Package: logwatch
Version: 7.3.6-1
Severity: normal
Tags: patch
I've had troubles with logwatch's handling of postfix for some time, but being
rubbish at both perl
and regexes by my own admission, I've not looked at the problem myself until
now.
I've included a patch to hopefully correct this problem, which results in no
unmatched lines for me.
The messages fall into 3 categories:
1) "lost connection after DATA" messages, where the current rule doesn't handle
the "(0 bytes)" part.
> lost connection after DATA (0 bytes) from
> 82.199.107.165.iskratelecom.ru[82.199.107.165]
2) "timeout after DATA" messages, which as with the above has issues with the
"(0 bytes)" part of the line.
> timeout after DATA (0 bytes) from adsl-dyn59.91-127-80.t-com.sk[91.127.80.59]
3) "Anonymous TLS connection established" messages, where the current rule
seems to only expect "Verified"
or "Untrusted", but not "Anonymous".
> Anonymous TLS connection established from liszt.debian.org[82.195.75.100]:
> TLSv1 with cipher ADH-AES256-SHA (256/256 bits)
So, my patch just lets logwatch handle these lines. I've looked over the
reportin manual mode and it seems
correct, but as I said above, I'm no regex guru.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (900, 'testing'), (600, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages logwatch depends on:
ii perl 5.8.8-12 Larry Wall's Practical Extraction
ii postfix [mail-transport-agen 2.5.2~rc2-1 High-performance mail transport ag
Versions of packages logwatch recommends:
pn libdate-manip-perl <none> (no description available)
-- no debconf information
--- /usr/share/logwatch/scripts/services/postfix 2008-05-11
23:17:40.000000000 +0100
+++ /usr/share/logwatch/scripts/services.dist/postfix 2008-05-11
20:11:19.000000000 +0100
@@ -1530,7 +1530,7 @@
# end of $re_QID section
# see also ConnectionLost in $re_QID section
- elsif ( ($reason,$host,$hostip) = ($p1 =~ /lost connection (after [^ ].*)
from ([^[]*)\[($re_IP|unknown)\]$/o )) {
+ elsif ( ($reason,$host,$hostip) = ($p1 =~ /lost connection (after [^ ]*)
from ([^[]*)\[($re_IP|unknown)\]$/o )) {
unless ($hostip =~ /unknown/) {
#TD lost connection after CONNECT from mail.example.com[192.168.0.1]
$Totals{'ConnectionLost'}++;
@@ -1570,7 +1570,7 @@
}
# see also TimeoutInbound in $re_QID section
- elsif ( ($reason,$host,$hostip) = ($p1 =~ /^timeout (after [^ ].*) from
([^[]*)\[($re_IP)\]$/o)) {
+ elsif ( ($reason,$host,$hostip) = ($p1 =~ /^timeout (after [^ ]*) from
([^[]*)\[($re_IP)\]$/o)) {
#TD timeout after RSET from example.com[192.168.0.1]
$Totals{'TimeoutInbound'}++;
$Counts{'TimeoutInbound'}{"\u$reason"}{formathost($hostip,$host)}++;
@@ -1593,7 +1593,7 @@
### smtpd_tls_loglevel >= 1
# Server TLS messages
- elsif ( ($status,$host,$hostip,$type) = ($p1 =~
/^(?:(Trusted|Untrusted|Anonymous) )?TLS connection established from
([^[]+)\[($re_IP)\]: (.*)$/o )) {
+ elsif ( ($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Trusted|Untrusted)
)?TLS connection established from ([^[]+)\[($re_IP)\]: (.*)$/o )) {
#TD TLS connection established from example.com[192.168.0.1]: TLSv1 with
cipher DHE-RSA-AES256-SHA (256/256 bits)
# Postfix 2.5+: status: Untrusted or Trusted
#TD Untrusted TLS connection established from example.com[192.168.0.1]:
TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)
