[Logcheck-devel] Bug#750232: logtail2 should not not print the final log entry if it does not end with "\n"

[Chris Stromsoe]

Package: logtail
Version: 1.3.15
Severity: wishlist

logtail2 does not do any sanity checking on the final line of input to 
make sure that it is complete and "\n" terminated.  If syslog is not set 
to flush on every write, it's possible for consecutive runs of logcheck to 
get a single log entry split in half for each run, resulting in false 
positives from logcheck.

logtail2 should be updated to put back $_ if it is not "\n" terminated. 
Maybe a change to something like:

sub print_from_offset {
     my ($filename, $offset) = @_;
     # this subroutine prints the contents of the file named $filename,
     # starting offset $offset.
     #print "print_from_offset $filename, $offset\n";
     unless (open(LOGFILE, $filename)) {
         print STDERR "File $logfile cannot be read: $!\n";
         exit 66;
     }

     seek(LOGFILE, $offset, 0);

     while (<LOGFILE>) {
         last if eof(LOGFILE) && substr($_, -1, 1) ne "\n" && seek(LOGFILE, -1 * length($_), 1);
         print $_ if
     }

     $size = tell LOGFILE;
     close LOGFILE;
     return $size;
}