optionally containing wildcards) that tell where they are...
+#If you use a "-" in naming add that as well -mgt
+Archive = snort/alert_fast.txt.*.gz
+Archive = snort/snort.alert.fast.*.gz
+
+# Expand the repeats (actually just removes them now)
+*ExpandRepeats
+
+###########################################################################
+## Please send all comments, suggestions, bug reports,
+## etc, to logwatch-de...@lists.sourceforge.net
+############################################################################
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/conf/services/fail2ban.conf
new/logwatch-7.9/conf/services/fail2ban.conf
--- old/logwatch-7.8/conf/services/fail2ban.conf 2022-08-22
19:29:19.000000000 +0200
+++ new/logwatch-7.9/conf/services/fail2ban.conf 2023-07-22
18:26:37.000000000 +0200
@@ -42,3 +42,7 @@
# Set this to true if actionflush is set to true to avoid the following
message:
# ERROR: Lost track of flushing services
# $fail2ban_ignore_flushing = 1
+
+# Set this to a regex to match jails for which you want to ignore latency
+# warnings. These are generally jails that monitor apache access logs.
+# $fail2ban_ignore_latency = ^apache-badbots|php-url-fopen$
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/conf/services/kernel.conf
new/logwatch-7.9/conf/services/kernel.conf
--- old/logwatch-7.8/conf/services/kernel.conf 2016-03-09 21:14:31.000000000
+0100
+++ new/logwatch-7.9/conf/services/kernel.conf 2023-07-22 18:26:37.000000000
+0200
@@ -21,6 +21,9 @@
*OnlyService = (kernel|SUNW,[-\w]+?)
*RemoveHeaders
+# Ignore cpu clock throttled messages
+# $ignore_cpu_throttled = Yes
+
# Ignore segfaults and general protection faults in the listed programs
# The value is a regular expression that the executable name is matched
# against. Separate multiple executables with |
@@ -32,7 +35,6 @@
# Ignore messages matching the given regex
# $kernel_ignore_messages = A TPM error \(6\) occurred
-
########################################################
# This was written and is maintained by:
# Kirk Bauer <k...@kaybee.org>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/conf/services/snort.conf
new/logwatch-7.9/conf/services/snort.conf
--- old/logwatch-7.8/conf/services/snort.conf 1970-01-01 01:00:00.000000000
+0100
+++ new/logwatch-7.9/conf/services/snort.conf 2023-07-22 18:26:37.000000000
+0200
@@ -0,0 +1,27 @@
+# Service definition for snort alert log
+
+# You can put comments anywhere you want to. They are effective for the
+# rest of the line.
+#
+# this is in the format of <name> = <value>. Whitespace at the beginning
+# and end of the lines is removed. Whitespace before and after the = sign
+# is removed. Everything is case *insensitive*.
+#
+# Yes = True = On = 1
+# No = False = Off = 0
+
+Title = "Snort"
+
+# Which logfile group...
+LogFile = snort
+
+# Set it to High to also report HINT and WARNING log lines.
+# By default it will report PANIC, FATAL and ERROR lines.
+#Detail = High
+
+###########################################################################
+## Please send all comments, suggestions, bug reports,
+## etc, to logwatch-de...@lists.sourceforge.net
+############################################################################
+
+# vi: shiftwidth=3 tabstop=3 et
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/logwatch.spec
new/logwatch-7.9/logwatch.spec
--- old/logwatch-7.8/logwatch.spec 2023-01-26 17:52:03.000000000 +0100
+++ new/logwatch-7.9/logwatch.spec 2023-07-22 18:26:37.000000000 +0200
@@ -1,7 +1,7 @@
Summary: Analyzes and Reports on system logs
Name: logwatch
-Version: 7.8
-Release: 3
+Version: 7.9
+Release: 1
License: MIT
Group: Applications/System
URL: https://sourceforge.net/projects/logwatch/
@@ -112,6 +112,9 @@
%changelog
+* Sat Jul 22 2022 Jason Pyeron <jpye...@pdinc.us> 7.9-1
+- release 7.8, noarch on EL and cygwin
+
* Thu Jan 26 2022 Bjorn <bjo...@users.sourceforge.net> 7.8-3
- Made noarch version for linux
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/logwatch.pl
new/logwatch-7.9/scripts/logwatch.pl
--- old/logwatch-7.8/scripts/logwatch.pl 2023-01-26 17:56:33.000000000
+0100
+++ new/logwatch-7.9/scripts/logwatch.pl 2023-07-22 18:26:37.000000000
+0200
@@ -10,8 +10,8 @@
########################################################
# Specify version and build-date:
-my $Version = '7.8-3';
-my $VDate = '01/26/23';
+my $Version = '7.9';
+my $VDate = '07/22/23';
#######################################################
# Logwatch was originally written by:
@@ -1175,7 +1175,6 @@
} elsif ($Config{'output'} eq "file") {
open(OUTFILE,">>" . $Config{'filename'}) or die "Can't open output file:
$Config{'filename'} $!\n";
} else {
- #fixme mailto
if (($Config{'hostformat'} eq "splitmail") || ($emailopen eq "")) {
#Use mailer = in logwatch.conf to set options. Default should be
"sendmail -t"
#In theory this should be able to handle many different mailers. I
might need to add
@@ -1183,10 +1182,13 @@
open(OUTFILE,"|$Config{'mailer'}") or die "Can't execute
$Config{'mailer'}: $!\n";
my $mailto = $Config{"mailto_$Config{'hostname'}"};
$mailto = $Config{'mailto'} unless $mailto;
- for my $to (split(/ /, $mailto)) {
- print OUTFILE "To: $to\n";
+ my @mail_addrs = split(/ /, $mailto);
+ my $oneto = pop @mail_addrs;
+ print OUTFILE "To: $oneto ";
+ foreach (@mail_addrs) {
+ print OUTFILE ", $_";
}
- print OUTFILE "From: $Config{'mailfrom'}\n";
+ print OUTFILE "\nFrom: $Config{'mailfrom'}\n";
#If $Config{'subject'} exists lets use it.
#This does not allow for variable expansion as the default below does
-mgt
if ($Config{'subject'}) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/dovecot
new/logwatch-7.9/scripts/services/dovecot
--- old/logwatch-7.8/scripts/services/dovecot 2022-09-22 20:54:00.000000000
+0200
+++ new/logwatch-7.9/scripts/services/dovecot 2023-07-22 18:26:37.000000000
+0200
@@ -47,6 +47,7 @@
my %AuthDisconnectedWithPending;
my %AuthTimedOut;
my %AuthUsernameChars;
+my %AuthFail;
my %ChildErr;
my %Connection;
my %ConnectionClosed;
@@ -128,7 +129,7 @@
($ThisLine =~ /ssl-params: Generating SSL parameters/) or
($ThisLine =~ /auth-worker/) or
($ThisLine =~ /auth:.*: Connected to/) or
- ($ThisLine =~ /Connection closed/) or
+ ($ThisLine =~ /Connection closed(?! \(auth failed)/) or
($ThisLine =~ /IMAP.*: Connection closed bytes/) or
($ThisLine =~ /IMAP.* failed with mbox file/) or
($ThisLine =~ /discarded duplicate forward to/) or
@@ -268,14 +269,18 @@
} elsif ($ThisLine =~ /Disconnected (\[|bytes|top)/) {
$Disconnected{"No reason"}++;
+ # Oct 24 14:10:24 host dovecot[114]: imap-login: Disconnected: Connection
closed (auth failed, 1 attempts in 2 secs): user=<u...@domain.com>,
method=PLAIN, rip=192.168.1.110, lip=192.168.1.3, TLS,
session=<lGZ01sXrvLzAqAFu>
+ } elsif ( ($User, $IP) = ($ThisLine =~ /Disconnected: Connection closed
\(auth failed, .*\): user=<([^>]+)>,.*rip=([^,]+).*/) ) {
+ $AuthFail{$User}{$IP}++;
} elsif ( ($Reason) = ($ThisLine =~ /Disconnected: (.*) \[/) ) {
$Disconnected{$Reason}++;
} elsif ( ($Reason) = ($ThisLine =~ /Disconnected: (.*) (bytes|top|in)=.*/)
) {
$Disconnected{$Reason}++;
} elsif ($ThisLine =~ /Logged out (rcvd|bytes|top|in)=.*/) {
$Disconnected{"Logged out"}++;
- } elsif ( ($Reason) = ($ThisLine =~ /Disconnected \((.*)\):/) ) {
+ } elsif ( ($Reason) = ($ThisLine =~ /Disconnected(?:: Inactivity.*)?
\((.*)\):/) ) {
$Reason =~ s/ in \d+ secs//;
+ $Reason =~ s/, waited \d+ secs//;
$Disconnected{$Reason}++;
} elsif ($ThisLine =~ /Server shutting down./) {
$ConnectionClosed{"Server shutting down"}++;
@@ -557,6 +562,31 @@
}
}
+if (keys %AuthFail) {
+ my $AuthFailCount = 0;
+ my %AuthFailUserCount;
+ foreach my $User (keys %AuthFail) {
+ foreach my $IP (keys %{$AuthFail{$User}}) {
+ $AuthFailUserCount{$User} += $AuthFail{$User}{$IP};
+ }
+ $AuthFailCount += $AuthFailUserCount{$User};
+ }
+ printf "\n" if ($Detail >= 5);
+ printf "\nDovecot Failed Logins: %s", $AuthFailCount;
+ if ($Detail >= 5) {
+ foreach my $User (sort { $AuthFailUserCount{$b} <=>
$AuthFailUserCount{$a} }
+ keys %AuthFailUserCount) {
+ printf("\n %4s %s", $AuthFailUserCount{$User}, $User);
+ if ($Detail >= 10) {
+ foreach my $IP (sort { $AuthFail{$User}{$b} <=>
$AuthFail{$User}{$a} }
+ keys %{$AuthFail{$User}}) {
+ printf "\n %4s %s", $AuthFail{$User}{$IP}, $IP;
+ }
+ }
+ }
+ }
+}
+
if ( ( $Detail >= 10 ) and (keys %AuthUsernameChars)) {
print "\n\nUsername character disallowed by auth_username_chars:";
foreach my $IP (sort keys %AuthUsernameChars) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/evtapplication
new/logwatch-7.9/scripts/services/evtapplication
--- old/logwatch-7.8/scripts/services/evtapplication 2021-04-22
02:53:10.000000000 +0200
+++ new/logwatch-7.9/scripts/services/evtapplication 2023-07-22
18:26:37.000000000 +0200
@@ -58,7 +58,10 @@
# Modify some items that prevent de-duplication
if ($Detail < 10) {
$ExpandedString =~ s/(NextScheduled\S+|PID) \d+/$1 XXX/;
- $ExpandedString =~ s,\d{4}/\d\d/\d\d \d\d:\d\d:\d\d(?:\.\d+)?,TIMESTAMP,;
+ $ExpandedString =~ s,\d{4}/\d\d/\d\d
\d\d:\d\d:\d\d(?:\.\d+)?,TIMESTAMP,g;
+ $ExpandedString =~ s/(?:\w{3}, )?\d{2} \w{3} \d{4},? \d\d:\d\d(?::\d\d
\w{3})?/TIMESTAMP/g;
+ $ExpandedString =~ s/(SessionId|ThreadId):(
?0x)[0-9A-Fa-f]{2,16}(?::0x[0-9a-f]{5})?/$1:${2}XXXX/g;
+ $ExpandedString =~ s/Session-trace:.*$/Session-trace: XXXX/;
}
#print STDERR "ExpandedString = $ExpandedString\n";
@@ -133,6 +136,8 @@
next if $ExpandedString =~ /Download of virus definition file from
LiveUpdate server succeeded/;
next if $ExpandedString =~ /Virus definitions are current/;
next if $ExpandedString =~ /Could not scan \d+ files inside .* due to
extraction errors encountered by the Decomposer Engines/;
+ } elsif ($Application eq "openvpnserv") {
+ next if $ExpandedString eq "The operation completed successfully.";
} elsif ($Application =~ /cc.*Mgr/) {
#Ignore these
next if $ExpandedString =~ /service is starting/;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/evtmswindows
new/logwatch-7.9/scripts/services/evtmswindows
--- old/logwatch-7.8/scripts/services/evtmswindows 2022-02-07
01:53:33.000000000 +0100
+++ new/logwatch-7.9/scripts/services/evtmswindows 2023-07-22
18:26:37.000000000 +0200
@@ -55,7 +55,7 @@
next if $EventLogType eq "Information" and $ExpandedString !~ "BlueScreen";
next if $ExpandedString eq "N/A";
- next if $SourceName =~ /^Microsoft-Windows-Store/;
+ next if $SourceName =~
/^Microsoft-(?:Windows-Store|WindowsAzure-Diagnostics\/(?:GuestAgent|Heartbeat))/;
next if $SourceName eq "Microsoft-Windows-SettingSync/Debug";
next if $Application =~ /^Microsoft-Windows-SettingsSync/;
next if $Application eq "Windows-ApplicationModel-Store-SDK";
@@ -78,20 +78,26 @@
if (my ($ClientName, $UserName, $ShareName) = ($ExpandedString =~ /The
share denied access to the client.*Client Name: (.*) Client Address: .* User
Name: (.*) Session ID: .* Share Name: (.*) Share Path:/)) {
$ExpandedString = "Access denied to share $ShareName by $UserName
from $ClientName";
}
+ } elsif ($Application eq "Microsoft-Windows-StorPort") {
+ next if $ExpandedString =~ /^The miniport logged an event\.$/;
+ } elsif ($Application eq "Microsoft-Windows-TaskScheduler") {
+ next if $ExpandedString =~ /^Task Scheduler did not launch task .*
because user .* was not logged on when the launching conditions were met/;
+ next if $ExpandedString =~ /^Task Scheduler queued instance .* of task/;
}
# Modify some items that prevent de-duplication
if ($Detail < 10) {
$ExpandedString =~ s/(Task-S-)[0-9-]+/$1XXX/g;
- $ExpandedString =~ s/(guid:|GUID:|Guid:|Guid is|KEY:|known
folder|interface|PRINTENUM\\)( ?\{)[0-9A-Fa-f-]+\}/$1${2}XXX}/g;
+ $ExpandedString =~ s/(guid:|GUID:|Guid:|Guid is|KEY:|known
folder|interface|PRINTENUM\\|TransactionId:)( ?\{)[0-9A-Fa-f-]+\}/$1${2}XXX}/g;
$ExpandedString =~ s/(ClientProcessId
=|ElapsedTime\(ms\):|NextScheduled\S+|Process ID:?|PID|Transaction [^:]*Time
\(msec\):|Try) \d+/$1 XXX/g;
$ExpandedString =~ s/[\d.]+ (milli|)seconds/XXX $1seconds/g;
$ExpandedString =~ s,\d{4}/\d\d/\d\d
\d\d:\d\d:\d\d(?:\.\d+)?,TIMESTAMP,g;
- $ExpandedString =~
s,\d{4}-\d\d-\d\dT\d\d:\d\d:\d\d(?:\.\d+)?Z?,TIMESTAMP,g;
- $ExpandedString =~ s/(Hash|Message ID|Session ID):(
?0x)[0-9A-F]{2,16}/$1:${2}XXXX/g;
+ $ExpandedString =~ s,\d{4}-\d\d-\d\d[T
]\d\d:\d\d:\d\d(?:\.\d+)?Z?,TIMESTAMP,g;
+ $ExpandedString =~ s/(ddress|Hash|Message ID|offset|Session ID):(
?0x)[0-9A-Fa-f]{2,16}/$1:${2}XXXX/g;
$ExpandedString =~ s/\d+ms/Xms/g;
$ExpandedString =~ s/nstance "\{[^}]+\}"/nstance XXXX/g;
- $ExpandedString =~ s/(adalCorrelationId|client|ID \(request\)):
[0-9a-f-]+/$1: XXXX/g;
+ $ExpandedString =~ s/location [0-9a-f]{40}/location XXXX/g;
+ $ExpandedString =~ s/(adalCorrelationId|client|Correlation ID|ID
\(request\)|Trace ID): [0-9a-f-]+/$1: XXXX/g;
$ExpandedString =~ s/ddress: ([^:]+):\d+/ddress: $1:XXXXX/g;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/fail2ban
new/logwatch-7.9/scripts/services/fail2ban
--- old/logwatch-7.8/scripts/services/fail2ban 2022-08-22 19:29:19.000000000
+0200
+++ new/logwatch-7.9/scripts/services/fail2ban 2023-07-22 18:26:37.000000000
+0200
@@ -30,6 +30,7 @@
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my $IgnoreHost = $ENV{'sshd_ignore_host'} || "";
my $IgnoreFlushing = $ENV{'fail2ban_ignore_flushing'} || "";
+my $IgnoreLatency = $ENV{'fail2ban_ignore_latency'} || "^\$";
my $ErrLen = $ENV{'fail2ban_error_length'} || 80;
my $DebugCounter = 0;
my $ReInitializations = 0;
@@ -42,6 +43,7 @@
my %NoticeList = ();
my %OtherList = ();
my %Flushing = (); # keep track of which services being flushed
+my %LatencyIssues = ();
my %ServicesBans = ();
my %ServicesFound = ();
@@ -109,6 +111,9 @@
$ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++;
} elsif ( ($Service,$Host) = ($ThisLine =~
m/(?:INFO|WARNING|NOTICE)\s*\[(.*)\]\s*(\S+)\s*already banned/)) {
$ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++;
+ } elsif ( ($Service,$Message) = ($ThisLine =~ m/WARNING\s*\[(.*)\].*
(latency problem|timing issue)/)) {
+ next if $Service =~ /$IgnoreLatency/;
+ $LatencyIssues{$Service}++ if $Message eq "latency problem";
} elsif ( ($Service,$Host) = ($ThisLine =~ m/ WARNING:\s(.*):\sReBan
(\S+)/)) {
$ServicesBans{$Service}{$Host}{'ReBan'}++;
} elsif ($ThisLine =~ / ERROR:?\s*(Execution of command )?\'?iptables/) {
@@ -248,6 +253,13 @@
}
}
+if (keys %LatencyIssues) {
+ printf("\nJails with latency issues:\n");
+ foreach my $service (sort {$a cmp $b} keys %LatencyIssues) {
+ printf(" $service: %d Times\n", $LatencyIssues{$service});
+ }
+}
+
if (keys(%InfoList) && $Detail>5) {
print "\nInformational Messages:\n";
foreach my $line (sort {$a cmp $b} keys %InfoList) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/kernel
new/logwatch-7.9/scripts/services/kernel
--- old/logwatch-7.8/scripts/services/kernel 2022-12-22 22:37:31.000000000
+0100
+++ new/logwatch-7.9/scripts/services/kernel 2023-07-22 18:26:37.000000000
+0200
@@ -27,9 +27,11 @@
use Logwatch ':ip';
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
+my $Ignore_cpu_throttled = $ENV{'ignore_cpu_throttled'} || 0;
my $Ignore_faults = $ENV{'ignore_faults'};
my $Ignore_rpcsec_expired = $ENV{'ignore_rpcsec_expired'} || 0;
my $Ignore_messages = $ENV{'kernel_ignore_messages'} || '^$';
+my $CPUThrottled = 0;
my %SYNflood = ();
my %RAIDErrors = ();
my %DRBDErrors = ();
@@ -72,6 +74,8 @@
my $Fullfrom = LookupIP($from);
my $Fullon = LookupIP($on);
$SYNflood{$Fullon}{$Fullfrom}++;
+ } elsif ($ThisLine =~ /temperature above threshold, cpu clock throttled/) {
+ $CPUThrottled++ if not $Ignore_cpu_throttled;
} elsif ($ThisLine =~ /continuing in degraded mode/) {
$RAIDErrors{$ThisLine}++;
} elsif ($ThisLine =~ /([^(]*)\[\d+\]: segfault at/) {
@@ -96,6 +100,12 @@
$DRBDErrors{$1}{"sock_sendmsg time expired"}++;
} elsif ($ThisLine =~ /(block drbd\d+): Began resync as
(SyncSource|SyncTarget)/) {
$DRBDErrors{$1}{"Began resync as $2"}++;
+ } elsif ( $ThisLine =~ /raid.*CRIT/) {
+ # kernel: megaraid_sas 0000:88:00.0: 781934 (727946738s/0x0004/CRIT) -
Enclosure PD 08(c Port 0 - 3/p1) phy bad for slot 19
+ # de-dupe
+ $ThisLine =~ s/: \d+ /: /;
+ $ThisLine =~ s/\(\d+s\//(Xs\//;
+ $Errors{$ThisLine}++;
} elsif ( ( $errormsg ) = ( $ThisLine =~ /(.*?error.{0,17})/i ) ) {
# filter out smb open/read errors cased by insufficient permissions
my $SkipError = 0;
@@ -263,6 +273,10 @@
}
}
+if ($CPUThrottled) {
+ print "\nWARNING: CPU Package temperature above threshold, cpu clock
throttled $CPUThrottled Time(s)\n";
+}
+
# OTHER
if ( ($Detail >= 5) and (keys %Kernel) ) {
print "\n";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/lvm
new/logwatch-7.9/scripts/services/lvm
--- old/logwatch-7.8/scripts/services/lvm 2022-01-16 17:06:58.000000000
+0100
+++ new/logwatch-7.9/scripts/services/lvm 2023-07-22 18:26:37.000000000
+0200
@@ -46,6 +46,8 @@
$ThisLine =~ s/^ *//;
if ($ThisLine =~ /^pvscan\[\d+\] PV .* online(?:|, VG .* is complete)\.$/
or $ThisLine =~ /pvscan\[\d+\] activating all complete VGs for init/
+ or $ThisLine =~ /pvscan\[\d+\] PVID .* read from .* last written to/
+ or $ThisLine =~ /pvscan\[\d+\] VG .* not using quick activation/
or $ThisLine =~ /pvscan\[\d+\] VG .* run autoactivation/
# This happens often at startup
or $ThisLine =~ /WARNING: lvmetad is being updated, retrying/
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/mdadm
new/logwatch-7.9/scripts/services/mdadm
--- old/logwatch-7.8/scripts/services/mdadm 2022-01-01 22:16:17.000000000
+0100
+++ new/logwatch-7.9/scripts/services/mdadm 2023-07-22 18:26:37.000000000
+0200
@@ -36,7 +36,7 @@
if (
open($mdadm, "<", "/etc/mdadm.conf") or
open($mdadm, "<", "/etc/mdadm/mdadm.conf") or
- open($mdadm, "<", "mdadm --detail --scan 2>/dev/null|")) {
+ open($mdadm, "-|", "mdadm --detail --scan")) {
while (<$mdadm>) {
if (/^ARRAY/) {
push(@devices,(split())[1]);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/named
new/logwatch-7.9/scripts/services/named
--- old/logwatch-7.8/scripts/services/named 2023-01-16 02:02:10.000000000
+0100
+++ new/logwatch-7.9/scripts/services/named 2023-07-22 18:26:37.000000000
+0200
@@ -69,7 +69,8 @@
%LimitSlip, %NError, %NUR,
%NoSOA, %OtherList, %StartLog,
%UnknownCCCommands, %BadCookie, %Timeout,
-%LoopDetected, %MissingCookie,
+%LoopDetected, %MissingCookie, %FormatError,
+%Rewrites, %PolicyZoneChanged,
);
# Avoid "Use of uninitialized value" warning messages.
sub ValueOrDefault {
@@ -287,6 +288,8 @@
$ZoneLoaded{"secondary $Zone"}++;
} elsif ( ($Zone) = ( $ThisLine =~ /slave zone \"(.+)\" .* loaded/ ) ) {
$ZoneLoaded{"secondary $Zone"}++;
+ } elsif ( ($Zone) = ( $ThisLine =~ /loading policy zone '(.+)' changed/ ) )
{
+ $PolicyZoneChanged{$Zone}++;
} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+): expired/ ) ) {
$ZoneExpired{$Zone}++;
} elsif ( ($Zone) = ( $ThisLine =~ /zone (.+): loaded serial/ ) ) {
@@ -335,6 +338,8 @@
} elsif ( ($Client) = ( $ThisLine =~ /client (?:\@0x[0-9a-fA-F]+
)?([^#]*)(#\d+)?(?: \(.*\))?: query '.*' denied/ ) ) {
my $FullClient = LookupIP ($Client);
$DeniedQueryNoCache{$FullClient}++;
+ } elsif ( ($Entry) = ($ThisLine =~ / rewrite (\S+) /) ) {
+ $Rewrites{$Entry}++;
} elsif ( ($Rhost, $ViewName, $Ldom) = ($ThisLine =~ /client
(?:\@0x[0-9a-fA-F]+ )?([\.0-9a-fA-F:]+)#\d+: (?:view (\w+): )?update '(.*)'
denied/)) {
$ViewName = ($ViewName ? "/$ViewName" : "");
$UpdateDenied{"$Rhost ($Ldom$ViewName)"}++;
@@ -368,10 +373,15 @@
# Remove port number, for proper IP sorting
$Host =~ s/#.*//;
$UnexpRCODE{$Rcode}{$Zone}{$Host}++;
- } elsif ( ($ThisLine =~ /(?:error \()?FORMERR\)? resolving '[^ ]+:
[.0-9a-fA-F:#]+/) or
- ($ThisLine =~ /DNS format error from [^ ]+ resolving [^ ]+( for(
client)? [^ ]+)?: .*/) ) {
+ } elsif ( ($Problem,$Addr,$Server) = ($ThisLine =~ /((?:error
\()??FORMERR\)? resolving) '([^ \/]+)(?:\/[^ ]+)?': ([.0-9a-fA-F:]+)(?:#\d+)?/)
) {
+ $FormatError{$Problem}{$Addr}{$Server}++;
+ } elsif ($ThisLine =~ /(?:error \()?FORMERR\)? resolving .*/) {
chomp($ThisLine);
$FormErr{$ThisLine}++;
+ } elsif ( ($Server,$Addr,$Host,$Problem) = ($ThisLine =~ /DNS format error
from ([.0-9a-fA-F:]+)(?:#\d+)? resolving ([^ \/]+)(?:\/[^ ]+)? for(?: client)?
([^ #]+)(?:#\d+)?: (.*) -- invalid response/) ) {
+ $FormatError{$Problem}{$Addr}{$Server}++;
+ } elsif ( ($Server,$Addr,$Host,$Problem) = ($ThisLine =~ /DNS format error
from ([.0-9a-fA-F:]+)(?:#\d+)? resolving ([^ \/]+)(?:\/[^ ]+)? for(?: client)?
([^ #]+)(?:#\d+)?: (.*)/) ) {
+ $FormatError{$Problem}{$Addr}{$Server}++;
} elsif ( ($ThisLine =~ /found [0-9]* CPU(s)?, using [0-9]* worker
thread(s)?/) ) {
chomp($ThisLine);
$StartLog{$ThisLine}++;
@@ -641,6 +651,13 @@
}
}
+if ( ( $Detail >= 5 ) and (keys %PolicyZoneChanged) ) {
+ print "\nPolicy Zone Changes:\n";
+ foreach my $ThisOne (sort {$a cmp $b} keys %PolicyZoneChanged) {
+ print " $ThisOne: $PolicyZoneChanged{$ThisOne} Time(s)\n";
+ }
+}
+
if ( ( $Detail >= 5 ) and (keys %ZoneReceivedNotify) ) {
print "\nZones receiving notify:\n";
foreach my $ThisOne (sort {$a cmp $b} keys %ZoneReceivedNotify) {
@@ -689,6 +706,13 @@
}
}
+if ( ( $Detail >= 5 ) and (keys %Rewrites) ) {
+ print "\nLookup rewrites:\n";
+ foreach my $ThisOne (sort {$a cmp $b} keys %Rewrites) {
+ print " $ThisOne: $Rewrites{$ThisOne} Time(s)\n";
+ }
+}
+
if ( ( $Detail >= 5 ) and (keys %AXFR) ) {
print "\nZone Transfers:\n";
foreach my $ThisOne (keys %AXFR) {
@@ -876,6 +900,19 @@
}
}
+if (($Detail >= 5) and (keys %FormatError)) {
+ print "\nDNS Format Error:\n";
+ foreach my $Problem (sort {$a cmp $b} keys %FormatError) {
+ print " " . $Problem . ":\n";
+ foreach my $Addr (sort {$a cmp $b} keys %{$FormatError{$Problem}}) {
+ print " " . $Addr . ":\n";
+ foreach my $Server (sort SortIP keys
%{$FormatError{$Problem}{$Addr}}) {
+ print " " . $Server . ": " .
$FormatError{$Problem}{$Addr}{$Server} . " Time(s)\n";
+ }
+ }
+ }
+}
+
if (($Detail >= 10) and (keys %StartLog)) {
print "\nNamed startup logs:\n";
foreach my $ThisOne (keys %StartLog) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/nut
new/logwatch-7.9/scripts/services/nut
--- old/logwatch-7.8/scripts/services/nut 2023-01-03 07:23:15.000000000
+0100
+++ new/logwatch-7.9/scripts/services/nut 2023-07-22 18:26:37.000000000
+0200
@@ -28,6 +28,7 @@
my ($Hostname) = ($ENV{'HOSTNAME'} =~ /^([^.]+)/);
my $CannotConnectThreshold = $ENV{'cannot_connect_threshold'} || 0;
my %CannotConnect;
+my %Commands;
my %CommunicationLost;
my %CommunicationState;
my %Connected;
@@ -51,6 +52,7 @@
my $ups;
my $state;
my $user;
+ my $command;
if ($ThisLine =~ /^(?:nut-server|upsd): User .* logged out/
# CUPS matches our generous service regex
@@ -85,6 +87,8 @@
or $ThisLine =~ /^(?:nut-monitor|upsmon): UPS: \S+
\((?:master:primary)\)/
or $ThisLine =~ /^(?:nut-monitor|upsmon): UPS: \S+
\((?:slave:secondary)\)/
or $ThisLine =~ /^(?:nut-monitor|upsmon): Using power down flag file/
+ # This is going away -
https://bugzilla.redhat.com/show_bug.cgi?id=1608176
+ or $ThisLine =~ /^(?:nut-monitor|upsmon): wall: cannot get tty name:
Inappropriate ioctl for device/
or $ThisLine =~ /^upssched: (?:Cancelling|New) timer:/
or $ThisLine =~ /^upssched: Timer daemon started/
or $ThisLine =~ /^upssched: Timer queue empty/
@@ -98,6 +102,8 @@
# Ignore these
} elsif (($ups) = ($ThisLine =~ /^(?:nut-server|upsd): Can't connect to UPS
\[(\S+)\]/)) {
$CannotConnect{$ups}++;
+ } elsif (($user, $command, $ups) = ($ThisLine =~ /^(?:nut-server|upsd):
Instant command: (\S+) did (\S+) on (\S+)/)) {
+ $Commands{$ups}->{$user}->{$command}++;
} elsif (($ups) = ($ThisLine =~ /^(?:nut-server|upsd): Connected to UPS
\[(\S+)\]/)) {
$Connected{$ups}++;
} elsif (($ups) = ($ThisLine =~ /^(?:nut-monitor|upsmon): Communications
with UPS (\S+) lost/)) {
@@ -232,6 +238,20 @@
}
print "\n";
}
+
+if (keys %Commands and $Detail) {
+ print "Commands run:\n";
+ foreach my $ups (sort {$a cmp $b} keys %Commands) {
+ print " UPS $ups:\n";
+ foreach my $user (sort {$a cmp $b} keys %{$Commands{$ups}}) {
+ print " User $user:\n";
+ foreach my $command (sort {$a cmp $b} keys %{$Commands{$ups}{$user}})
{
+ print " $command: $Commands{$ups}->{$user}->{$command}
Time(s)\n";
+ }
+ }
+ }
+ print "\n";
+}
if (keys %Logins and ($Detail >= 10)) {
print "Logins:\n";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/postfix
new/logwatch-7.9/scripts/services/postfix
--- old/logwatch-7.8/scripts/services/postfix 2022-10-29 23:32:06.000000000
+0200
+++ new/logwatch-7.9/scripts/services/postfix 2023-07-22 18:26:37.000000000
+0200
@@ -1966,7 +1966,7 @@
return;
}
- if ($line =~ m{^\Q550 Please see
http://www.openspf.\E(?:org|net)/Why\?(.*)$}) {
+ if ($line =~ m{^550(?: \d\.\d\.\d+)? Please see
http://www.openspf.(?:org|net)/Why\?(.*)$}) {
# Policy action=550 Please see
http://www.openspf.org/Why?s=mfrom&id=from%40example.com&ip=10.0.0.1&r=example.net
# Policy action=550 Please see
http://www.openspf.org/Why?s=helo;id=mailout03.example.com;ip=192.168.0.1;r=mx1.example.net
# Policy action=550 Please see
http://www.openspf.org/Why?id=someone%40example.com&ip=10.0.0.1&receiver=vps.example.net
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/sendmail
new/logwatch-7.9/scripts/services/sendmail
--- old/logwatch-7.8/scripts/services/sendmail 2021-12-20 05:48:38.000000000
+0100
+++ new/logwatch-7.9/scripts/services/sendmail 2023-07-22 18:26:37.000000000
+0200
@@ -28,6 +28,7 @@
use Logwatch ':sort';
use Errno;
+use POSIX qw(strerror);
# PrettyHost decomposes host names and IP addresses and
# formats them to align vertically
@@ -115,13 +116,14 @@
# The following variables are auto-increment counts, so are initialized
my $AddrRcpts = my $BytesTransferred = my $CantCreateOutput =
-my $DaemonThrottle = my $LoadAvgQueueSkip = my $LoadAvgReject =
-my $MsgsNoRcpt =
+my $DaemonThrottle = my $Errno =
+my $LoadAvgQueueSkip = my $LoadAvgReject = my $MsgsNoRcpt =
my $MsgsSent = my $NoMilterFilters = my $NoMoreSpace =
my $OutdatedAliasdb =
my $OverSize = my $OverSizeBytes = my $RelayLocalhost =
my $RemoteProtocolError =my $SendmailStarts =
-my $SendmailStopped = my $TooManyRcpts = my $XS4ALL =
+my $SendmailStopped = my $TLSPeerReset =
+my $TooManyRcpts = my $XS4ALL =
0;
@@ -184,7 +186,8 @@
%StarttlsCipher, %StatDeferred, %StatFileError,
%StatRejected, %StatRejectedLog,
%SysErr, %Timeouts, %TLSAcceptFailed,
-%TLSConnectFailed, %TLSFileMissing, %ToList,
+%TLSConnectFailed, %TLSErrno,
+%TLSFileMissing, %ToList,
%TooManyHops, %UnknownUsers, %UnknownUsersCheckRcpt,
%WUnsafe
);
@@ -382,10 +385,11 @@
# connection is already closed by the other side
# file=tls.c, LogLevel>11, LOG_WARNING
( $ThisLine =~ /^STARTTLS=(server|client), SSL_shutdown failed/ ) or
- # and similarly, an SSL write may fail because the remote host shuts down
- # the connection first (ECONNRESET refers to "Connection reset by peer")
- # file=sfsasl.c, LogLevel>8, LOG_WARNING
- ( $ThisLine =~ /^STARTTLS: write error=syscall error \(-1\),
errno=${\Errno::ECONNRESET}/ ) or
+ # for reads, the timeout is later captured by either a "lost channel" or
+ # a "collect: I/O error" statement, so we ignore the STARTTLS one
+ # and similarly for a read timeout
+ # file=sfsasl.c, LogLevel>7, LOG_WARNING
+ ( $ThisLine =~ /^STARTTLS: read error=timeout$/ ) or
# file=srvsmtp.c, LogLevel>5, LOG_WARNING
( $ThisLine =~ /^STARTTLS=server, error: accept failed=-1,
reason=unknown, SSL_error=5, errno=${\Errno::ECONNRESET}, retry=/ ) or
# and yet another symptom of a connection shut down (EPIPE refers to
"Broken pipe")
@@ -744,17 +748,34 @@
} elsif ( $ThisLine =~ /Milter: no active filter/) {
$NoMilterFilters++;
# file=srvrsmtp.c
- } elsif ( ($Temp) = ($ThisLine=~ /\-\-\- 500 5\.5\.1 Command unrecognized:
\"(.*)\"/) ) {
- # first we try to delete it from the list of Unmatched Entries
- $Temp1 = "<--";
- # this also accounts for an empty command
- if ($Temp) {$Temp1 .= " $Temp";}
+ } elsif ( ($Temp) = ($ThisLine=~ /\-\-\- 500 5\.5\.1 Command unrecognized:
\"([^\"]*)/) ) {
+ chomp($Temp);
+ # And we write it like the incoming SMTP command, so we can later
+ # check it against unmatched entries ($OtherList).
+ $Temp1 = "<-- $Temp";
+ # It uses "..." to indicate shortened strings, so we ignore the
+ # rest of the line.
+ $Temp1 =~ s/\.\.\..*//;
+ # We normalize tab, newline, and return to use their octal values,
+ # as sendmail converts escaped octals.
+ $Temp1 =~ s/\\t/\\011/g;
+ $Temp1 =~ s/\\n/\\012/g;
+ $Temp1 =~ s/\\r/\\015/g;
+ # Remove non-printable space(s) at the end
+ $Temp1 =~ s/\s*$//;
+ # we try to delete it from the list of Unmatched Entries
if (defined $OtherList{$Temp1}) {
if ($OtherList{$Temp1} == 1) {
delete ($OtherList{$Temp1});
- } else {
+ } elsif ($OtherList{$Temp1} > 1) {
$OtherList{$Temp1}--;
+ } else {
+ # This should not happen. So we punt it to the
+ # OtherList to be printed at the end.
+ $OtherList{"Command unrecognized: " . $Temp}++;
}
+ } else {
+ $OtherList{$Temp1}++;
}
# Ignore commands from connects that failed greeting
if (not defined $PREGreetingQueue{$QueueID}) {
@@ -762,7 +783,7 @@
$CommandUnrecognized{$QueueID} = "";
}
if ($Temp =~ /^$/) { $Temp = "<Empty Line>"};
- $CommandUnrecognized{$QueueID} = $CommandUnrecognized{$QueueID} .
"\t" . $Temp . "\n";
+ $CommandUnrecognized{$QueueID} .= "\t" . $Temp . "\n";
}
# similarly, delete last unmatched entry when too many bad commands
} elsif ( $ThisLine =~ /^--- 421 4\.\d\.\d .* Too many bad commands;
closing connection$/) {
@@ -777,7 +798,7 @@
} elsif ( ( $Host ) = ($ThisLine =~ /(.*) (\(may be forged\) )?did not
issue MAIL\/EXPN\/VRFY\/ETRN during connection to /) ) {
# we test if they previously sent junk, because the connection is
expected to fail
if (defined $CommandUnrecognized{$QueueID}) {
- $CommandUnrecognized{$QueueID} = $CommandUnrecognized{$QueueID} . "
... and then exited without communicating\n";
+ $CommandUnrecognized{$QueueID} .= " ... and then exited without
communicating\n";
} else {
$DummyConnection{$Host}++;
}
@@ -891,6 +912,16 @@
$Starttls{$StarttlsMode}{'Other'}++;
}
$StarttlsCipher{"Cipher: " . $StarttlsCipherType . " Bits: " .
$StarttlsNumBits}++;
+ # We capture only certain STARTTLS errors. Currently, only EPIPE (broken
pipe) and
+ # ECONNRESET (connection reset by peer).
+ # Not strictly a STARTTLS error, but it happens when a client ungracefully
+ # exits during a STARTTLS exchange, often after actually delivering mail.
+ # But we make a note of it, anyway. Unfortunately, there is no QueueID.
+ # We might add more errnos in the future, but need to make sure they are not
+ # due to a problem that can be resolved.
+ # file=sfsasl.c, LogLevel>7, LOG_WARNING
+ } elsif ( ($Errno) = ($ThisLine =~ /^STARTTLS: (?:read|write) error=syscall
error \(-1\),
errno=(${\Errno::EPIPE}|${\Errno::ECONNRESET}|${\Errno::ETIMEDOUT}), / )) {
+ $TLSErrno{$Errno}++;
# file=queue.c, LogLevel>-1, LOG_ALERT
} elsif ( ($Reason) = ($ThisLine=~ /^Losing (.*)/ ) ) {
$LostQueueFile{$Reason}++;
@@ -1046,30 +1077,63 @@
# the following is the catch-all:
} elsif ( ($Milter,$Error) = ($ThisLine =~ /^Milter \((.*)\): (.+)/) ) {
$MilterErrors{$Milter}{$Error}++;
+ } elsif ( $ThisLine =~ /$QueueIDFormat\[[2-9]\]: / ) {
+ # For very large input command lines (hundreds of
+ # characters), sendmail breaks them down and puts an
+ # index after the QueueID when echoing in debug mode
+ # (level > 14). So we'll process the first one, and
+ # ignore the other ones.
} else {
$ThisLine =~ s/.*\: (DSN\: .*)/$1/;
$ThisLine =~ s/.*\: (postmaster notify\: .*)/$1/;
chomp($ThisLine);
# Report any unmatched entries...
- if ($ThisLine =~ /^<-- /) {
- # sendmail converts some characters, so we do the same
+
+ # Remove any whitespace at the end
+ $ThisLine =~ s/\s*$//;
+
+ # For the very first of the very long debug echo lines,
+ # handle the case of the first indexed QueueID.
+ $ThisLine =~ s/${QueueIDFormat}\[1\]: <-- /<-- /;
+ if ($ThisLine =~ /<--/) {
+ # We got here because these are unmatched entries. Often it
+ # is because a client sends binary code when it shouldn't.
+ # When sendmail reads SMTP commands, it converts these
+ # non-printable characters into escaped sequences, so we do
+ # the same here.
+ # First, we deal with the special case of a string containing
+ # \200, as it becomes a null character, terminating the string.
+ #$ThisLine =~ s/(.*)\\200(.*)/$1\\0/g;
+ $ThisLine =~ s/\\200(.*)//;
$ThisLine =~ s/\\([23]\d{2})/
# clear the most significant bit if set
my $tempchar = oct($1 - 200);
- # if the new value is a printable ASCII character, print it
- if (($tempchar >= 32) && ($tempchar != 127)) {
+ if ($tempchar == 92) {
+ # backslash is escaped with another backslash
+ sprintf("\\\\");
+ } elsif (($tempchar >= 32) && ($tempchar != 127)) {
+ # if the new value is a printable ASCII character, print it
chr($tempchar);
} else {
# if not printable ASCII, leave as octal code
- sprintf("\\%o", $tempchar);
+ sprintf("\\%03o", $tempchar);
}/eg;
+ # When a string has embedded double-quotes, sendmail stops processing.
+ $ThisLine =~ s/".*//;
+ # We normalize tab, newline, and return to octal values
+ $ThisLine =~ s/\\t/\\011/g;
+ $ThisLine =~ s/\\n/\\012/g;
+ $ThisLine =~ s/\\r/\\015/g;
+ # Remove non-printable space(s) at the end
+ $ThisLine =~ s/\s*$//;
}
- # store last unmatched entry, in case it is needed later. But note that
some
+ $OtherList{$ThisLine}++;
+ # Store last unmatched entry, in case it is needed later. But note that
some
# statements have no QueueID.
if (defined $QueueID) {
$LastCmd{$QueueID} = $ThisLine;
}
- $OtherList{$ThisLine}++;
+
}
}
@@ -1510,6 +1574,16 @@
}
$TotalError[++$ErrorIndex] = 0;
+if (keys %TLSErrno) {
+ eval "$PrintCond" if ($Detail >= 3);
+ print "\n\nSTARTTLS Errors" if ($Detail >= 3);
+ foreach $Errno (sort {$a <=> $b} keys %TLSErrno) {
+ PrettyTimes(" Error Code " . sprintf("%3d: ", $Errno) .
strerror($Errno), $TLSErrno{$Errno}) if ($Detail >=5);
+ $TotalError[$ErrorIndex] += $TLSErrno{$Errno};
+ }
+}
+$TotalError[++$ErrorIndex] = 0;
+
if (keys %BadAuth) {
eval "$PrintCond" if ($Detail >= 3);
print "\n\nBad AUTH mechanism requests" if ($Detail >= 3);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/snort
new/logwatch-7.9/scripts/services/snort
--- old/logwatch-7.8/scripts/services/snort 1970-01-01 01:00:00.000000000
+0100
+++ new/logwatch-7.9/scripts/services/snort 2023-07-22 18:26:37.000000000
+0200
@@ -0,0 +1,185 @@
+#!/usr/bin/perl
+
+########################################################
+# Please file all bug reports, patches, and feature
+# requests under:
+# https://sourceforge.net/p/logwatch/_list/tickets
+# Help requests and discusion can be filed under:
+# https://sourceforge.net/p/logwatch/discussion/
+########################################################
+
+##########################################################################
+#
+# Logwatch service for snort log
+#
+# Processes all messages and summarizes them
+# Each message is given with a timestamp and RMS
+#
+########################################################
+# (C) 2023 by MigOps Inc - https://www.migops.com/
+# written by Gilles Darold.
+#
+########################################################
+## Covered under the included MIT/X-Consortium License:
+## http://www.opensource.org/licenses/mit-license.php
+## All modifications and contributions by other persons to
+## this script are assumed to have been donated to the
+## Logwatch project and thus assume the above copyright
+## and licensing terms. If you want to make contributions
+## under your own copyright or a different license this
+## must be explicitly stated in the contribution and the
+## Logwatch project reserves the right to not accept such
+## contributions. If you have made significant
+## contributions to this script and want to claim
+## copyright please contact logwatch-de...@lists.sourceforge.net.
+########################################################
+
+use strict;
+use Logwatch ':dates';
+use Time::Local;
+use POSIX qw(strftime);
+
+# Allow timestamp from two different logfile format: syslog and stderr
+my $date_format1 = '%m/%d-%H:%M:%S';
+my $filter1 = TimeFilter($date_format1);
+
+
+# Allow summarization of WARNING and HINT too if wanted
+my $detail = exists $ENV{'LOGWATCH_DETAIL_LEVEL'} ?
$ENV{'LOGWATCH_DETAIL_LEVEL'} : 0;
+
+# Used to replace the month trigram into the syslog timestamp
+my %month2num = ( Jan => 0, Feb => 1, Mar => 2, Apr => 3,
+ May => 4, Jun => 5, Jul => 6, Aug => 7,
+ Sep => 8, Oct => 9, Nov => 10, Dec => 11 );
+
+# Array of the relevant lines in the log file.
+# First element: type of event
+# Second element: matching regexp ($1 should contain the message)
+# Third element: anonymous hash ref (stores message counts)
+my @message_categories = (
+ ['Priority 5', qr/\[\*\*\] \[\d+:\d+:\d+\] (.*?) \[\*\*\](?:
\[(Classification: [^\]]+)\])? \[Priority: 5\] (?:\{([^\}]+)\})?/o, {}],
+ ['Priority 4', qr/\[\*\*\] \[\d+:\d+:\d+\] (.*?) \[\*\*\](?:
\[(Classification: [^\]]+)\])? \[Priority: 4\] (?:\{([^\}]+)\})?/o, {}],
+ ['Priority 3', qr/\[\*\*\] \[\d+:\d+:\d+\] (.*?) \[\*\*\](?:
\[(Classification: [^\]]+)\])? \[Priority: 3\] (?:\{([^\}]+)\})?/o, {}],
+);
+
+if ($detail)
+{
+ # Add more log information
+ push(@message_categories,
+ ['Priority 2', qr/\[\*\*\] \[\d+:\d+:\d+\] (.*?) \[\*\*\](?:
\[(Classification: [^\]]+)\])? \[Priority: 2\] (?:\{([^\}]+)\})?/o, {}],
+ );
+ if ($detail > 5)
+ {
+ push(@message_categories,
+ ['Priority 1', qr/\[\*\*\] \[\d+:\d+:\d+\] (.*?)
\[\*\*\](?: \[(Classification: [^\]]+)\])? \[Priority: 1\] (?:\{([^\}]+)\})?/o,
{}],
+ );
+ }
+}
+
+# Set the current year as syslog don't have this information.
+my $cur_year = (localtime(time))[5];
+
+# Parse messages from stdin
+while (my $line = <>)
+{
+ # skipping messages that are not within the requested range
+ next unless $line =~ /^($filter1)/o;
+
+ my $datetime = $1;
+ my $time = '';
+ # Date/time format differ following the log_destination (stderr or syslog)
+ if ($datetime =~ /(\d{2})\/(\d{2})-(\d+):(\d+):(\d+)/) {
+ $time = timelocal($5, $4, $3, $2, $1-1, $cur_year);
+ }
+
+ foreach my $cur_cat (@message_categories)
+ {
+ if ($line =~ /$cur_cat->[1]/)
+ {
+ my $msgs = $cur_cat->[2];
+ my $rule = $1;
+ my $class = $2;
+ my $priority = $3;
+ my $key = "$rule" || $priority;
+ $key .= ", $priority" if ($priority && $rule);
+ $msgs->{$key} = {
+ count => '0',
+ first_occurrence => $time,
+ sum => 0,
+ sqrsum => 0
+ } unless exists $msgs->{$key};
+
+ $msgs->{$key}->{'count'}++;
+
+ # summing up timestamps and squares of timestamps
+ # in order to calculate the rms
+ # using first occurrence of message as offset in calculation to
+ # prevent an integer overflow
+ $msgs->{$key}->{'sum'} += $time -
$msgs->{$key}->{'first_occurrence'};
+ $msgs->{$key}->{'sqrsum'} += ($time -
$msgs->{$key}->{'first_occurrence'}) ** 2;
+ last;
+ }
+ }
+}
+
+
+# generating summary
+foreach my $cur_cat (@message_categories)
+{
+ # skipping non-requested message types
+ next unless keys %{$cur_cat->[2]};
+
+ my ($name, undef, $msgs) = @{$cur_cat};
+ print $name, ":\n";
+ print '-' x (length($name)+1), "\n";
+ my $last_count = 0;
+
+ # sorting messages by count
+ my @sorted_msgs = sort { $msgs->{$b}->{'count'} <=> $msgs->{$a}->{'count'}
} keys %{$msgs};
+
+ foreach my $msg (@sorted_msgs)
+ {
+ # grouping messages by number of occurrence
+ print "\n", $msgs->{$msg}->{'count'}, " times:\n" unless $last_count ==
$msgs->{$msg}->{'count'};
+ my $rms = 0;
+
+ # printing timestamp
+ print '[';
+
+ if($msgs->{$msg}->{'count'} > 1) {
+ # calculating rms
+ $rms = int(sqrt(
+ ($msgs->{$msg}->{'count'} *
+ $msgs->{$msg}->{'sqrsum'} -
+ $msgs->{$msg}->{'sum'}) /
+ ($msgs->{$msg}->{'count'} *
+ ($msgs->{$msg}->{'count'} - 1))));
+
+ print strftime($date_format1,
localtime($msgs->{$msg}->{'first_occurrence'}+int($rms/2)));
+
+ print ' +/-';
+
+ # printing rms
+ if($rms > 86400) {
+ print int($rms/86400) , ' day(s)';
+ } elsif($rms > 3600) {
+ print int($rms/3600) , ' hour(s)';
+ } elsif($rms > 60) {
+ print int($rms/60) , ' minute(s)';
+ } else {
+ print $rms, ' seconds';
+ }
+ }
+ else
+ {
+ # we have got this message a single time
+ print strftime($date_format1,
localtime($msgs->{$msg}->{'first_occurrence'}));
+ }
+
+ print '] ', $msg, "\n";
+ $last_count = $msgs->{$msg}->{'count'};
+ }
+
+ print "\n";
+}
+
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/sudo
new/logwatch-7.9/scripts/services/sudo
--- old/logwatch-7.8/scripts/services/sudo 2023-01-16 02:02:10.000000000
+0100
+++ new/logwatch-7.9/scripts/services/sudo 2023-07-22 18:26:37.000000000
+0200
@@ -45,8 +45,9 @@
my $CmdsThresh = $ENV{'command_run_threshold'} || 0;
my %IgnoreCmds;
-my ($user, $error, $tty, $dir, $euser, $egroup, $cmd, $args);
-my (%ConFailed);
+my ($user, $error, $tty, $dir, $euser, $egroup, $tsid, $cmd, $args);
+my %ConFailed;
+my %ParseErrors;
my $contlines = 0;
my $argsprinted = 0;
@@ -72,7 +73,9 @@
# Ignore
} elsif ($ThisLine =~ /(.+): conversation failed/) {
$ConFailed{$1}++;
- } elsif ( ($user, $error, $tty, $dir, $euser, $egroup, $cmd, $args) =
$ThisLine =~ m/^\s*(\S+) : ([^=]+; )?(?:TTY=(\S+) ; )?PWD=(.*?) ; USER=(\S+)
;(?: GROUP=(\S+) ;)? COMMAND=(\S+)( ?.*)/) {
+ } elsif ($ThisLine =~ /parse error in (.*)/) {
+ $ParseErrors{$1}++;
+ } elsif ( ($user, $error, $tty, $dir, $euser, $egroup, $tsid, $cmd, $args)
= $ThisLine =~ m/^\s*(\S+) : ([^=]+; )?(?:TTY=(\S+) ; )?PWD=(.*?) ; USER=(\S+)
;(?: GROUP=(\S+) ;)?(?: TSID=(\S+) ;)? COMMAND=(\S+)( ?.*)/) {
next if (defined($IgnoreCmds{$user}{$euser}) && $cmd =~
join("|",@{$IgnoreCmds{$user}{$euser}}));
next if (defined($IgnoreCmds{'any'}{$euser}) && $cmd =~
join("|",@{$IgnoreCmds{'any'}{$euser}}));
next if (defined($IgnoreCmds{$user}{'any'}) && $cmd =~
join("|",@{$IgnoreCmds{$user}{'any'}}));
@@ -91,6 +94,15 @@
}
}
+if (keys %ParseErrors) {
+ print "\nConfiguration parse errors:";
+ print "\n---------------------------";
+ foreach my $error (sort keys %ParseErrors) {
+ printf "\n%-30s - %3i Time(s)", $error, $ParseErrors{$error};
+ }
+ print "\n";
+}
+
foreach my $user (sort keys %byUser) {
foreach my $euser (sort keys %{$byUser{$user}}) {
print "\n$user => $euser\n", "-" x length("$user => $euser"), "\n";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/logwatch-7.8/scripts/services/zz-sys
new/logwatch-7.9/scripts/services/zz-sys
--- old/logwatch-7.8/scripts/services/zz-sys 2021-12-26 20:59:07.000000000
+0100
+++ new/logwatch-7.9/scripts/services/zz-sys 2023-07-22 18:26:37.000000000
+0200
@@ -9,14 +9,6 @@
########################################################
-# This script prints out information about the CPU(s) and physical memory.
-# It obtains the information from the Sys::CPU and Sys::MemInfo perl modules,
-# so these must be installed.
-
-# Note that the number of CPUs is not the number of physical CPU chips;
-# CPUs with Hyperthreading or multiple cores affect the number of CPUs
-# displayed.
-
#######################################################
## Copyright (c) 2008 Laurent Dufour
## Covered under the included MIT/X-Consortium License:
@@ -34,33 +26,45 @@
#########################################################
use strict;
-eval "require Sys::CPU";
-if ($@) {
- print STDERR "No Sys::CPU module installed. To install, execute the
command:\n";
- print STDERR " perl -MCPAN -e 'install Sys::CPU' \n\n";
-} else {
- import Sys::CPU;
- print " CPU: " . Sys::CPU::cpu_count() . " " . Sys::CPU::cpu_type() .
" at " . Sys::CPU::cpu_clock() . "MHz\n";
-}
-
use POSIX qw(uname);
+
+my %CPUModel;
+my $Model;
+
my ($OSname, $hostname, $release, $version, $machine) = POSIX::uname();
print " Machine: $machine\n";
my $OStitle;
$OStitle = $OSname;
$OStitle = "Solaris" if ($OSname eq "SunOS" && $release >= 2);
-print " Release: $OStitle $release\n";
+print (" Release: $OStitle $release\n");
+
+if (open FH, '<', '/proc/cpuinfo') {
+ while (<FH>) {
+ if (($Model) = $_ =~ /^model name\s*: (.*)$/) {
+ $CPUModel{$Model}++;
+ }
+ }
+ close(FH);
+}
+
+if (keys %CPUModel) {
+ print ("\n CPU Model(s):");
+ foreach my $cpu (keys %CPUModel) {
+ print ("\n CPU Model: $cpu: $CPUModel{$cpu} processors");
+ }
+}
+print ("\n\n");
-eval "require Sys::MemInfo";
-if ($@) {
- print STDERR "No Sys::MemInfo module installed. To install, execute the
command:\n";
- print STDERR " perl -MCPAN -e 'install Sys::MemInfo' \n\n";
-} else {
- import Sys::MemInfo qw(totalmem freemem totalswap freeswap);
- my $swapused = &totalswap - &freeswap;
- printf " Total Memory: %6d MB\n", ((&totalmem - (&totalmem %
(1024*1024))) / (1024*1024));
- printf " Free Memory: %6d MB\n", ((&freemem - (&freemem % (1024*1024)))
/ (1024*1024));
- printf " Swap Used: %6d MB\n", (($swapused - ($swapused %
(1024*1024))) / (1024*1024));
+if (open FH, '<', '/proc/meminfo') {
+ while (my $ThisLine = <FH>) {
+ if ($ThisLine =~ /^(Mem|Swap)(Total|Free)/) {
+ chomp ($ThisLine);
+ print (" " . $ThisLine);
+ my @fields = split(' ', $ThisLine);
+ printf (" (%.2f GB)\n", @fields[1]/(1024*1024));
+ }
+ }
+ close(FH);
}
# vi: shiftwidth=3 tabstop=3 syntax=perl et
