Your message dated Mon, 28 Feb 2005 17:02:11 -0500
with message-id <[EMAIL PROTECTED]>
and subject line Bug#293115: fixed in logwatch 5.2.2-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 1 Feb 2005 08:03:33 +0000
>From [EMAIL PROTECTED] Tue Feb 01 00:03:33 2005
Return-path: <[EMAIL PROTECTED]>
Received: from mallorn.ii.uj.edu.pl [149.156.65.90] (postfix)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1Cvt0X-0007Xr-00; Tue, 01 Feb 2005 00:03:33 -0800
Received: by mallorn.ii.uj.edu.pl (Postfix, from userid 1000)
id 3220EB1B; Tue, 1 Feb 2005 09:03:28 +0100 (CET)
Date: Tue, 1 Feb 2005 09:03:28 +0100
From: Piotr Krukowiecki <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: logwatch: Not matching size for apache
Message-ID: <[EMAIL PROTECTED]>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="C7zPtVaVf+AK4Oqc"
Content-Disposition: inline
X-Reportbug-Version: 3.2
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
--C7zPtVaVf+AK4Oqc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Package: logwatch
Version: 5.2.2-3
Severity: normal
Tags: patch
Hi
I'm using combined log format for apache:
LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"
\"%{forensic-id}n\"" combined
I think it was default format for apache and I didn't changed it.
Logwatch has regexp that doesn't look for forensic and because of that
it matches wrongly (http_rec and bytes_transferred)
log_fields = client_ip, ident, userid, timestamp, request, http_rc,
+bytes_transfered, referrer, agent
log_format = space, space, space, brace, quote, space, space, quote,
quote
RE pattern =
+(.*)\s(.*)\s(.*)\s\[(.*)\]\s\"(.*)\"\s(.*)\s(.*)\s\"(.*)\"\s\"(.*)\"
Line = 217.67.200.132 - - [31/Jan/2005:00:00:04 +0100] "GET
/%7Epiotr/la.xml
+HTTP/1.0" 200 205 "-" "Wget/1.8.1" "-"
0 client_ip 217.67.200.132
1 ident -
2 userid -
3 timestamp 31/Jan/2005:00:00:04 +0100
4 request GET /%7Epiotr/la.xml HTTP/1.0
5 http_rc 200 205
6 bytes_transfered "-"
7 referrer Wget/1.8.1
8 agent -
Because of that it doesn't count file size and also doesn't show robots:
0.00 MB transfered in 124 responses (1xx 0, 2xx 119, 3xx 4, 4xx 1, 5xx 0)
17 Images (0.00 MB),
48 Documents (0.00 MB),
57 Content pages (0.00 MB),
2 Program source files (0.00 MB),
A total of 1 ROBOTS were logged
- 6 time(s)
After changing a little /etc/logwatch/conf/services/http.conf it works well:
log_fields = client_ip, ident, userid, timestamp, request, http_rc,
+bytes_transfered, referrer, agent, forensic
log_format = space, space, space, brace, quote, space, space, quote, quote,
+quote
RE pattern =
+(.*)\s(.*)\s(.*)\s\[(.*)\]\s\"(.*)\"\s(.*)\s(.*)\s\"(.*)\"\s\"(.*)\"\s\"(.*)\"
Line = 217.67.200.132 - - [31/Jan/2005:00:00:04 +0100] "GET /%7Epiotr/la.xml
+HTTP/1.0" 200 205 "-" "Wget/1.8.1" "-"
0 client_ip 217.67.200.132
1 ident -
2 userid -
3 timestamp 31/Jan/2005:00:00:04 +0100
4 request GET /%7Epiotr/la.xml HTTP/1.0
5 http_rc 200
6 bytes_transfered 205
7 referrer -
8 agent Wget/1.8.1
9 forensic -
1.07 MB transfered in 124 responses (1xx 0, 2xx 119, 3xx 4, 4xx 1, 5xx 0)
17 Images (0.13 MB),
48 Documents (0.01 MB),
57 Content pages (0.93 MB),
2 Program source files (0.00 MB),
A total of 4 ROBOTS were logged
Mozilla/4.0 compatible ZyBorg/1.0 ([EMAIL PROTECTED];
+http://www.WISEnutbot.com) 1 time(s)
SurveyBot/2.3 (Whois Source) 1 time(s)
Googlebot/2.1 (+http://www.google.com/bot.html) 3 time(s)
IRLbot/1.0 (+http://irl.cs.tamu.edu/crawler) 1 time(s)
The patch for http.conf is attached.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.29-rc1
Locale: LANG=C, LC_CTYPE=pl_PL (charmap=ISO-8859-2)
Versions of packages logwatch depends on:
ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent
ii perl 5.8.4-5 Larry Wall's Practical Extraction
-- no debconf information
--C7zPtVaVf+AK4Oqc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename="http.conf.diff"
--- http.conf.org 2005-02-01 08:41:37.000000000 +0100
+++ http.conf 2005-02-01 08:42:41.000000000 +0100
@@ -16,8 +16,8 @@
# bytes_transfered
# agent
#
-$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc
bytes_transfered referrer agent"
-$HTTP_FORMAT = "space space space brace quote space space
quote quote"
+$HTTP_FIELDS = "client_ip ident userid timestamp request http_rc
bytes_transfered referrer agent forensic"
+$HTTP_FORMAT = "space space space brace quote space space
quote quote quote "
# Define the field formats
#
# the only currently supported formats are:
--C7zPtVaVf+AK4Oqc--
---------------------------------------
Received: (at 293115-close) by bugs.debian.org; 28 Feb 2005 22:08:05 +0000
>From [EMAIL PROTECTED] Mon Feb 28 14:08:05 2005
Return-path: <[EMAIL PROTECTED]>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1D5t3d-0001Wu-00; Mon, 28 Feb 2005 14:08:05 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1D5sxv-0006tb-00; Mon, 28 Feb 2005 17:02:11 -0500
From: Willi Mann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.55 $
Subject: Bug#293115: fixed in logwatch 5.2.2-4
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 28 Feb 2005 17:02:11 -0500
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: logwatch
Source-Version: 5.2.2-4
We believe that the bug you reported is fixed in the latest version of
logwatch, which is due to be installed in the Debian FTP archive:
logwatch_5.2.2-4.diff.gz
to pool/main/l/logwatch/logwatch_5.2.2-4.diff.gz
logwatch_5.2.2-4.dsc
to pool/main/l/logwatch/logwatch_5.2.2-4.dsc
logwatch_5.2.2-4_all.deb
to pool/main/l/logwatch/logwatch_5.2.2-4_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Willi Mann <[EMAIL PROTECTED]> (supplier of updated logwatch package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 16 Feb 2005 19:43:30 +0100
Source: logwatch
Binary: logwatch
Architecture: source all
Version: 5.2.2-4
Distribution: unstable
Urgency: medium
Maintainer: Willi Mann <[EMAIL PROTECTED]>
Changed-By: Willi Mann <[EMAIL PROTECTED]>
Description:
logwatch - log analyser with nice output written in Perl
Closes: 293115 295234 296979
Changes:
logwatch (5.2.2-4) unstable; urgency=medium
.
* Reformat README.Debian.
* Add info to README.Debian how to get correct http output when using
default apache1 configuration as LogFormat. Add the apache1 default
LogFormat as alternative to conf/services/http.conf. (Closes: #293115,
thanks to Vic Gedris <[EMAIL PROTECTED]>)
* Make the smartd service (smartmontools) working. It's logging to
daemon.log, not to messages. (Closes: #295234, thanks to
Piotr Krukowiecki <[EMAIL PROTECTED]>)
* Set LC_ALL=C in the main logwatch script. (closes: #296979, thanks to
Gilmar Junior <[EMAIL PROTECTED]>
* Fix logfiles/http.conf. All events were logged twice.
* Correct logfiles/{daemon,http,maillog,secure}.conf to always include the
first rotated logfile. (So no need to use --archives for full accuracy for
reports of range "yesterday"). Otherwise some events might get lost. Some
other logfile configurations should also get corrected but I can't verify
them because I don't have the services running.
Files:
ff6e5dd736c5fb0d891d714d7bf5c127 566 admin optional logwatch_5.2.2-4.dsc
a7b46eeb0ed67ac1d4be422b4d6d932b 26141 admin optional logwatch_5.2.2-4.diff.gz
9517d20a984c90590fc1f56e4744a0a9 124712 admin optional logwatch_5.2.2-4_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCI4/kliSD4VZixzQRAqslAJ0aZtK/cHq+phmKDSy8mUukpUSISQCfbWg0
3y8wKyi2bq+q699JqbNKPKo=
=nBRt
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
