Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 162947 - egrep problems cause empty report section
Summary: egrep problems cause empty report section
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: logwatch
Version: 4
Hardware: noarch
OS: Linux
medium
high
Target Milestone: ---
Assignee: Ivana Varekova
QA Contact:
URL:
Whiteboard:
: 166864 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-07-11 19:25 UTC by Stuart
Modified: 2007-11-30 22:11 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-07-15 06:14:05 UTC


Attachments (Terms of Use)
diff of the new v6 (.orig) scripts vs the old v5 scripts (deleted)
2005-07-11 19:32 UTC, Stuart
no flags Details | Diff

Description Stuart 2005-07-11 19:25:43 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0

Description of problem:
logwatch in FC4 appears to have changed /etc/log.d/scripts/shared/onlycontains and /etc/log.d/scripts/shared/remove, specifically in the way that egrep is called.  In FC3, my ipchains logs would be summarized in the Kernel section of the dayily logwatch report.  In FC4, I've been seeing only the following:

 --------------------- Kernel Begin ------------------------ 

 egrep: module: No such file or directory
 
 ---------------------- Kernel End ------------------------- 

I didn't have time to troubleshoot the problem too much, but was able to resolve the immediate problem by replacing both scripts with the version from an FC3 system (logwatch-5.2.2-1).  By downgrading the files (/etc/log.d/scripts/shared/onlycontains and /etc/log.d/scripts/shared/remove), I was able to regain normal operation of the Kernel log summary.


Version-Release number of selected component (if applicable):
logwatch-6.0.1-2

How reproducible:
Always

Steps to Reproduce:
Install an FC4 system, all entries in the "Kernel" section of the syslog summary will be supressed and an "egrep: module: No such file or directory" error will be listed instead.


Expected Results:  I expect the same log summarization as experienced in FC3.


Additional info:

I'm listing the severity as high since this has been my primary way of monitoring ipchains log entries and is probably the case for others as well.  In that sense, there is a loss of data and this is potentially a security problem.

Comment 1 Stuart 2005-07-11 19:32:43 UTC
Created attachment 116618 [details]
diff of the new v6 (.orig) scripts vs the old v5 scripts

Attached is a diff of the downgrade that I performed.  It appears that the new
v6 logwatch scripts are perl scripts?  Whereas the old v5 scripts are sh
scripts.

Comment 2 Ivana Varekova 2005-07-12 13:24:55 UTC
Thank you for your notice,
this bug is fixed in new devel version (logwatch-6.1.2-2).
If there is any problem, please reopen this bug.
Ivana Varekova

Comment 3 Jan Kratochvil 2005-07-13 02:17:38 UTC
Isn't this problem important enough to push the new 'logwatch' for FC4 updates?


Comment 4 Stuart 2005-07-13 17:13:39 UTC
I have the same feeling as Jan - why isn't this going to be pushed as an FC4 
update?

At the very least, can the URL to the logwatch-6.1.2-2 RPM be provided?  
Looking at the logwatch.org website, their most recent RPM is only 6.1.2-1.


Comment 5 Jan Kratochvil 2005-07-13 21:48:03 UTC
URL for RawHide i386 logwatch-6.1.2-2 RPM:
http://ftp.nara.wide.ad.jp/pub/Linux/fedora/core/development/i386/Fedora/RPMS/logwatch-6.1.2-2.noarch.rpm


Comment 6 Ivana Varekova 2005-07-14 11:21:25 UTC
I update logwatch fc4 version too (fixed fc4 version is logwatch-6.1.2-1.fc4,
there are fixed several other bugs). This version will be in fc4 updates soon.
 


Comment 7 Ivana Varekova 2005-08-29 08:40:31 UTC
*** Bug 166864 has been marked as a duplicate of this bug. ***


Note You need to log in before you can comment on or make changes to this bug.