Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package logwatch for openSUSE:Factory checked in at 2024-11-01 21:06:29
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/logwatch (Old)
and /work/SRC/openSUSE:Factory/.logwatch.new.2020 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "logwatch"
Fri Nov 1 21:06:29 2024 rev:54 rq:1219964 version:7.11
Changes:
--------
--- /work/SRC/openSUSE:Factory/logwatch/logwatch.changes 2024-03-08 18:10:29.709041462 +0100
+++ /work/SRC/openSUSE:Factory/.logwatch.new.2020/logwatch.changes 2024-11-01 21:06:51.268647708 +0100
@@ -1,0 +2,6 @@
+Thu Oct 31 19:35:27 UTC 2024 - ecsos <ecsos(a)opensuse.org>
+
+- Update to 7.11
+ See /usr/share/doc/packages/logwatch/ChangeLog for details
+
+-------------------------------------------------------------------
Old:
----
logwatch-7.9.tar.gz
New:
----
logwatch-7.11.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ logwatch.spec ++++++
--- /var/tmp/diff_new_pack.NUxWEO/_old 2024-11-01 21:06:52.460697576 +0100
+++ /var/tmp/diff_new_pack.NUxWEO/_new 2024-11-01 21:06:52.464697743 +0100
@@ -1,7 +1,7 @@
#
# spec file for package logwatch
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
Name: logwatch
-Version: 7.9
+Version: 7.11
Release: 0
Summary: Tool to analyze and report on system logs
License: MIT
++++++ ChangeLog ++++++
--- /var/tmp/diff_new_pack.NUxWEO/_old 2024-11-01 21:06:52.492698915 +0100
+++ /var/tmp/diff_new_pack.NUxWEO/_new 2024-11-01 21:06:52.492698915 +0100
@@ -2,6 +2,56 @@
control logs (e.g. 'git log --oneline v1..v2'), as the Logwatch project does
not release a change log themselves. ***
+==== 7.11 ====
+d32d105 (tag: 7.11) [logwatch.spec, logwatch.pl] Preparing for release 7.11
+f95ffd5 [journalctl] Added additional comments on usage.
+bbd9f3c [journalctl] Added comments on usage
+5d564f9 [systemd] Ignore Expecting, Relabeled
+c279f42 [omsa] Update for newer message format
+b199471 [amavis] Add support for parsing LMTP and UTF8 encoding in amavis service, per Vladimir Elisseev.
+7e77e84 [systemd] Ignore "Watchdog running with a timeout of" message
+ce5c5c7 [smartd] whitespace removal
+ad05c07 [smartd] Handle .* Failed messages (such as Read SMART Self Test Log Failed)
+e1387a6 [smartd] Add smartd_ignore_removal option to ignore device removal and reconnect
+f49a625 [smartd] Add smartd_ignore_capabilities and smartd_ignore_power options
+2d80f92 [fail2ban] Added support for IP lookups. Enabled in scripts/services/fail2ban. Proposed by Alexandre Vroublevski.
+196a410 [systemd] Handle "Reloading..."
+785c81e Merge /u/jasoncannon/logwatch/ branch master into master
+92b609b [dovecot] Adding imap(.*) to the services handled by the dovecot script.
+81156bb [sendmail] Sendmail 8.18.1 introduces new collect errors due to bare CR/LF.
+9f2558f [pop3] Handle additional LOGIN info introduced in pop3d 5.2.6, per Matthew M. Ogilvie
+dc9cac2 Make df_options example match the Linux deafults
+b6c42cb Exclude overlay file systems from output
+ea77967 [sudo] Allow ignoring commands with arguments
+27a5696 [evt*] More event de-duplication
+d483158 [clam-update] Updated documentation if it appears freshclam has not run.
+155cbd6 [sendmail] Fixing bug where email that generates a return receipt occurs before specified --range.
+
+==== 7.10 ====
+6924617 (tag: 7.10) [logwatch.spec,logwatch.pl] Added version 7.10 info.
+2b4aabf Change in format for some messages in Fedora 39
+da102ef Fix uninitialized value in PrettyTimes
+fee9286 Ignore qname minimsation due to ncache nxdomain
+d1fa2ac [logwatch.conf,logwatch.pl] Documented default Config variables, including Subject, as suggested by David Fernández.
+59da257 [iptables] Added iptables.log as valid log file (and iptables.log-* for archive).
+1238cd7 [clam-update] Add Last_Run_Only option
+4a7212f [named] Ignore rpz reload messages
+0d2e0fe [nut] At Detail 0, do not alert about recovered disconnects
+65c8520 [nut] Track battery low messages
+49070b9 [rsyslogd] Handle connection closed messages wiith error message
+4b5da85 [freeradius] Handle expired certificate login failures
+264ac92 [freeradius] Show wrong user detail at detail 3; Move Successful logins report lower
+b518c56 [clam-update] Fixed bug where WARNINGS and ERRORS were dropped when using --range option in logwatch.
+ "Outdated" warnings now treated similar to other warnings.
+3c0dc54 [freeradius] Update for FreeRADIUS 3.0; Use "client" instead of "IP"
+f811f4d [kernel] Ignore HANDLING IBECC MEMEORY messages
+58582d5 Merge /u/ddemus/logwatch/ branch master into master
+1134db2 [dovecot] Fix to log connections closed with auth failure, by Reio Remma.
+bd5e68b [sendmail] Better matching of Unrecognized Commands in the OtherList hash.
+30f89c0 [systemd] Ignore "Running in initrd."
+e9a710f [fail2ban] Remove superfluous ] from BAN-time increases
+c373fa1 [omsa] Classify more messages as errors
+
==== 7.9 ====
9393486 [rpm] corrected dates in specfile changelog, not released
c3df994 [logwatch.spec,logwatch.pl] Preparing 7.9 release.
++++++ logwatch-7.9.tar.gz -> logwatch-7.11.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/conf/logfiles/iptables.conf new/logwatch-7.11/conf/logfiles/iptables.conf
--- old/logwatch-7.9/conf/logfiles/iptables.conf 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/conf/logfiles/iptables.conf 2023-12-22 07:23:14.000000000 +0100
@@ -12,11 +12,13 @@
# What actual file? Defaults to LogPath if not absolute path....
LogFile = ulogd/ulogd.syslogemu
+LogFile = iptables.log
# If the archives are searched, here is one or more line
# (optionally containing wildcards) that tell where they are...
Archive = ulogd/ulogd.syslogemu.*
Archive = ulogd/ulogd.syslogemu-*
+Archive = iptables.log-*
# Keep only the lines in the proper date range...
*ApplyStdDate
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/conf/logwatch.conf new/logwatch-7.11/conf/logwatch.conf
--- old/logwatch-7.9/conf/logwatch.conf 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/conf/logwatch.conf 2024-01-22 20:31:51.000000000 +0100
@@ -7,34 +7,45 @@
#
########################################################
-# NOTE:
-# All these options are the defaults if you run logwatch with no
-# command-line arguments. You can override all of these on the
-# command-line.
-
-# You can put comments anywhere you want to. They are effective for the
-# rest of the line.
-
-# this is in the format of <name> = <value>. Whitespace at the beginning
-# and end of the lines is removed. Whitespace before and after the = sign
-# is removed. Everything is case *insensitive*.
+# This file lists the default values of the variables, unless
+# it is listed as an example, in which case it merely illustrates
+# one possible option.
+#
+# The preferred way of changing a variable is not by changing
+# this file. Rather, you can override the variable by re-assigning
+# it locally. The default location for this override file is
+# /etc/logwatch/conf/logwatch.conf
+#
+# You can override many of these variables on the command line.
+
+# Comments are indicated by the '#' character. Any characters after
+# that are ignored, even if not on the first column.
+
+# Variables are in the format of <name> = <value>. Whitespace at the
+# beginning and end of the lines is removed. Whitespace before and after
+# the = sign is removed. Both names and values are case insensitive,
+# except when indicated.
+# For all these variables, only literal strings are allowed. That is,
+# variables cannot be used to set the value.
+
+# Here are the synonyms that can be used for any variable that expects
+# one of these values:
# Yes = True = On = 1
# No = False = Off = 0
# You can override the default temp directory (/tmp) here
-TmpDir = /var/cache/logwatch
+# TmpDir = /var/cache/logwatch
-# Output/Format Options
-# By default Logwatch will print to stdout in text with no encoding.
-# To make email Default set Output = mail to save to file set Output = file
-Output = stdout
-# To make Html the default formatting Format = html
-Format = text
-# To make Base64 [aka uuencode] Encode = base64
-# Encode = none is the same as Encode = 8bit.
+# To format using HTML use Format = html
+# Format = text
+# For HTML output, this variable sets the maximum line length:
+# HTML_Wrap = 80
+
+# The default, Encode = none, is the same as Encode = 8bit.
+# To make Base64 [aka uuencode] use Encode = base64
# You can also specify 'Encode = 7bit', but only if all text is ASCII only.
-Encode = none
+# Encode = none
# Input Encoding
# Logwatch assumes that the input is in UTF-8 encoding. Defining CharEncoding
@@ -44,13 +55,38 @@
# illegal characters. Valid encodings are as used by the iconv program,
# and `iconv -l` lists valid character set encodings.
# Setting CharEncoding to UTF-8 simply discards illegal UTF-8 characters.
-#CharEncoding = ""
+# CharEncoding = ""
+
+# Output/Format Options
+# By default Logwatch will print to stdout in text with no encoding.
+# To make email Default set Output = mail to save to file set Output = file
+# Output = stdout
+
+# If Output is set to "file", a filename must be provided for the
+# Filename variable. The results will be saved to this file.
+# The value of this variable is case-sensitive. For example,
+# Filename = "/tmp/Logwatch"
# Default person to mail reports to. Can be a local account or a
# complete email address. Variable Output should be set to mail, or
# --output mail should be passed on command line to enable mail feature.
-MailTo = root
-# WHen using option --multiemail, it is possible to specify a different
+# If the environmental variable MAILTO is set, it becomes the default.
+# This value is case-sensitive.
+# MailTo = root
+
+# When using the mail feature, the subject can be set to a literal string.
+# The default is an empty string:
+# Subject = ""
+# Using the default of an empty string will cause the equivalent of the
+# following string to be used: "Logwatch for $(hostname) ($(uname -s))"
+# But because only a literal string is allowed in the configuration file,
+# no variables may be passed in the string.
+# For example:
+# Subject = "Logwatch from ExampleHostname"
+# The subject can also be set with the command switch --subject, which also
+# allows shell decoding of variables.
+
+# When using option --multiemail, it is possible to specify a different
# email recipient per host processed. For example, to send the report
# for hostname host1 to user(a)example.com, use:
#Mailto_host1 = user(a)example.com
@@ -58,36 +94,30 @@
# Default person to mail reports from. Can be a local account or a
# complete email address.
-MailFrom = Logwatch
-
-# if set, the results will be saved in <filename> instead of mailed
-# or displayed. Be sure to set Output = file also.
-#Filename = /tmp/logwatch
+# MailFrom = Logwatch
# Use archives? If set to 'Yes', the archives of logfiles
# (i.e. /var/log/messages.1 or /var/log/messages.1.gz) will
# be searched in addition to the /var/log/messages file.
# This usually will not do much if your range is set to just
# 'Yesterday' or 'Today'... it is probably best used with Range = All
-# By default this is now set to Yes. To turn off Archives uncomment this.
-#Archives = No
+# By default this is now set to Yes.
+# Archives = Yes
# The default time range for the report...
# The current choices are All, Today, Yesterday
-Range = yesterday
+# Range = yesterday
# The default detail level for the report.
# This can either be Low, Med, High or a number.
-# Low = 0
-# Med = 5
-# High = 10
-Detail = Low
+# Low is a synonym for 0, Med is 5, and High is 10.
+# Detail = Low
# The 'Service' option expects either the name of a filter
# (in /usr/share/logwatch/scripts/services/*) or 'All'.
-# The default service(s) to report on. This should be left as All for
-# most people.
+# It indicates the default service(s) to report on. This should be
+# left as All for most systems.
Service = All
# You can also disable certain services (when specifying all)
Service = "-zz-network" # Prevents execution of zz-network service, which
@@ -96,58 +126,70 @@
# prints useful system configuration info.
Service = "-eximstats" # Prevents execution of eximstats service, which
# is a wrapper for the eximstats program.
+# Because the above sets "All" as the default, and disables certain
+# services, you can also set the Service variable to an empty string
+# in your local logwatch.conf (by default, under /etc/logwatch/conf).
+# That resets the setting of Service, after which you can assign to it
+# specific services that you want executed.
+
+# The following are more examples of using the Service variable:
# If you only cared about FTP messages, you could use these 2 lines
# instead of the above:
-#Service = ftpd-messages # Processes ftpd messages in /var/log/messages
-#Service = ftpd-xferlog # Processes ftpd messages in /var/log/xferlog
+# Service = ftpd-messages # Processes ftpd messages in /var/log/messages
+# Service = ftpd-xferlog # Processes ftpd messages in /var/log/xferlog
# Maybe you only wanted reports on PAM messages, then you would use:
-#Service = pam_pwdb # PAM_pwdb messages - usually quite a bit
-#Service = pam # General PAM messages... usually not many
+# Service = pam_pwdb # PAM_pwdb messages - usually quite a bit
+# Service = pam # General PAM messages... usually not many
# You can also choose to use the 'LogFile' option. This will cause
-# logwatch to only analyze that one logfile.. for example:
-#LogFile = messages
+# logwatch to only analyze that one logfile. For example:
+# LogFile = messages
# will process /var/log/messages. This will run all the filters that
-# process that logfile. This option is probably not too useful to
-# most people. Setting 'Service' to 'All' above analyzes all LogFiles
-# anyways...
+# process that logfile. This option is probably not too useful, except
+# for debugging. Each service lists its own Logfile options.
-#
# By default we assume that all Unix systems have sendmail or a sendmail-like MTA.
# The mailer code prints a header with To: From: and Subject:.
# At this point you can change the mailer to anything that can handle this output
# stream.
# TODO test variables in the mailer string to see if the To/From/Subject can be set
# From here with out breaking anything. This would allow mail/mailx/nail etc..... -mgt
-mailer = "/usr/sbin/sendmail -t"
+# This value is case-sensitive.
+# mailer = "/usr/sbin/sendmail -t"
-#
# With this option set to a comma separated list of hostnames, only log entries
# for these particular hosts will be processed. This can allow a log host to
# process only its own logs, or Logwatch can be run once per a set of hosts
-# included in the logfiles.
+# included in the logfiles. The hostnames are case-sensitive.
# Example: HostLimit = hosta,hostb,myhost
#
# The default is to report on all log entries, regardless of its source host.
# Note that some logfiles do not include host information and will not be
# influenced by this setting.
-#
-#HostLimit = myhost
# Default Log Directory
-# All log-files are assumed to be given relative to the LogDir directory.
+# All log files are assumed to be given relative to the LogDir directory.
# Multiple LogDir statements are possible. Additional configuration variables
# to set particular directories follow, so LogDir need not be set.
-#LogDir = /var/log
+# This value is case-sensitive.
+# For example:
+# LogDir = /var/log
#
# By default /var/adm is searched after LogDir.
-#AppendVarAdmToLogDirs = 1
+# AppendVarAdmToLogDirs = 1
#
# By default /var/log is to be searched after LogDir and /var/adm/ .
-#AppendVarLogToLogDirs = 1
+# AppendVarLogToLogDirs = 1
#
# The current working directory can be searched after the above. Not set by
# default.
-#AppendCWDToLogDirs = 0
+# AppendCWDToLogDirs = 0
+
+# Logwatch can decompress log files (often the case for archived log files -
+# that is, older log files rotated and compressed.
+# The following variables set the default compression programs:
+# PathTozcat = "zcat"
+# PathTobzcat = "bzcat"
+# PathToxzcat = "zxcat"
# vi: shiftwidth=3 tabstop=3 et
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/conf/services/clam-update.conf new/logwatch-7.11/conf/services/clam-update.conf
--- old/logwatch-7.9/conf/services/clam-update.conf 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/conf/services/clam-update.conf 2023-12-15 20:52:10.000000000 +0100
@@ -47,9 +47,13 @@
LogFile = clam-update
# Set to true to ignore messages about outdated clamav versions
-# Ignore_Outdated = 1
+# $Ignore_Outdated = 1
# Set to true to ignore messages about no updates ocurring
-# Ignore_No_Updates = 1
+# $Ignore_No_Updates = 1
+
+# Set to true to only consider the last run of freshclam for reporting
+# error or warnings
+# $Last_Run_Only = 1
# vi: shiftwidth=3 tabstop=3 et
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/conf/services/dovecot.conf new/logwatch-7.11/conf/services/dovecot.conf
--- old/logwatch-7.9/conf/services/dovecot.conf 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/conf/services/dovecot.conf 2024-03-24 22:07:05.000000000 +0100
@@ -16,7 +16,7 @@
# dovecot 2.x defaults to '/var/log/dovecot'
LogFile = dovecot
-*OnlyService = (imap-login|pop3-login|dovecot)
+*OnlyService = (imap-login|pop3-login|dovecot|imap\(.*\))
*RemoveHeaders = "^\w{3} .\d \d\d:\d\d:\d\d (?:[^\s:]* )?"
# Override the default Detail level. This will only affect dovecot's report.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/conf/services/fail2ban.conf new/logwatch-7.11/conf/services/fail2ban.conf
--- old/logwatch-7.9/conf/services/fail2ban.conf 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/conf/services/fail2ban.conf 2024-05-13 00:54:36.000000000 +0200
@@ -46,3 +46,6 @@
# Set this to a regex to match jails for which you want to ignore latency
# warnings. These are generally jails that monitor apache access logs.
# $fail2ban_ignore_latency = ^apache-badbots|php-url-fopen$
+
+# Set to Yes to enable IP lookups
+# $fail2ban_ip_lookup = Yes
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/conf/services/smartd.conf new/logwatch-7.11/conf/services/smartd.conf
--- old/logwatch-7.9/conf/services/smartd.conf 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/conf/services/smartd.conf 2024-07-17 06:47:13.000000000 +0200
@@ -21,4 +21,18 @@
*OnlyService = smartd
*RemoveHeaders
+# Set this to 1 if you want to ignore unmatched messages...
+$smartd_ignore_unmatched = 0
+
+# Set this to 1 if you want to ignore message about --capabilities being set
+$smartd_ignore_capabilities = 0
+
+# Set this to 1 if you want to ignore message about no ATA CHECK POWER STATUS
+# support
+$smartd_ignore_power = 0
+
+# Set this to a regular expression to match device names that you want to
+# ignore messageis about removal and reconnecting
+# $smartd_ignore_removal = /dev/sda
+
# vi: shiftwidth=3 tabstop=3 et
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/conf/services/zz-disk_space.conf new/logwatch-7.11/conf/services/zz-disk_space.conf
--- old/logwatch-7.9/conf/services/zz-disk_space.conf 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/conf/services/zz-disk_space.conf 2024-04-09 07:31:08.000000000 +0200
@@ -30,7 +30,7 @@
# The variables df_options and disk_cmd are used to customize the reporting
# of filesystem disk usage. For example, the following are the defaults
# for Linux OS:
-# $df_options = "-h -l -x tmpfs"
+# $df_options = "-h -x tmpfs -x devtmpfs -x udf -x iso9660 -x squashfs -x overlay"
# $disk_cmd = "df $df_options"
# Uncomment this to add -l to df command. Only see local disks.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/logwatch.spec new/logwatch-7.11/logwatch.spec
--- old/logwatch-7.9/logwatch.spec 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/logwatch.spec 2024-07-22 01:31:31.000000000 +0200
@@ -1,6 +1,6 @@
Summary: Analyzes and Reports on system logs
Name: logwatch
-Version: 7.9
+Version: 7.11
Release: 1
License: MIT
Group: Applications/System
@@ -112,17 +112,24 @@
%changelog
-* Sat Jul 22 2022 Jason Pyeron <jpyeron(a)pdinc.us> 7.9-1
+* Mon Jul 22 2024 Bjorn <bjorn1(a)users.sourceforge.net> 7.11
+
+* Mon Jan 22 2024 Bjorn <bjorn1(a)users.sourceforge.net> 7.10
+
+* Sat Jul 22 2023 Jason Pyeron <jpyeron(a)pdinc.us> 7.9-2
+- corrected dates in changelog, not released
+
+* Sat Jul 22 2023 Jason Pyeron <jpyeron(a)pdinc.us> 7.9-1
- release 7.8, noarch on EL and cygwin
-* Thu Jan 26 2022 Bjorn <bjorn1(a)users.sourceforge.net> 7.8-3
+* Thu Jan 26 2023 Bjorn <bjorn1(a)users.sourceforge.net> 7.8-3
- Made noarch version for linux
-* Sat Jan 22 2022 Jason Pyeron <jpyeron(a)pdinc.us> 7.8-2
+* Sun Jan 22 2023 Jason Pyeron <jpyeron(a)pdinc.us> 7.8-2
- add missing requires (impacting EL8)
- add dist to release
-* Sat Jan 22 2022 Jason Pyeron <jpyeron(a)pdinc.us> 7.8-1
+* Sun Jan 22 2023 Jason Pyeron <jpyeron(a)pdinc.us> 7.8-1
* Fri Jul 22 2022 Bjorn <bjorn1(a)users.sourceforge.net> 7.7
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/logwatch.pl new/logwatch-7.11/scripts/logwatch.pl
--- old/logwatch-7.9/scripts/logwatch.pl 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/logwatch.pl 2024-07-22 01:31:52.000000000 +0200
@@ -10,8 +10,8 @@
########################################################
# Specify version and build-date:
-my $Version = '7.9';
-my $VDate = '07/22/23';
+my $Version = '7.11';
+my $VDate = '07/22/24';
#######################################################
# Logwatch was originally written by:
@@ -84,6 +84,7 @@
$Config{'mailto'} = "root";
}
$Config{'mailfrom'} = "Logwatch";
+$Config{'mailer'} = "/usr/sbin/sendmail -t";
$Config{'subject'} = "";
$Config{'filename'} = "";
$Config{'range'} = "yesterday";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/amavis new/logwatch-7.11/scripts/services/amavis
--- old/logwatch-7.9/scripts/services/amavis 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/amavis 2024-07-17 06:47:13.000000000 +0200
@@ -2131,6 +2131,9 @@
or ($p1 =~ /^SpamControl/)
or ($p1 =~ /^Perl/)
or ($p1 =~ /^ESMTP/)
+ or ($p1 =~ /^UTF8SMTP/)
+ or ($p1 =~ /^LMTP /)
+ or ($p1 =~ /^UTF8LMTP /)
or ($p1 =~ /^(?:\(!+\))?(\S+ )?(?:FWD|SEND) from /) # log level 4
or ($p1 =~ /^(?:\(!+\))?(\S+ )?(?:ESMTP|FWD|SEND) via /) # log level 4
or ($p1 =~ /^tempdir being removed/)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/clam-update new/logwatch-7.11/scripts/services/clam-update
--- old/logwatch-7.9/scripts/services/clam-update 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/clam-update 2024-02-11 06:26:59.000000000 +0100
@@ -62,6 +62,7 @@
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};
my $Ignore_Outdated = $ENV{'ignore_outdated'} || 0;
my $Ignore_No_Updates = $ENV{'ignore_no_updates'} || 0;
+my $Last_Run_Only = $ENV{'last_run_only'} || 0;
my $time = time;
my $Date;
@@ -73,7 +74,6 @@
my %Starts;
my %Errors;
-my %Outdated;
my %Warnings;
@@ -114,10 +114,12 @@
# $Starts is only set if $Version was set just before the current update process
$Starts{$Version}++;
}
+ if ($Last_Run_Only) {
+ %Errors = ();
+ %Warnings = ();
+ }
} else {
$InRange = 0;
- %Errors = ();
- %Warnings = ();
}
# $Version was already logged if necessary, so now we clear it
$Version = "";
@@ -127,10 +129,8 @@
if ((my $Text) = ($ThisLine =~ /^ERROR: (.*)/)) {
$Errors{$Text}++;
} elsif (($Text) = ($ThisLine =~ /^WARNING: (.*)/)) {
- if ($Text =~ /OUTDATED|Local version/) {
- next if $Ignore_Outdated;
- $Outdated{$Text}++;
- } else {
+ if (! (($Text =~ /OUTDATED|Local version/) &&
+ $Ignore_Outdated)) {
$Warnings{$Text}++;
}
}
@@ -153,7 +153,8 @@
elsif ($Ignore_No_Updates == 0) {
print "\nNo updates detected in the log for the freshclam daemon (the\n";
print "ClamAV update process). If the freshclam daemon is not running,\n";
- print "you may need to restart it. Other options:\n\n";
+ print "you may need to restart it. (Or if run from a cron job, ensure\n";
+ print "it is run periodically.) Other options:\n\n";
print "A. If you no longer wish to run freshclam, deleting the log file\n";
print " (configured is $ENV{'LOGWATCH_LOGFILE_LIST'}) will suppress this error message.\n\n";
print "B. If you use a different log file, update the appropriate\n";
@@ -171,13 +172,6 @@
};
-if (keys %Outdated) {
- print "\n";
- foreach my $Text (keys %Outdated) {
- print "$Text\n";
- }
-}
-
if ($Detail >= 10) {
if ((keys %Errors) or (keys %Warnings)) {
print "\nThe following ERRORS and/or WARNINGS were detected when\n";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/dovecot new/logwatch-7.11/scripts/services/dovecot
--- old/logwatch-7.9/scripts/services/dovecot 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/dovecot 2024-04-09 06:57:32.000000000 +0200
@@ -129,7 +129,8 @@
($ThisLine =~ /ssl-params: Generating SSL parameters/) or
($ThisLine =~ /auth-worker/) or
($ThisLine =~ /auth:.*: Connected to/) or
- ($ThisLine =~ /Connection closed(?! \(auth failed)/) or
+ ($ThisLine =~ /Disconnected: Connection closed(?! \(auth failed)/) or
+ ($ThisLine =~ /Info: Connection closed/) or
($ThisLine =~ /IMAP.*: Connection closed bytes/) or
($ThisLine =~ /IMAP.* failed with mbox file/) or
($ThisLine =~ /discarded duplicate forward to/) or
@@ -142,6 +143,8 @@
($ThisLine =~ /^$dovecottag imap\(\w+\): copy from /) or
($ThisLine =~ /^$dovecottag imap\(\w+\): delete: /) or
($ThisLine =~ /^$dovecottag imap\(\w+\): expunge: /) or
+ # Error string is in separate statement; backtrace not useful for logwatch
+ ($ThisLine =~ /Error: Raw backtrace: /) or
0 # This line prevents blame shifting as lines are added above
)
{
@@ -270,7 +273,7 @@
} elsif ($ThisLine =~ /Disconnected (\[|bytes|top)/) {
$Disconnected{"No reason"}++;
# Oct 24 14:10:24 host dovecot[114]: imap-login: Disconnected: Connection closed (auth failed, 1 attempts in 2 secs): user=<user(a)domain.com>, method=PLAIN, rip=192.168.1.110, lip=192.168.1.3, TLS, session=<lGZ01sXrvLzAqAFu>
- } elsif ( ($User, $IP) = ($ThisLine =~ /Disconnected: Connection closed \(auth failed, .*\): user=<([^>]+)>,.*rip=([^,]+).*/) ) {
+ } elsif ( ($User, $IP) = ($ThisLine =~ /Disconnected: .* \(auth failed, .*\): user=<([^>]+)>,.*rip=([^,]+).*/) ) {
$AuthFail{$User}{$IP}++;
} elsif ( ($Reason) = ($ThisLine =~ /Disconnected: (.*) \[/) ) {
$Disconnected{$Reason}++;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/evtapplication new/logwatch-7.11/scripts/services/evtapplication
--- old/logwatch-7.9/scripts/services/evtapplication 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/evtapplication 2024-04-09 07:04:42.000000000 +0200
@@ -58,8 +58,8 @@
# Modify some items that prevent de-duplication
if ($Detail < 10) {
$ExpandedString =~ s/(NextScheduled\S+|PID) \d+/$1 XXX/;
- $ExpandedString =~ s,\d{4}/\d\d/\d\d \d\d:\d\d:\d\d(?:\.\d+)?,TIMESTAMP,g;
- $ExpandedString =~ s/(?:\w{3}, )?\d{2} \w{3} \d{4},? \d\d:\d\d(?::\d\d \w{3})?/TIMESTAMP/g;
+ $ExpandedString =~ s,\d{4}/\d\d/\d\d \d\d:\d\d:\d\d(?:\.\d+)?,TIME,g;
+ $ExpandedString =~ s/(?:\w{3}, )?\d{2} \w{3} \d{4},? \d\d:\d\d(?::\d\d \w{3})?/TIME/g;
$ExpandedString =~ s/(SessionId|ThreadId):( ?0x)[0-9A-Fa-f]{2,16}(?::0x[0-9a-f]{5})?/$1:${2}XXXX/g;
$ExpandedString =~ s/Session-trace:.*$/Session-trace: XXXX/;
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/evtsystem new/logwatch-7.11/scripts/services/evtsystem
--- old/logwatch-7.9/scripts/services/evtsystem 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/evtsystem 2024-04-09 07:04:43.000000000 +0200
@@ -74,6 +74,7 @@
$ExpandedString =~ s/processor \d+/processor X/;
$ExpandedString =~ s/for \d+ seconds/for XX seconds/;
$ExpandedString =~ s/(APPID|CLSID)\s+\{[0-9A-F\-]+\}/$1 {XXX}/g;
+ $ExpandedString =~ s/(Time:) \d+:\d+:\d+\.\d+ \d+\/\d+\/\d+ Z/$1 TIME/g;
while ($ExpandedString =~ /(\d{4,}) bytes/) {
my $h = &human($1);
$ExpandedString =~ s/$1 bytes/${h}b/g;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/fail2ban new/logwatch-7.11/scripts/services/fail2ban
--- old/logwatch-7.9/scripts/services/fail2ban 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/fail2ban 2024-05-13 03:21:21.000000000 +0200
@@ -49,10 +49,14 @@
my %ServicesFound = ();
my %ServicesIgnored = ();
+# IP lookups disabled by default. Set in fail2ban services
+# configuration file to enable.
+DoLookup( $ENV{'fail2ban_ip_lookup'} );
+
#Init String Containers
my (
$Action, $Host, $Message,
-$NumFailures, $Service
+$NumFailures, $Service, $Increase
);
if ( $Debug >= 5 ) {
print STDERR "\n\nDEBUG: Inside Fail2Ban Filter \n\n";
@@ -87,7 +91,10 @@
} elsif ( ($Service,$Action,$Host) = ($ThisLine =~ m/NOTICE:?\s+\[?(.*?)[]:]?\s(Restore Ban)[^\.]* (\S+)/)) {
$ServicesBans{$Service}{$Host}{'ReBan'}++;
$ServicesBans{$Service}{"(all)"}{'ReBan'}++;
- } elsif ( ($Service,$Action,$Host) = ($ThisLine =~ m/(?:WARNING|NOTICE):?\s+\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {
+ } elsif ( ($Service,$Increase,$Action,$Host) = ($ThisLine =~ m/(?:WARNING|NOTICE):?\s+\[?(.*?)[]:]?\s(Increase\s)?(Ban|Unban)[^\.]* (\S+)/)) {
+ if ( $Increase ) {
+ $Service .= " increase"
+ }
if ( $Debug >= 6 ) {
print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
}
@@ -222,8 +229,12 @@
foreach my $service (sort {$a cmp $b} keys %ServicesFound) {
print(" $service:\n");
foreach my $ip (sort {$a cmp $b} keys %{$ServicesFound{$service}}) {
+ my @name = split(/ /, LookupIP($ip));
printf(" %-15s (%3d Times)\n", "$ip",
$ServicesFound{$service}{$ip});
+ if (scalar @name > 1) {
+ printf(" %s\n", $name[1]);
+ }
}
}
}
@@ -233,8 +244,12 @@
foreach my $service (sort {$a cmp $b} keys %ServicesIgnored) {
print(" $service:\n");
foreach my $ip (sort {$a cmp $b} keys %{$ServicesIgnored{$service}}) {
+ my @name = split(/ /, LookupIP($ip));
printf(" %-15s (%3d Times)\n", "$ip",
$ServicesIgnored{$service}{$ip});
+ if (scalar @name > 1) {
+ printf(" %s\n", $name[1]);
+ }
}
}
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/freeradius new/logwatch-7.11/scripts/services/freeradius
--- old/logwatch-7.9/scripts/services/freeradius 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/freeradius 2023-12-11 01:46:45.000000000 +0100
@@ -41,16 +41,21 @@
my %OtherList = ();
my %loginsOk = ();
+my %certificateExpired = ();
my %wrongPassword = ();
my %wrongUser = ();
-my %wrong_ip = ();
+my %wrong_client = ();
my %invalidUser = ();
my %discards = ();
my %warnings = ();
my %givingUps = ();
+my $crlExpired = 0;
my $killedChilds = 0;
+my $reloaded = 0;
my $requests = 0;
my $requests_duration = 0;
+my $started = 0;
+my $stopped = 0;
my $ThisLine;
while (defined($ThisLine = <STDIN>)) {
@@ -60,23 +65,39 @@
}
chomp($ThisLine);
+ # Strip leading session id
+ my ($SessionID) = ($ThisLine =~ s/^\((\d+)\) *//);
+
if ( ( $ThisLine =~ /^(?:Info: )?F-TICKS/ ) ||
( $ThisLine =~ /^(?:Info: )?Access-Request from/ ) ||
( $ThisLine =~ /^(?:Info: )? \.\.\. (?:closing|adding new) socket/ ) ||
( $ThisLine =~ /^(?:Info: )?(?:SSL|TLS|rlm_(?:unix|eap|sql|radutmp)| TLS_accept| \[ldap\])/ ) ||
- ( $ThisLine =~ /^(?:Info: )?Ready to process requests\.$/ ) ||
- ( $ThisLine =~ /^(?:Info: )?Exiting normally\.$/ ) ||
+ ( $ThisLine =~ /^(?:Info: )?Ready to process requests/ ) ||
+ ( $ThisLine =~ /^(?:Info: )?Debugger not attached/ ) ||
+ ( $ThisLine =~ /^(?:Info: )?Exiting normally/ ) ||
( $ThisLine =~ /^(?:Info: )?Loaded virtual server/ ) ||
( $ThisLine =~ /^(?:Info: )?HUP - / ) ||
- ( $ThisLine =~ /^(?:Info: )?Received HUP signal\.$/ ) ||
- ( $ThisLine =~ /^(?:Info: )? ?Module: Reloaded module/ )
+ ( $ThisLine =~ /^(?:Info: )?Ignoring / ) ||
+ ( $ThisLine =~ /^(?:Info: )?Received HUP signal/ ) ||
+ ( $ThisLine =~ /^(?:Info: )? ?Module: Reloaded module/ ) ||
+ ( $ThisLine =~ /^(?:Info: )?Signalled to terminate/ ) ||
+ # TD: # Skipping contents of 'if' as it is always 'false' -- /etc/raddb/sites-enabled/inner-tunnel
+ # This is a standard config item
+ ( $ThisLine =~ /^(?:Info: )? *# Skipping contents of 'if' as it is always 'false' -- .*inner-tunnel/ ) ||
+ # TD: [/etc/raddb/mods-config/attr_filter/access_reject]:11 Check item "FreeRADIUS-Response-Delay-USec" found in filter list for realm "DEFAULT".
+ # This is triggered by a standard config item and is harmless
+ ( $ThisLine =~ /access_reject\]:\d+ Check item "FreeRADIUS-Response-Delay(?:-USec)?"\s*found in filter list for realm/ ) ||
+ # These should precede Login incoreect messages
+ ( $ThisLine =~ /^eap_tls: *ERROR: \(TLS\) .*(?:certificate.*expired|Error in error)/ ) ||
+ # We count completed events below
+ ( $ThisLine =~ /^(?:Info: )?(?:Start|Stopp|Reload)ing FreeRADIUS/ )
) {
# ignore
}
# TD: Login OK: [user(a)example.com] (from client radius port 0)
# TD: Login OK: [user(a)example.com] (from client radius port 9 cli 00-11-22-33-44-AA;eduroam via TLS tunnel)
- elsif ( my ($user) = ($ThisLine =~ m/^(?:Auth:|\(\d{1,10}\))? Login OK: \[(.+)\] \(from client [^ ]* port \d{1,10}(?: cli [-0-9a-fA-F.:]+)?(?:;\w+)?(?: via TLS tunnel)?\)/) ) {
+ elsif ( my ($user) = ($ThisLine =~ m/^(?:Auth: )?Login OK: \[(.+)\] \(from client [^ ]* port \d{1,10}(?: cli [-0-9a-fA-F.:]+)?(?:;\w+)?(?: via TLS tunnel)?\)/) ) {
$loginsOk{$user}++;
}
@@ -84,26 +105,33 @@
# TD: Login incorrect ( [ldap] User not found): [user(a)example.com] (from client radius port 13 cli 38-16-dd-aa-bb-cc via TLS tunnel)
# TD: Login incorrect (mschap: External script says Logon failure (0xc000006d)): [user(a)example.com] (from client radius port 13 cli aa-bb-cc-11-22-33 via TLS tunnel)
# TD: Login incorrect (TLS Alert write:fatal:handshake failure): [user(a)example.com] (from client radius port 13 cli aa-bb-cc-11-22-33)
- # TD:
- elsif ( my ($user, $ip) = ( $ThisLine =~ m/^(?:Auth:|\(\d{1,10}\))? Login incorrect(?: \(.+\))?: \[(.*)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+)(?:;\w+)?)?(?: via TLS tunnel)?\)/) ) {
- if (! $ip) { $ip = "*not named*"; }
- $wrongUser{$ip}{$user}++;
- $wrong_ip{$ip}++;
+ # TD: Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [04d9f5bc5541] (from client nwra port 50104 cli 04-D9-F5-BC-55-41)
+ elsif ( my ($user, $client) = ( $ThisLine =~ m/^(?:Auth: )?Login incorrect(?: \([^)]+\))?: \[(.*)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+)(?:;\w+)?)?(?: via TLS tunnel)?\)/) ) {
+ if (! $client) { $client = "*not named*"; }
+ $wrongUser{$client}{$user}++;
+ $wrong_client{$client}++;
}
# TD: Login incorrect: [user(a)example.com] (from client radius port 175143 cli cc08.e051.a240)
# TD: Login incorrect: [user(a)example.com] (from client radius1 port 0)
- elsif ( my ($user, $ip) = ($ThisLine =~ m/^(?:Auth: )?Login incorrect: \[(.+)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+))?(?: via TLS tunnel)?\)/) ) {
- if (! $ip) { $ip = "*not named*"; }
- $wrongPassword{$ip}{$user}++;
- $wrong_ip{$ip}++;
+ elsif ( my ($user, $client) = ($ThisLine =~ m/^(?:Auth: )?Login incorrect: \[(.+)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+))?(?: via TLS tunnel)?\)/) ) {
+ if (! $client) { $client = "*not named*"; }
+ $wrongPassword{$client}{$user}++;
+ $wrong_client{$client}++;
+ }
+
+ # TD: Login incorrect (eap_tls: (TLS) OpenSSL says error 10 : certificate has expired): [USERNAME] (from client CLIENTNAME port 50427 cli F8-E4-3B-F1-80-90)
+ elsif ( my ($user, $client) = ( $ThisLine =~ m/^(?:Auth: )?Login incorrect \(.*certificate has expired\): \[(.*)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+)(?:;\w+)?)?(?: via TLS tunnel)?\)/) ) {
+ if (! $client) { $client = "*not named*"; }
+ $certificateExpired{$client}{$user}++;
+ $wrong_client{$client}++;
}
# TD: Invalid user ( [ldap] Access Attribute denies access): [user(a)example.com] (from client radius port 13 cli aa-bb-cc-dd-ee-11 via TLS tunnel)
# TD: Invalid user: [user(a)example.com] (from client <host> port 13 cli aa-bb-cc-dd-ee-11)
- elsif ( my ($reason, $user, $ip) = ($ThisLine =~ m/^(?:Auth: )?Invalid user(?: \(\s*(.+)\))?: \[(.+)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+))?(?: via TLS tunnel)?\)/) ) {
- if (! $ip) { $ip = "*not named*"; }
+ elsif ( my ($reason, $user, $client) = ($ThisLine =~ m/^(?:Auth: )?Invalid user(?: \(\s*(.+)\))?: \[(.+)\] \(from client [^ ]* port \d{1,10}(?: cli ([-0-9a-fA-F.:]+))?(?: via TLS tunnel)?\)/) ) {
+ if (! $client) { $client = "*not named*"; }
if (! $reason) { $reason = "*no reason*"; }
$invalidUser{$reason}{$user}++;
}
@@ -119,11 +147,32 @@
$givingUps{$client}++;
}
+ # TD: eap_tls: ERROR: SSL says error 12 : CRL has expired
+ elsif ( $ThisLine =~ m/CRL has expired/ ) {
+ $crlExpired++;
+ }
+
+
# TD: Child PID 57436 is taking too much time: forcing failure and killing child.
elsif ( $ThisLine =~ m/Child PID \d+ is taking too much time: forcing failure and killing child/ ) {
$killedChilds++;
}
+ # TD: Started FreeRADIUS high performance RADIUS server..
+ elsif ( $ThisLine =~ /^Started FreeRADIUS/ ) {
+ $started++;
+ }
+
+ # TD: Stopping FreeRADIUS high performance RADIUS server..
+ elsif ( $ThisLine =~ /^Stopped FreeRADIUS/ ) {
+ $stopped++;
+ }
+
+ # TD: Reloading FreeRADIUS high performance RADIUS server
+ elsif ( $ThisLine =~ /^Reloaded FreeRADIUS/ ) {
+ $reloaded++;
+ }
+
# TD: Request 67678577 has been waiting in the processing queue for 378 seconds. Check that all databases are running properly!
elsif ($ThisLine =~ m/^Request \d+ has been waiting in the processing queue for (\d+) seconds/) {
$requests++;
@@ -160,48 +209,56 @@
}
-sub compPerIp {
- return $wrong_ip{$b} <=> $wrong_ip{$a};
+sub compPerMacAddr {
+ return $wrong_client{$b} <=> $wrong_client{$a};
}
-if (keys %loginsOk) {
- if ($Detail >= 10) {
- print "\nSuccessful logins:\n";
- foreach my $user (sort {$loginsOk{$b} <=> $loginsOk{$a}} keys %loginsOk) {
- printf " %-40s : %5d time(s)\n", $user, $loginsOk{$user};
- }
- } elsif ($Detail >= 6) {
- my $loginsOkSum = 0;
- foreach my $user (keys %loginsOk) {
- $loginsOkSum += $loginsOk{$user};
- }
- printf "\n%-42s : %5d time(s)\n", "Successful logins", $loginsOkSum;
+if ($Detail >= 8) {
+ if (keys %wrong_client) {
+ print "\nSum of failed logins per client (wrong password or user)\n";
+ foreach my $client (sort compPerMacAddr keys %wrong_client) {
+ printf " %-40s : %5d time(s)\n", $client, $wrong_client{$client};
+ }
}
}
-if ($Detail >= 8) {
- if (keys %wrong_ip) {
- print "\nSum of failed logins per ip (wrong password or user)\n";
- foreach my $ip (sort compPerIp keys %wrong_ip) {
- printf " %-40s : %5d time(s)\n", $ip, $wrong_ip{$ip};
- }
+if (keys %certificateExpired) {
+ if ($Detail >= 3) {
+ print "\nFailed logins - certificate expired:\n";
+ foreach my $client (sort compPerMacAddr keys %certificateExpired) {
+ my $users = $certificateExpired{$client};
+ printf " %-40s\n", $client ;
+ foreach my $user (sort {$users->{$b} <=> $users->{$a}} keys %$users) {
+ #print " $user ", $users->{$user}, " time(s)\n";
+ printf " %-38s : %5d time(s)\n", $user, $users->{$user};
+ }
+ }
+ } else {
+ my $certificateExpiredSum = 0;
+ foreach my $client (%certificateExpired) {
+ my $users = $certificateExpired{$client};
+ foreach my $user (keys %$users) {
+ $certificateExpiredSum += $users->{$user};
+ }
+ }
+ printf "\n%-42s : %5d time(s)\n", "Failed logins - certificate expired", $certificateExpiredSum;
}
}
if (keys %wrongUser) {
- if ($Detail >= 6) {
+ if ($Detail >= 3) {
print "\nFailed logins - wrong user name:\n";
- foreach my $ip (sort compPerIp keys %wrongUser) {
- printf " %-40s\n", $ip;
- my $users = $wrongUser{$ip};
+ foreach my $client (sort compPerMacAddr keys %wrongUser) {
+ printf " %-40s\n", $client;
+ my $users = $wrongUser{$client};
foreach my $user (sort {$users->{$b} <=> $users->{$a}} keys %$users) {
printf " %-38s : %5d time(s)\n", $user, $users->{$user};
}
}
} else {
my $userSum = 0;
- foreach my $ip (keys %wrongUser) {
- my $users = $wrongUser{$ip};
+ foreach my $client (keys %wrongUser) {
+ my $users = $wrongUser{$client};
foreach my $user (keys %$users) {
$userSum += $users->{$user};
}
@@ -213,9 +270,9 @@
if (keys %wrongPassword) {
if ($Detail >= 6) {
print "\nFailed logins - wrong password:\n";
- foreach my $ip (sort compPerIp keys %wrongPassword) {
- my $users = $wrongPassword{$ip};
- printf " %-40s\n", $ip ;
+ foreach my $client (sort compPerMacAddr keys %wrongPassword) {
+ my $users = $wrongPassword{$client};
+ printf " %-40s\n", $client ;
foreach my $user (sort {$users->{$b} <=> $users->{$a}} keys %$users) {
#print " $user ", $users->{$user}, " time(s)\n";
printf " %-38s : %5d time(s)\n", $user, $users->{$user};
@@ -223,8 +280,8 @@
}
} else {
my $wrongPasswordSum = 0;
- foreach my $ip (%wrongPassword) {
- my $users = $wrongPassword{$ip};
+ foreach my $client (%wrongPassword) {
+ my $users = $wrongPassword{$client};
foreach my $user (keys %$users) {
$wrongPasswordSum += $users->{$user};
}
@@ -273,6 +330,10 @@
}
}
+if ($crlExpired) {
+ printf "\nCRL Expired: %5d time(s)\n", $crlExpired;
+}
+
if ($killedChilds) {
printf "\n%-42s : %5d time(s)\n", "Killed Childs (taking too much time)", $killedChilds;
}
@@ -288,6 +349,33 @@
}
}
+if (keys %loginsOk) {
+ if ($Detail >= 10) {
+ print "\nSuccessful logins:\n";
+ foreach my $user (sort {$loginsOk{$b} <=> $loginsOk{$a}} keys %loginsOk) {
+ printf " %-40s : %5d time(s)\n", $user, $loginsOk{$user};
+ }
+ } elsif ($Detail >= 6) {
+ my $loginsOkSum = 0;
+ foreach my $user (keys %loginsOk) {
+ $loginsOkSum += $loginsOk{$user};
+ }
+ printf "\n%-42s : %5d time(s)\n", "Successful logins", $loginsOkSum;
+ }
+}
+
+if ($Detail >= 5 && $started) {
+ printf "\nServer started: %5d time(s)\n", $started;
+}
+
+if ($Detail >= 5 && $stopped) {
+ printf "\nServer stopped: %5d time(s)\n", $stopped;
+}
+
+if ($Detail >= 5 && $reloaded) {
+ printf "\nServer reloaded: %5d time(s)\n", $reloaded;
+}
+
if (keys %OtherList) {
print "\n**** Unmatched entries ****\n";
foreach (keys %OtherList) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/kernel new/logwatch-7.11/scripts/services/kernel
--- old/logwatch-7.9/scripts/services/kernel 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/kernel 2023-10-28 15:58:52.000000000 +0200
@@ -90,9 +90,9 @@
$FPAssists{$1}++;
} elsif ($ThisLine =~ /(?:[Kk]illed|[Kk]ill) process \d+ \((.*)\)/) {
$OOM{$1}++;
- } elsif ($ThisLine =~ /(EDAC (MC|PCI)\d:.*)/) {
+ } elsif ($ThisLine =~ /(EDAC (?:igen6 )?(?:MC|PCI)\d:.*)/) {
# Standard boot messages
- next if $ThisLine =~ /Giving out device to /;
+ next if $ThisLine =~ /(?:Giving out device to |HANDLING IBECC MEMEORY )/;
$EDACs{$1}++;
} elsif ($ThisLine =~ /(block drbd\d+): Online verify found (\d+) \d+k block out of sync/) {
$DRBDErrors{$1}{"$2 block(s) out of sync"} = 1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/lvm new/logwatch-7.11/scripts/services/lvm
--- old/logwatch-7.9/scripts/services/lvm 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/lvm 2024-01-22 20:31:51.000000000 +0100
@@ -44,11 +44,11 @@
chomp($ThisLine);
# Seeing leading space on Fedora 26
$ThisLine =~ s/^ *//;
- if ($ThisLine =~ /^pvscan\[\d+\] PV .* online(?:|, VG .* is complete)\.$/
- or $ThisLine =~ /pvscan\[\d+\] activating all complete VGs for init/
- or $ThisLine =~ /pvscan\[\d+\] PVID .* read from .* last written to/
- or $ThisLine =~ /pvscan\[\d+\] VG .* not using quick activation/
- or $ThisLine =~ /pvscan\[\d+\] VG .* run autoactivation/
+ if ($ThisLine =~ /^(pvscan\[\d+\] )?PV .* online(?:|, VG .* is complete)\.$/
+ or $ThisLine =~ /(pvscan\[\d+\] )?activating all complete VGs for init/
+ or $ThisLine =~ /(pvscan\[\d+\] )?PVID .* read from .* last written to/
+ or $ThisLine =~ /(pvscan\[\d+\] )?VG .* not using quick activation/
+ or $ThisLine =~ /(pvscan\[\d+\] )?VG .* run autoactivation/
# This happens often at startup
or $ThisLine =~ /WARNING: lvmetad is being updated, retrying/
# This happens on shutdown
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/named new/logwatch-7.11/scripts/services/named
--- old/logwatch-7.9/scripts/services/named 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/named 2024-01-22 20:31:51.000000000 +0100
@@ -175,10 +175,12 @@
($ThisLine =~ /too many timeouts resolving '.*' .*: disabling EDNS/) or
($ThisLine =~ /too many timeouts resolving '.*' .*: reducing the advertised EDNS UDP packet size to .* octets/) or
($ThisLine =~ /reloading zones succeeded/) or
+ ($ThisLine =~ /rpz: .*: reload (?:start|done)/) or
($ThisLine =~ /generating session key/) or
($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or
($ThisLine =~ /success resolving '.*' \(in '.*'?\) after disabling EDNS/) or
($ThisLine =~ /success resolving '.*' after disabling qname minimization due to 'failure'/) or
+ ($ThisLine =~ /success resolving '.*' after disabling qname minimization due to 'ncache nxdomain'/) or
($ThisLine =~ /the working directory is not writable/) or
($ThisLine =~ /using default UDP\/IPv[46] port range: \[[0-9]*, [0-9]*\]/) or
($ThisLine =~ /adjusted limit on open files from [0-9]* to [0-9]*/) or
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/nut new/logwatch-7.11/scripts/services/nut
--- old/logwatch-7.9/scripts/services/nut 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/nut 2023-12-11 01:46:45.000000000 +0100
@@ -27,6 +27,7 @@
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my ($Hostname) = ($ENV{'HOSTNAME'} =~ /^([^.]+)/);
my $CannotConnectThreshold = $ENV{'cannot_connect_threshold'} || 0;
+my %BatteryLow;
my %CannotConnect;
my %Commands;
my %CommunicationLost;
@@ -100,6 +101,8 @@
or $ThisLine =~ /^UPS: Started a self-test/
) {
# Ignore these
+ } elsif (($ups) = ($ThisLine =~ /^(?:nut-monitor|upsmon): UPS (\S+) battery is low/)) {
+ $BatteryLow{$ups}++;
} elsif (($ups) = ($ThisLine =~ /^(?:nut-server|upsd): Can't connect to UPS \[(\S+)\]/)) {
$CannotConnect{$ups}++;
} elsif (($user, $command, $ups) = ($ThisLine =~ /^(?:nut-server|upsd): Instant command: (\S+) did (\S+) on (\S+)/)) {
@@ -111,6 +114,11 @@
$CommunicationState{$ups} = "lost";
} elsif (($ups) = ($ThisLine =~ /^(?:nut-monitor|upsmon): Communications with UPS (\S+) established/)) {
$CommunicationState{$ups} = "established";
+ # At Detail 0, we don't want to know about recovered disconnects
+ if ($Detail == 0) {
+ $Unavailable{$ups}--;
+ delete $Unavailable{$ups} if $Unavailable{$ups} <= 0;
+ }
# This may always be paired with the "unavailable" message below - so may want to ignore or move to higher detail
} elsif (($ups) = ($ThisLine =~ /^(?:nut-monitor|upsmon): UPS \[(.+)\]: connect failed:/)) {
$ConnectionFailure{$ups}++;
@@ -187,6 +195,14 @@
print $UpsdrvctlMessages;
}
+if (keys %BatteryLow) {
+ print "UPS battery low:\n";
+ foreach my $ups (sort {$a cmp $b} keys %BatteryLow) {
+ print " $ups: $BatteryLow{$ups} Time(s)\n";
+ }
+ print "\n";
+}
+
if (keys %OnBattery) {
print "UPS on battery:\n";
foreach my $ups (sort {$a cmp $b} keys %OnBattery) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/omsa new/logwatch-7.11/scripts/services/omsa
--- old/logwatch-7.9/scripts/services/omsa 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/omsa 2024-07-17 06:47:13.000000000 +0200
@@ -36,8 +36,13 @@
# \d+ \d+ - (\w+) Service (.*)
while (defined(my $ThisLine = <STDIN>)) {
chomp($ThisLine);
- my ($Service,$Message) = ($ThisLine =~ /^\d+ \d+ - (\w+) Service (.*)$/);
- if ($Message =~ /fail|disable|replace/i) {
+ my ($Service, $Severity, $Category, $MessageID, $Message);
+ if (($Service, $Severity, $Category, $MessageID, $Message) = ($ThisLine =~ /^\d+ \d+ - (\w+) Service Severity: ([^,]+), Category: ([^,]+), MessageID: ([^,]+), Message: (.*)/)) {
+ } else {
+ # Old style
+ ($Service,$Message) = ($ThisLine =~ /^\d+ \d+ - (\w+) Service (.*)$/);
+ }
+ if ($Message =~ /error|fail|degraded|disable|replace|timeout/i or (defined($Severity) and $Severity eq "Critical")) {
# Service erroneously detects failure on service startup
next if (($Service eq "Instrumentation") and $Message =~ /^Power supply detected a failure.*Previous state was: Unknown/);
$ServiceError{$Service}->{$Message}++;
@@ -46,25 +51,27 @@
if ($Service eq "Instrumentation") {
# Service erroneously detects absence on service startup
next if ($Message =~ /^Battery sensor detected absence value/);
- next if (($Message =~ /^IPMI status.*Interface:/) and ($Detail < 10));
- next if (($Message =~ /^Server Administrator start.*/) and ($Detail < 10));
+ next if (($Message =~ /IPMI status.*[Ii]nterface:/) and ($Detail < 10));
+ next if (($Message =~ /Administrator .* start.*/) and ($Detail < 10));
next if (($Message =~ /^Systems Management Data Manager (?:Started|Stopped)/) and ($Detail < 10));
- } elsif ($Service eq "Storage") {
- next if (($Message =~ /^Controller event log: Battery (?:Present|charge complete|started charging|temperature is normal)/) and ($Detail < 5));
- next if (($Message =~ /^Controller event log: (Board Revision|Controller hardware revision ID)/) and ($Detail < 10));
- next if (($Message =~ /^Controller event log: Current capacity of the battery is above threshold/) and ($Detail < 5));
- next if (($Message =~ /^Controller event log: Enclosure .* (:?communication restored|discovered)/) and ($Detail < 10));
- next if (($Message =~ /^Controller event log: Firmware initialization started/) and ($Detail < 10));
- next if (($Message =~ /^Controller event log: Inserted:/) and ($Detail < 5));
- next if (($Message =~ /^Controller event log: PD .* is not a certified drive/) and ($IgnoreNonCertifiedDrives));
- next if (($Message =~ /^Controller event log: Package version/) and ($Detail < 10));
- next if (($Message =~ /^Controller event log: Patrol Read (started|stopped|resumed)/) and ($Detail < 5));
- next if (($Message =~ /^Controller event log: Shutdown command received from host/) and ($Detail < 1));
- next if (($Message =~ /^Controller event log: Time established as/) and ($Detail < 10));
- next if (($Message =~ /^Controller event log: Unexpected sense: Encl PD .* CDB: 12 00 00 00 (:?04|20) 00, Sense: 5\/24\/00/) and ($IgnoreNonCertifiedDrives));
- next if (($Message =~ /^Controller event log: Unexpected sense: PD .* CDB: 12 01 dc 01 1d 00, Sense: (4\/cf|5\/24)\/00/) and ($IgnoreNonCertifiedDrives));
+ } elsif ($Service =~ "Storage") {
+ next if (($Message =~ /^Controller.* event log: Battery (?:Present|charge complete|started charging|temperature is normal)/) and ($Detail < 5));
+ next if (($Message =~ /^Controller.* event log: Controller operating temperature within normal range/) and ($Detail < 5));
+ next if (($Message =~ /^Controller.* event log: (Board Revision|Controller hardware revision ID)/) and ($Detail < 10));
+ next if (($Message =~ /^Controller.* event log: Current capacity of the battery is above threshold/) and ($Detail < 5));
+ next if (($Message =~ /^Controller.* event log: Enclosure .* (:?communication restored|discovered)/) and ($Detail < 10));
+ next if (($Message =~ /^Controller.* event log: Firmware initialization started/) and ($Detail < 10));
+ next if (($Message =~ /^Controller.* event log: Host driver is loaded and operational/) and ($Detail < 5));
+ next if (($Message =~ /^Controller.* event log: Inserted:/) and ($Detail < 5));
+ next if (($Message =~ /^Controller.* event log: PD .* is not a certified drive/) and ($IgnoreNonCertifiedDrives));
+ next if (($Message =~ /^Controller.* event log: Package version/) and ($Detail < 10));
+ next if (($Message =~ /^Controller.* event log: Patrol Read (started|stopped|resumed)/) and ($Detail < 5));
+ next if (($Message =~ /^Controller.* event log: Shutdown command received from host/) and ($Detail < 1));
+ next if (($Message =~ /^Controller.* event log: Time established as/) and ($Detail < 10));
+ next if (($Message =~ /^Controller.* event log: Unexpected sense: Encl PD .* CDB: 12 00 00 00 (:?04|20) 00, Sense: 5\/24\/00/) and ($IgnoreNonCertifiedDrives));
+ next if (($Message =~ /^Controller.* event log: Unexpected sense: PD .* CDB: 12 01 dc 01 1d 00, Sense: (4\/cf|5\/24)\/00/) and ($IgnoreNonCertifiedDrives));
next if (($Message =~ /SCSI sense data:? \(?Sense key: 5 Sense code: 24 Sense qualifier: 0/) and ($IgnoreNonCertifiedDrives));
- next if (($Message =~ /^Disk found is not supplied by an authorized hardware provider/) and ($IgnoreNonCertifiedDrives));
+ next if (($Message =~ /Disk .* is not supplied by an authorized hardware provider/) and ($IgnoreNonCertifiedDrives));
next if (($Message =~ /^The battery charge cycle is complete\./) and ($Detail < 5));
next if (($Message =~ /^The controller battery Learn cycle will start in (?:\d+) days\./) and ($Detail < 5));
next if (($Message =~ /^The Patrol Read has (started|stopped|resumed)/) and ($Detail < 5));
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/pop3 new/logwatch-7.11/scripts/services/pop3
--- old/logwatch-7.9/scripts/services/pop3 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/pop3 2024-04-09 07:03:41.000000000 +0200
@@ -109,7 +109,7 @@
} elsif (
(($User, $Host) = ( $ThisLine =~ /^user (.*?) authenticated - (.*)$/ )) or
(($User, $Host) = ( $ThisLine =~ /^fork_child: \[\d\].*\((.*)\): began session for `(.*)' with .*; child PID is \d+$/ ))
- or (($User, $Host) = ( $ThisLine =~ /^LOGIN, user=([^ ,]+), ip=\[([^ ,]+)\](?:, port=\[\d+\])?$/ ))
+ or (($User, $Host) = ( $ThisLine =~ /^LOGIN, user=([^ ,]+), ip=\[([^ ,]+)\](?:, port=\[\d+\](?:, stls=\d+)?)?$/ ))
) {
$Login{$User}{$Host}++;
} elsif ( ($User,$Downloaded,$DownloadSize,$Left,$LeftSize) = ( $ThisLine =~ /^Stats: (.*?) (.*?) (.*?) (.*?) (.*?)$/) ) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/rsyslogd new/logwatch-7.11/scripts/services/rsyslogd
--- old/logwatch-7.9/scripts/services/rsyslogd 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/rsyslogd 2023-12-11 01:46:45.000000000 +0100
@@ -51,6 +51,7 @@
my $Action;
my $Certificate;
my $Host;
+my $LastError;
my $Message;
my $MessagesLost = 0;
my $Module;
@@ -60,6 +61,7 @@
my %ActionResumed;
my %ActionSuspended;
my %CannotConnect;
+my %ClosedError;
my %DaemonActions;
my %InvalidCertificate;
my %InvalidCerts;
@@ -91,6 +93,20 @@
elsif (($Host, $Reason) = $ThisLine =~ /cannot connect to (.+): (.+) \[/) {
$CannotConnect{"$Host ($Reason)"}++;
}
+ # These should also generate closed connection messages, but record so we can ignore normal events
+ elsif(
+ $ThisLine =~ /(TCPSendBuf error .*), destruct TCP Connection to/ or
+ $ThisLine =~ /(GnuTLS handshake retry returned error:[^.]*)/ or
+ # This proceeds unexpected GnuTLS error -54
+ $ThisLine =~ /(gnutls returned error on handshake:[^.]*)/ or
+ $ThisLine =~ /(peer did not provide a certificate[^[]*)/ or
+ $ThisLine =~ /(unexpected GnuTLS error -\d+)/
+ ) {
+ $LastError = $1;
+ }
+ elsif (($Host) = $ThisLine =~ /^netstream session \S+ from (\S+) will be closed due to error/) {
+ $ClosedError{$LastError}{"$Host"}++ if $LastError !~ /unexpected GnuTLS error -54/;
+ }
elsif (($Host) = $ThisLine =~ /^omfwd: remote server at (.+) seems to have closed connection/) {
$RemoteClosed{"$Host"}++;
}
@@ -106,9 +122,6 @@
$ThisLine =~ /^imuxsock: Acquired UNIX socket .* from systemd/ or
$ThisLine =~ /^message repeated \d+ times:/ or
$ThisLine =~ m!^imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' \(fd 3\) from systemd! or
- # These should also generate closed connection messages
- $ThisLine =~ /TCPSendBuf error .*, destruct TCP Connection to/ or
- $ThisLine =~ /unexpected GnuTLS error .* this could be caused by a broken connection/ or
0 # This line prevents blame shifting as lines are added above
) {
# Ignore these lines
@@ -155,6 +168,17 @@
print "$MessagesLost Messages lost due to rate-limiting\n\n";
}
+if (keys %ClosedError) {
+ print "Connection closed due to error:\n";
+ foreach my $Error (sort keys %ClosedError) {
+ print " $Error:\n";
+ foreach my $Host (sort keys %{$ClosedError{$Error}}) {
+ print " $Host: $ClosedError{$Error}{$Host} Times\n";
+ }
+ }
+ print "\n";
+}
+
if (keys %RemoteClosed) {
my $first = 1;
foreach my $Host (sort keys %RemoteClosed) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/sendmail new/logwatch-7.11/scripts/services/sendmail
--- old/logwatch-7.9/scripts/services/sendmail 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/sendmail 2024-04-09 06:29:31.000000000 +0200
@@ -143,7 +143,8 @@
$Load, $Luser, $MailerName,
$MailerString, $MailerType, $NewQueueID,
$NoCommonName,
-$NumRcpts, $Owner, $QueueID,
+$NumRcpts, $Owner, $OtherListFound,
+$QueueID,
$Reason, $RejCmd, $Relay,
$RelayDeniedCount, $RelayHost, $RelayName,
$Ruser, $Size, $Source,
@@ -294,6 +295,7 @@
( $ThisLine =~ /^--- 334 / ) or
# status code 354 used to request data
( $ThisLine =~ /^--- 354 Enter mail, end with \"\.\" on a line by itself/ ) or
+ ( $ThisLine =~ /^--- 354 End data with <CR><LF>.<CR><LF>/) or
# invalid smtp commands detected later ($RejCmd)
( $ThisLine =~ /^--- 502 5(\.[0-9]){2} Sorry, we do not allow this operation$/ ) or
# Need RCPT most likely because of incorrect RCPT command, in which case ignore it
@@ -582,7 +584,15 @@
$StatRejected{"Unable to deliver mail"}{"system notify"}++;
# Return Receipts from successful delivery
} elsif ($Reason =~ /^Return receipt$/) {
- $ReturnReceipts{$Msgs{$QueueID}{"FromUser"}}++;
+ if (not defined $Msgs{$QueueID}{"FromUser"}) {
+ # The most likely reason for this condition is that the
+ # original email, which identifies the sender, was received
+ # before the --range period specified.
+ $ReturnReceipts{"(Unknown Sender)"}++;
+ } else {
+ $ReturnReceipts{$Msgs{$QueueID}{"FromUser"}}++;
+ }
+
# Timeouts
} elsif ($Reason =~ /^(Warning: could not send message for past .*)/ ) {
$SentTimeouts{$Reason}++;
@@ -623,6 +633,9 @@
# file=collect.c, LogLevel>0, LOG_NOTICE
} elsif ( ($Reason, $Source) = ($ThisLine =~ /collect: (unexpected close|I\/O error|read timeout) on connection from (.*)?, /) ) {
$CollectError{$Reason}{$Source}++;
+ # file=collect.c, LogLevel>0, LOG_NOTICE
+ } elsif ( ($Source, $Reason) = ($ThisLine =~ /collect: relay=(.*), from=.*, info=(.*), where=/) ) {
+ $CollectError{$Reason}{$Source}++;
# file=collect.c, LogLevel>6, LOG_NOTICE
} elsif (($Size) = ($ThisLine =~ /^message size \(([0-9]+)\) exceeds maximum/)) {
$OverSize++;
@@ -765,6 +778,7 @@
$Temp1 =~ s/\s*$//;
# we try to delete it from the list of Unmatched Entries
if (defined $OtherList{$Temp1}) {
+ $OtherListFound = 1;
if ($OtherList{$Temp1} == 1) {
delete ($OtherList{$Temp1});
} elsif ($OtherList{$Temp1} > 1) {
@@ -775,15 +789,19 @@
$OtherList{"Command unrecognized: " . $Temp}++;
}
} else {
+ $OtherListFound = 0;
$OtherList{$Temp1}++;
}
# Ignore commands from connects that failed greeting
if (not defined $PREGreetingQueue{$QueueID}) {
- if (not defined $CommandUnrecognized{$QueueID}) {
- $CommandUnrecognized{$QueueID} = "";
- }
if ($Temp =~ /^$/) { $Temp = "<Empty Line>"};
- $CommandUnrecognized{$QueueID} .= "\t" . $Temp . "\n";
+ if ($OtherListFound == 0) {
+ if (not defined $CommandUnrecognized{$QueueID}) {
+ # initialize string, as we will concatenate commands
+ $CommandUnrecognized{$QueueID} = "";
+ }
+ $CommandUnrecognized{$QueueID} .= "\t" . $Temp . "\n";
+ }
}
# similarly, delete last unmatched entry when too many bad commands
} elsif ( $ThisLine =~ /^--- 421 4\.\d\.\d .* Too many bad commands; closing connection$/) {
@@ -1550,7 +1568,7 @@
eval "$PrintCond" if ($Detail >= 3);
print "\n\nTLS Connect Failed" if ($Detail >=3);
foreach $TLSReason (sort keys %TLSConnectFailed) {
- PrettyTimes(" " . $TLSConnectFailed{$TLSReason})
+ PrettyTimes(" " . $TLSReason, $TLSConnectFailed{$TLSReason})
if ($Detail >= 5);
$TotalError[$ErrorIndex] += $TLSConnectFailed{$TLSReason};
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/smartd new/logwatch-7.11/scripts/services/smartd
--- old/logwatch-7.9/scripts/services/smartd 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/smartd 2024-07-17 06:47:13.000000000 +0200
@@ -50,9 +50,14 @@
my %CheckFailed = ();
my %Monitoring = ();
my %DeviceInfo = ();
+my %Reconnected = ();
+my %Removed = ();
my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
my $IgnoreUnmatched = $ENV{'smartd_ignore_unmatched'} || 0;
+my $IgnoreCapabilities = $ENV{'smartd_ignore_capabilities'} || 0;
+my $IgnorePower = $ENV{'smartd_ignore_power'} || 0;
+my $IgnoreRemoval = $ENV{'smartd_ignore_removal'} || '^$';
#Init String Containers
my (
@@ -139,6 +144,10 @@
|| ($ThisLine =~ /System clock time adjusted to the past/) )
{
# ignore
+ } elsif ( $ThisLine =~ /--capabilites is set/ and $IgnoreCapabilities ) {
+ # ignore
+ } elsif ( $ThisLine =~ /no ATA CHECK POWER STATUS support, ignoring -n Directive/ and $IgnorePower ) {
+ # ignore
} elsif ( ($Device,$Msg) = ($ThisLine =~ /^Device: ([^,]+), is SMART capable. Adding to "monitor" list./ )) {
$Monitoring{$Device} = 1;
@@ -178,7 +187,9 @@
} elsif ( ($Device,$AttribType,$Code,$Name) = ($ThisLine =~ /^Device: ([^,]+), Failed SMART ([A-Za-z]+) Attribute: ([0-9]+) ([A-Za-z_]+)/)) {
$Failed{$Device}{"$AttribType attribute: $Name ($Code)"}++;
} elsif ( ($Device, $Text) = ($ThisLine =~ /^Device: ([^,]+), (?:failed|SMART Failure:) (.*)$/) ) {
- $Failed{$Device}{"$Text"}++;
+ $Failed{$Device}{"$Text"}++;
+ } elsif ( ($Device, $Text) = ($ThisLine =~ /^Device: ([^,]+), (.*) (?:[Ff]ailed)$/) ) {
+ $Failed{$Device}{"$Text"}++;
} elsif ( ( $ThisLine =~ /warning/i ) ) {
$Warnings{$ThisLine}++;
} elsif ( ($Device, $Text) = ( $ThisLine =~ /^Device: ([^,]+), (can't monitor.*)$/i ) ) {
@@ -193,6 +204,10 @@
$UnavailableDev{$Device}++;
} elsif ( ($Device) = ($ThisLine =~ /Device (.*): SATA disks accessed via libata are supported by Linux kernel versions 2.6.15-rc1 and above/) ) {
$SataDisk{"$Device"}++;
+ } elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), reconnected / )) {
+ $Reconnected{$Device}++ if $Device !~ /$IgnoreRemoval/;
+ } elsif ( ($Device) = ($ThisLine =~ /^Device: ([^,]+), removed / )) {
+ $Removed{$Device}++ if $Device !~ /$IgnoreRemoval/;
} elsif ($ThisLine =~ /Unable to monitor any SMART enabled devices\. Try debug \(-d\) option\. Exiting/) {
$UnableToMonitor++;
} elsif ( ($Device) = ($ThisLine =~ /Device: ([^,]+), FAILED SMART self-check/) ) {
@@ -370,6 +385,22 @@
}
print "\n";
}
+
+if (%Removed) {
+ print "\Devices removed:\n";
+ foreach my $Device (sort keys %Removed) {
+ print " " .$Device .": Removed " . $Removed{$Device} . " Time(s)\n";
+ }
+ print "\n";
+}
+
+if (%Reconnected) {
+ print "\Devices reconnected:\n";
+ foreach my $Device (sort keys %Reconnected) {
+ print " " .$Device .": Reconnected " . $Reconnected{$Device} . " Time(s)\n";
+ }
+ print "\n";
+}
if (keys %Monitoring and $Detail > 7) {
print "\nMonitoring:\n";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/sudo new/logwatch-7.11/scripts/services/sudo
--- old/logwatch-7.9/scripts/services/sudo 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/sudo 2024-04-09 07:04:43.000000000 +0200
@@ -44,6 +44,7 @@
# maximum number of commands user ran to display at low detail
my $CmdsThresh = $ENV{'command_run_threshold'} || 0;
my %IgnoreCmds;
+my %IgnoreCmdArgs;
my ($user, $error, $tty, $dir, $euser, $egroup, $tsid, $cmd, $args);
my %ConFailed;
@@ -55,7 +56,11 @@
foreach my $entry (split(',',$ENV{'ignore_commands'})) {
$entry =~ s/['"]//g;
my ($from_user,$to_user,$cmd) = split(';',$entry);
- push(@{$IgnoreCmds{$from_user}{$to_user}},$cmd);
+ if ($cmd =~ " ") {
+ push(@{$IgnoreCmdArgs{$from_user}{$to_user}},$cmd);
+ } else {
+ push(@{$IgnoreCmds{$from_user}{$to_user}},$cmd);
+ }
}
}
@@ -79,6 +84,9 @@
next if (defined($IgnoreCmds{$user}{$euser}) && $cmd =~ join("|",@{$IgnoreCmds{$user}{$euser}}));
next if (defined($IgnoreCmds{'any'}{$euser}) && $cmd =~ join("|",@{$IgnoreCmds{'any'}{$euser}}));
next if (defined($IgnoreCmds{$user}{'any'}) && $cmd =~ join("|",@{$IgnoreCmds{$user}{'any'}}));
+ next if (defined($IgnoreCmdArgs{$user}{$euser}) && "$cmd$args" =~ join("|",@{$IgnoreCmdArgs{$user}{$euser}}));
+ next if (defined($IgnoreCmdArgs{'any'}{$euser}) && "$cmd$args" =~ join("|",@{$IgnoreCmdArgs{'any'}{$euser}}));
+ next if (defined($IgnoreCmdArgs{$user}{'any'}) && "$cmd$args" =~ join("|",@{$IgnoreCmdArgs{$user}{'any'}}));
if ($egroup) {
$euser .= ":${egroup}";
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/systemd new/logwatch-7.11/scripts/services/systemd
--- old/logwatch-7.9/scripts/services/systemd 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/systemd 2024-07-17 06:47:13.000000000 +0200
@@ -63,7 +63,7 @@
while (defined(my $ThisLine = <STDIN>)) {
chomp($ThisLine);
- if ($ThisLine =~ /^(Activat|Deactivat|Mount|Unmount|Reload|Start|Stopp)ing / or
+ if ($ThisLine =~ /^(Activat|Deactivat|Expect|Mount|Unmount|Reload|Start|Stopp)ing / or
$ThisLine =~ /^Finished / or
# sssd users @ in usernames
$ThisLine =~ /^Accepting user\/group name '.*\@.*', which does not match strict user\/group name rules\.$/ or
@@ -99,10 +99,10 @@
$ThisLine =~ /^Mounted / or
$ThisLine =~ /^Queued start job for default target / or
$ThisLine =~ /^Queuing reload/ or
- $ThisLine =~ /^Relabelled / or
- $ThisLine =~ /^Reloading\.$/ or # Happens on each boot at switch root
+ $ThisLine =~ /^Relabell?ed / or
+ $ThisLine =~ /^Reloading\.+$/ or # Happens on each boot at switch root
$ThisLine =~ /^RTC configured in / or
- $ThisLine =~ /^Running in initial RAM disk\.$/ or
+ $ThisLine =~ /^Running in init(?:ial RAM disk|rd)\.$/ or
$ThisLine =~ /^selinux: avc: *received policyload notice/ or
$ThisLine =~ /^selinux: avc: *op=load_policy / or
$ThisLine =~ /^Set hostname to / or
@@ -133,6 +133,7 @@
$ThisLine =~ /Service Restart.* expired, scheduling restart\./ or
$ThisLine =~ /Scheduled restart job, restart counter is at .*\./ or
$ThisLine =~ /: Watchdog timeout/ or
+ $ThisLine =~ /Watchdog running with a timeout of/ or
$ThisLine =~ /^Dependency failed for / or
# This is preceeded by a more descriptive message
$ThisLine =~ / Triggering OnFailure= dependencies\./ or
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/services/zz-disk_space new/logwatch-7.11/scripts/services/zz-disk_space
--- old/logwatch-7.9/scripts/services/zz-disk_space 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/services/zz-disk_space 2024-04-09 07:31:09.000000000 +0200
@@ -162,7 +162,7 @@
#Main
if ($OSname eq "Linux") {
- $df_options = "-h -x tmpfs -x devtmpfs -x udf -x iso9660 -x squashfs";
+ $df_options = "-h -x tmpfs -x devtmpfs -x udf -x iso9660 -x squashfs -x overlay";
if ($local_disks_only) { $df_options .= " -l"; }
} elsif ($OSname eq "Darwin") {
$df_options = "-h -T nodevfs,autofs";
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/logwatch-7.9/scripts/shared/journalctl new/logwatch-7.11/scripts/shared/journalctl
--- old/logwatch-7.9/scripts/shared/journalctl 2023-07-22 18:26:37.000000000 +0200
+++ new/logwatch-7.11/scripts/shared/journalctl 2024-07-21 17:07:49.000000000 +0200
@@ -15,18 +15,36 @@
########################################################
#
# The purpose of this script is to pass the output of the journalctl
-# command to the logwatch parsers. The corresponding conf/logfile
-# can be simple. The following example shows a logfile with two lines:
+# command to the logwatch parsers. The corresponding service file
+# in conf/services/ can be simple. The following example shows a
+# service configuration file with two lines:
# LogFile = none
-# *JournalCtl = "--output=cat --unit=service_name.service"
-# or when combining journals from multiple sources (additional
-# processing is needed in this case):
+# *JournalCtl = "--unit=service_name.service"
+# or when combining journals from multiple sources:
# *JournalCtl = "--merge --no-pager --unit=service_name.service"
#
-# In the example above, the arguments to the JournalCtl command are
+# If the *JournalCtl command is called from a logfile configuration
+# file (in directory conf/logfiles) rather than the service
+# configuration file (in directory conf/services), then the
+# following is needed in the logfile configuration file:
+# LogFile =
+# LogFile = /dev/null
+# *JournalCtl = "--no-pager --unit=service_name.service"
+#
+# In addition to the examples above that use --unit, additional
+# field values may be needed. Both "man journalctl" and
+# "man systemd.journal-fields" describe additional options and
+# fields that may be required. For example, --facility, --priority,
+# --identifier, and _TRANSPORT may need to be specified.
+#
+# To strip the output of journalctl of additional output, including
+# timestamps, the option "--output cat" can be used. Otherwise,
+# additional commands in logwatch (such as "*ApplyStdDate" or
+# "*RemoveHeaders", for example) may be needed.
+#
+# In the examples above, the arguments to the JournalCtl command are
# passed to the journalctl system command. It is advised to delimit
-# the arguments in double quotes to preserve mixed case, if
-# applicable.
+# the arguments in double quotes to preserve mixed case.
use strict;
use warnings;
++++++ logwatch-firewall.patch ++++++
--- /var/tmp/diff_new_pack.NUxWEO/_old 2024-11-01 21:06:52.660705943 +0100
+++ /var/tmp/diff_new_pack.NUxWEO/_new 2024-11-01 21:06:52.660705943 +0100
@@ -1,8 +1,8 @@
Index: conf/logfiles/iptables.conf
===================================================================
---- conf/logfiles/iptables.conf.orig 2010-04-30 23:36:27.000000000 +0200
-+++ conf/logfiles/iptables.conf 2011-10-17 12:48:39.746113236 +0200
-@@ -6,17 +6,21 @@
+--- conf/logfiles/iptables.conf.orig
++++ conf/logfiles/iptables.conf
+@@ -6,6 +6,8 @@
# This was written and is maintained by:
# Kirk Bauer <kirk(a)kaybee.org>
#
@@ -11,15 +11,17 @@
# Please send all comments, suggestions, bug reports,
# etc, to kirk(a)kaybee.org.
########################################################
-
+@@ -13,12 +15,14 @@
# What actual file? Defaults to LogPath if not absolute path....
LogFile = ulogd/ulogd.syslogemu
+ LogFile = iptables.log
+LogFile = firewall
# If the archives are searched, here is one or more line
# (optionally containing wildcards) that tell where they are...
Archive = ulogd/ulogd.syslogemu.*
Archive = ulogd/ulogd.syslogemu-*
+ Archive = iptables.log-*
+Archive = firewall-*
# Keep only the lines in the proper date range...
