Package: logwatch Version: 7.3.6-1 Severity: normal Tags: patch I've had troubles with logwatch's handling of postfix for some time, but being rubbish at both perl and regexes by my own admission, I've not looked at the problem myself until now.
I've included a patch to hopefully correct this problem, which results in no unmatched lines for me. The messages fall into 3 categories: 1) "lost connection after DATA" messages, where the current rule doesn't handle the "(0 bytes)" part. > lost connection after DATA (0 bytes) from > 82.199.107.165.iskratelecom.ru[82.199.107.165] 2) "timeout after DATA" messages, which as with the above has issues with the "(0 bytes)" part of the line. > timeout after DATA (0 bytes) from adsl-dyn59.91-127-80.t-com.sk[91.127.80.59] 3) "Anonymous TLS connection established" messages, where the current rule seems to only expect "Verified" or "Untrusted", but not "Anonymous". > Anonymous TLS connection established from liszt.debian.org[82.195.75.100]: > TLSv1 with cipher ADH-AES256-SHA (256/256 bits) So, my patch just lets logwatch handle these lines. I've looked over the reportin manual mode and it seems correct, but as I said above, I'm no regex guru. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (900, 'testing'), (600, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.24-1-686 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages logwatch depends on: ii perl 5.8.8-12 Larry Wall's Practical Extraction ii postfix [mail-transport-agen 2.5.2~rc2-1 High-performance mail transport ag Versions of packages logwatch recommends: pn libdate-manip-perl <none> (no description available) -- no debconf information
--- /usr/share/logwatch/scripts/services/postfix 2008-05-11 23:17:40.000000000 +0100 +++ /usr/share/logwatch/scripts/services.dist/postfix 2008-05-11 20:11:19.000000000 +0100 @@ -1530,7 +1530,7 @@ # end of $re_QID section # see also ConnectionLost in $re_QID section - elsif ( ($reason,$host,$hostip) = ($p1 =~ /lost connection (after [^ ].*) from ([^[]*)\[($re_IP|unknown)\]$/o )) { + elsif ( ($reason,$host,$hostip) = ($p1 =~ /lost connection (after [^ ]*) from ([^[]*)\[($re_IP|unknown)\]$/o )) { unless ($hostip =~ /unknown/) { #TD lost connection after CONNECT from mail.example.com[192.168.0.1] $Totals{'ConnectionLost'}++; @@ -1570,7 +1570,7 @@ } # see also TimeoutInbound in $re_QID section - elsif ( ($reason,$host,$hostip) = ($p1 =~ /^timeout (after [^ ].*) from ([^[]*)\[($re_IP)\]$/o)) { + elsif ( ($reason,$host,$hostip) = ($p1 =~ /^timeout (after [^ ]*) from ([^[]*)\[($re_IP)\]$/o)) { #TD timeout after RSET from example.com[192.168.0.1] $Totals{'TimeoutInbound'}++; $Counts{'TimeoutInbound'}{"\u$reason"}{formathost($hostip,$host)}++; @@ -1593,7 +1593,7 @@ ### smtpd_tls_loglevel >= 1 # Server TLS messages - elsif ( ($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Trusted|Untrusted|Anonymous) )?TLS connection established from ([^[]+)\[($re_IP)\]: (.*)$/o )) { + elsif ( ($status,$host,$hostip,$type) = ($p1 =~ /^(?:(Trusted|Untrusted) )?TLS connection established from ([^[]+)\[($re_IP)\]: (.*)$/o )) { #TD TLS connection established from example.com[192.168.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits) # Postfix 2.5+: status: Untrusted or Trusted #TD Untrusted TLS connection established from example.com[192.168.0.1]: TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)