[Pkg-logwatch-general] r63 - in trunk: . debian debian/dist.conf/logfiles patches

Willi Mann willi-guest at alioth.debian.org
Tue Apr 24 15:44:56 UTC 2007


Author: willi-guest
Date: 2007-04-24 15:44:56 +0000 (Tue, 24 Apr 2007)
New Revision: 63

Added:
   trunk/debian/dist.conf/logfiles/maillog.conf
   trunk/debian/watch
   trunk/patches/00-debspecific-disable-su-reporting-in-secure.diff
Removed:
   trunk/patches/00-fileisnodirectory-from-upstream.diff
   trunk/patches/01-unmatchedsecure.diff
   trunk/patches/02-debspecific-disable-su-reporting-in-secure.diff
   trunk/patches/03-pam_unix-resolve-session-opened-by.diff
   trunk/patches/04-cron-no-reboot-jobs-no-sys-reboot.diff
   trunk/patches/05-openvpn-sigterm.diff
   trunk/patches/06-named-ipv6-stopping-command-channel.diff
   trunk/patches/07-courier-authdaemond-nonlogs.diff
   trunk/patches/08-debspecific-datemanip-apt-install.diff
   trunk/patches/09-postfix-unmatched-bug390741.diff
   trunk/patches/10-postfix-smtpd-ignore-in-secure.diff
   trunk/patches/11-fail2ban.diff
Modified:
   trunk/buildversion.sh
   trunk/debian/changelog
   trunk/debian/control
Log:
Prepare 7.3.4: #1


Modified: trunk/buildversion.sh
===================================================================
--- trunk/buildversion.sh	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/buildversion.sh	2007-04-24 15:44:56 UTC (rev 63)
@@ -3,7 +3,7 @@
 
 VERSION=$1
 if [ -z "$VERSION" ]; then
-	VERSION=7.3.1
+	VERSION=7.3.4
 fi
 
 TARBALL=logwatch-$VERSION.tar.gz

Modified: trunk/debian/changelog
===================================================================
--- trunk/debian/changelog	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/debian/changelog	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,3 +1,16 @@
+logwatch (7.3.4-1~pre1) unstable; urgency=low
+
+  * New upstream version:
+    - closes: #317388 "Unmatched entries in Postfix section"
+    - closes: #406084 "range examples are wrong ..." 
+  * Depend on exim4 rather than exim in debian/controls (closes: #420270)
+  * Add watch file (thanks to Clint Adams, closes: #420243)
+  * Use Homepage: instead of verbosity in Description (closes: #416488)
+  * Avoid using syslog for maillog services. This fixes double reports of 
+    postfix, courier and maybe some others. 
+
+ -- Willi Mann <willi at wm1.at>  Mon, 23 Apr 2007 11:46:23 +0200
+
 logwatch (7.3.1-5) unstable; urgency=low
 
   * Regression: fail2ban doesn't filter by date, thanks Yaroslav Halchenko

Modified: trunk/debian/control
===================================================================
--- trunk/debian/control	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/debian/control	2007-04-24 15:44:56 UTC (rev 63)
@@ -7,7 +7,7 @@
 
 Package: logwatch
 Architecture: all
-Depends: ${perl:Depends}, ${misc:Depends}, exim | mail-transport-agent
+Depends: ${perl:Depends}, ${misc:Depends}, exim4 | mail-transport-agent
 Recommends: libdate-manip-perl
 Suggests: fortune-mod
 Description: log analyser with nice output written in Perl
@@ -22,5 +22,5 @@
  you will know that the reported event was logged in the requested range of 
  time, but you will have to go to the raw log files to get the exact details.
  .
- The homepage of logwatch is: http://www.logwatch.org/
+ Homepage: http://www.logwatch.org/
 

Added: trunk/debian/dist.conf/logfiles/maillog.conf
===================================================================
--- trunk/debian/dist.conf/logfiles/maillog.conf	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/debian/dist.conf/logfiles/maillog.conf	2007-04-24 15:44:56 UTC (rev 63)
@@ -0,0 +1,6 @@
+LogFile =
+LogFile = mail.log
+LogFile = mail.log.0
+
+Archive =
+Archive = mail.log.*.gz

Added: trunk/debian/watch
===================================================================
--- trunk/debian/watch	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/debian/watch	2007-04-24 15:44:56 UTC (rev 63)
@@ -0,0 +1,5 @@
+# Watch file by Clint Adams
+version=3
+ftp://ftp.kaybee.org/pub/linux/logwatch-([\d.]+)\.tar.gz debian uupdate
+
+

Copied: trunk/patches/00-debspecific-disable-su-reporting-in-secure.diff (from rev 56, trunk/patches/02-debspecific-disable-su-reporting-in-secure.diff)

Deleted: trunk/patches/00-fileisnodirectory-from-upstream.diff
===================================================================
--- trunk/patches/00-fileisnodirectory-from-upstream.diff	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/patches/00-fileisnodirectory-from-upstream.diff	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,25 +0,0 @@
-===================================================================
-RCS file: /var/cvs/logwatch/scripts/logwatch.pl,v
-retrieving revision 1.178
-retrieving revision 1.179
-diff -u -r1.178 -r1.179
---- logwatch/scripts/logwatch.pl	2006/09/16 04:04:14	1.178
-+++ logwatch/scripts/logwatch.pl	2006/09/20 16:48:02	1.179
-@@ -1,7 +1,7 @@
- #!/usr/bin/perl -w
- use strict;
- ##########################################################################
--# $Id: logwatch.pl,v 1.178 2006/09/16 04:04:14 kirk Exp $
-+# $Id: logwatch.pl,v 1.179 2006/09/20 16:48:02 mike Exp $
- ##########################################################################
- # Most current version can always be found at:
- # ftp://ftp.logwatch.org/pub/redhat/RPMS
-@@ -896,7 +896,7 @@
- 
-    foreach my $ThisFile (@FileList) {
-       #Existence check for files -mgt
--      next unless (-e $ThisFile);
-+      next unless (-f $ThisFile);
-       if (! -r $ThisFile) {
-          print "File $ThisFile is not readable.  Check permissions.";
-          if ($> != 0) {

Deleted: trunk/patches/01-unmatchedsecure.diff
===================================================================
--- trunk/patches/01-unmatchedsecure.diff	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/patches/01-unmatchedsecure.diff	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,13 +0,0 @@
-diff -u logwatch-7.3.1/scripts/services/secure logwatch-7.3.1/scripts/services/secure
---- logwatch-7.3.1/scripts/services/secure	2006-09-21 15:04:53.000000000 +0200
-+++ logwatch-7.3.1/scripts/services/secure	2006-09-22 11:42:03.000000000 +0200
-@@ -174,6 +174,9 @@
-       ( $ThisLine =~ /^sshd\(\w+\)\[\d+\]: session /) or
-       ( $ThisLine =~ /^ipop3d\[\d+\]:/) or
-       ( $ThisLine =~ /^su\[\d+\]: [+-] .+/) or
-+      ( $ThisLine =~ /^su\[\d+\]: FAILED su for \S+ by \S+/) or #debian: done in pam_unix
-+      ( $ThisLine =~ /^login\[\d+\]: ROOT LOGIN  on '\S+'/) or #debian: done in pam_unix (Similar message on other system is reported)
-+      ( $ThisLine =~ /^login\[\d+\]: FAILED LOGIN \(\d+\) on ['`]\S+' FOR `\S+', (Authentication failure|User not known to the underlying authentication module)/) or #debian: done in pam_unix
-       ( $ThisLine =~ /^pam_limits\[\d+\]/ ) or
-       ( $ThisLine =~ /^kcheckpass(\[\d+\]|):/ ) or   # done in pam_unix
-       ( $ThisLine =~ /^cyrus\/lmtpd\[\d+\]: [^ ]+ server step [12]/ ) or

Deleted: trunk/patches/02-debspecific-disable-su-reporting-in-secure.diff
===================================================================
--- trunk/patches/02-debspecific-disable-su-reporting-in-secure.diff	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/patches/02-debspecific-disable-su-reporting-in-secure.diff	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,18 +0,0 @@
-diff -ur logwatch-7.3.1.b/scripts/services/secure logwatch-7.3.1/scripts/services/secure
---- logwatch-7.3.1.b/scripts/services/secure	2006-09-21 19:15:53.000000000 +0200
-+++ logwatch-7.3.1/scripts/services/secure	2006-09-21 19:20:59.000000000 +0200
-@@ -376,11 +376,11 @@
-    } elsif ($ThisLine =~ /^pam_pwdfile\[\d+\]: password too short or NULL/) {
-       $pwd_file_too_short++;
-    } elsif ( ($User,$Su) = ($ThisLine =~ /^su: ([^ ]+) to ([^ ]+) on \/dev\/ttyp([0-9a-z]+)/) ) {
--      $Su_User{$User}{$Su}++; 
-+      #$Su_User{$User}{$Su}++; #disabled for debian: reported in pam_unix
-    } elsif ( ($Su,$User) = ($ThisLine =~ /^su: \(to ([^ ]+)\) ([^ ]+) on (?:none|\/dev\/(pts\/|ttyp)([0-9]+))/) ) {
--      $Su_User{$User}{$Su}++;
-+      #$Su_User{$User}{$Su}++; #  -|-
-    } elsif ( ($Su,$User) = ($ThisLine =~ /^su\[\d+\]: Successful su for (\S+) by (\S+)/) ) {
--      $Su_User{$User}{$Su}++;
-+      #$Su_User{$User}{$Su}++; #  -|-
-    } elsif ($ThisLine =~ /^userhelper\[\d+\]: running '([^']+)' with ([^']+) privileges on behalf of '([^']+)'/) {
-       $Executed_app{"$1,$2,$3"}++;
-    } elsif ( ($User) = $ThisLine =~ /change user `([^']+)' password/) {

Deleted: trunk/patches/03-pam_unix-resolve-session-opened-by.diff
===================================================================
--- trunk/patches/03-pam_unix-resolve-session-opened-by.diff	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/patches/03-pam_unix-resolve-session-opened-by.diff	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,28 +0,0 @@
-#Reasons for this patch: 
-#- In debian, the user that initiates a su command is reported only by his id, 
-#  not by his name, so look it up.
-#- For failures, logwatch assumed the initiating users would be reported in logname. 
-#  At least in debian, it's not
-diff -ur logwatch-7.3.1.b/scripts/services/pam_unix logwatch-7.3.1/scripts/services/pam_unix
---- logwatch-7.3.1.b/scripts/services/pam_unix	2006-09-15 17:40:58.000000000 +0200
-+++ logwatch-7.3.1/scripts/services/pam_unix	2006-09-21 20:09:03.000000000 +0200
-@@ -146,12 +146,16 @@
-          $data{$service}{'Unknown Entries'}{$line}++;
-       }
-    } elsif (($service eq 'su') or ($service eq 'sudo') or ($service eq 'su-l')) {
--      if ($line =~ s/^authentication failure; logname=(.*) uid=(\d+) .*user=(\S*)$/$1($2) -> $3/) {
-+      if ( my ($logname, $uid, $ruser, $user) = ($line =~ /^authentication failure; logname=(\S*)\s+uid=(\d+) (?:.*ruser=(\S*)\s+)?.*user=(\S*)$/)) {
-+         $line = ($logname or $ruser)."($uid) -> $user";
-          $data{$service}{'Authentication Failures'}{$line}++;
-       } elsif ($line =~ /session closed for user/) {
-          # ignore this line
--      } elsif ($line =~ s/session opened for user (.+) by (.+)$/$2 -> $1/) {
--         $data{$service}{'Sessions Opened'}{$line}++;
-+      } elsif (my ($nam, $byid) = ($line =~ /session opened for user (.+) by (.+)$/)) {
-+         #resolve uid to name if possible
-+         $byid =~ s/\(uid=(\d+)\)/$1/;
-+         my $onam = getpwuid($byid) or $byid;
-+         $data{$service}{'Sessions Opened'}{"$onam -> $nam"}++;
-       } else {
-          $data{$service}{'Unknown Entries'}{$line}++;
-       }

Deleted: trunk/patches/04-cron-no-reboot-jobs-no-sys-reboot.diff
===================================================================
--- trunk/patches/04-cron-no-reboot-jobs-no-sys-reboot.diff	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/patches/04-cron-no-reboot-jobs-no-sys-reboot.diff	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,11 +0,0 @@
-diff -ur logwatch-7.3.1.b/scripts/services/cron logwatch-7.3.1/scripts/services/cron
---- logwatch-7.3.1.b/scripts/services/cron	2006-07-28 19:40:12.000000000 +0200
-+++ logwatch-7.3.1/scripts/services/cron	2006-09-21 20:36:52.000000000 +0200
-@@ -84,6 +84,7 @@
-       ($ThisLine =~ /INFO \(pidfile fd = \d+\)/) or
-       ($ThisLine =~ /rsyncd/) or
-       ($ThisLine =~ /INFO \(Running \@reboot jobs\)/) or
-+      ($ThisLine =~ /INFO \(Skipping \@reboot jobs -- not system startup\)/) or
-       ($ThisLine =~ /logfile turned over/) # newsyslog on OpenBSD
-    ) {
-       # Ignore

Deleted: trunk/patches/05-openvpn-sigterm.diff
===================================================================
--- trunk/patches/05-openvpn-sigterm.diff	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/patches/05-openvpn-sigterm.diff	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,12 +0,0 @@
-diff -ur logwatch-7.3.1.b/scripts/services/openvpn logwatch-7.3.1/scripts/services/openvpn
---- logwatch-7.3.1.b/scripts/services/openvpn	2006-08-23 23:42:57.000000000 +0200
-+++ logwatch-7.3.1/scripts/services/openvpn	2006-09-21 20:43:35.000000000 +0200
-@@ -59,7 +59,7 @@
-       ($ThisLine =~ /^Re-using SSL\/TLS context/) or
-       ($ThisLine =~ /^Restart pause, \d+ second\(s\)/) or
-       ($ThisLine =~ /^SENT CONTROL/) or
--      ($ThisLine =~ /^SIGTERM\[hard,\] received, process exiting/) or
-+      ($ThisLine =~ /^SIGTERM\[hard,[^\]]*\] received, process exiting/) or
-       ($ThisLine =~ /^SIGUSR1\[soft,(connection-reset|ping-restart)\] received, (process|client-instance) restarting/) or
-       ($ThisLine =~ /^TCP\/UDP: Closing socket/) or
-       ($ThisLine =~ /^TCP\/UDP: Dynamic remote address changed during TCP connection establishment/) or

Deleted: trunk/patches/06-named-ipv6-stopping-command-channel.diff
===================================================================
--- trunk/patches/06-named-ipv6-stopping-command-channel.diff	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/patches/06-named-ipv6-stopping-command-channel.diff	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,13 +0,0 @@
-Nur in logwatch-7.3.1.b: logwatch-7.3.1.
-diff -ur logwatch-7.3.1.b/scripts/services/named logwatch-7.3.1/scripts/services/named
---- logwatch-7.3.1.b/scripts/services/named	2006-09-15 17:40:58.000000000 +0200
-+++ logwatch-7.3.1/scripts/services/named	2006-09-21 20:57:55.000000000 +0200
-@@ -126,7 +126,7 @@
-       ($ThisLine =~ /^exiting/) or
-       ($ThisLine =~ /no longer listening/) or
-       ($ThisLine =~ /the default for the .* option is now/) or
--      ($ThisLine =~ /stopping command channel on [0-9.#]/) or
-+      ($ThisLine =~ /stopping command channel on \S+/) or
-       ($ThisLine =~ /Malformed response from/) or
-       ($ThisLine =~ /client .+#\d+: query:/) or
-       # Do we really want to ignore these?

Deleted: trunk/patches/07-courier-authdaemond-nonlogs.diff
===================================================================
--- trunk/patches/07-courier-authdaemond-nonlogs.diff	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/patches/07-courier-authdaemond-nonlogs.diff	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,29 +0,0 @@
-diff -ur logwatch-7.3.1.b/scripts/services/courier logwatch-7.3.1/scripts/services/courier
---- logwatch-7.3.1.b/scripts/services/courier	2006-03-13 21:02:02.000000000 +0100
-+++ logwatch-7.3.1/scripts/services/courier	2006-09-21 21:15:30.000000000 +0200
-@@ -1,5 +1,5 @@
- #
--# Copyright 2003-2004 by Willi Mann <willi at wm1.at>
-+# Copyright 2003-2006 by Willi Mann <willi at wm1.at>
- #
- # This program is free software; you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
-@@ -30,6 +30,9 @@
- # }
- # 
- 
-+# Note: In case this is wanted and if I'm asked, I might relicense the 
-+# generic reporting functions under Logwatch's license.
-+
- use strict;
- 
- #Could be neccessary in some environments
-@@ -382,6 +385,8 @@
-       ($ThisLine =~ /^Initializing */) or
-       ($ThisLine =~ /^Installing */) or
-       ($ThisLine =~ /^Installed: */) or
-+      ($ThisLine =~ /^Installation complete: / ) or
-+      ($ThisLine =~ /^stopping authdaemond children/ ) or
-       ($ThisLine =~ /^Started .\/courier.*, pid=.*, maxdels=.*, maxhost=.*, maxrcpt=.*1/ ) or
-       ($ThisLine =~ /^Waiting\.  shutdown time=.*, wakeup time=.*, queuedelivering=.*, inprogress=.*/) or
-       ($ThisLine =~ /^Loading STATIC transport module libraries./) or

Deleted: trunk/patches/08-debspecific-datemanip-apt-install.diff
===================================================================
--- trunk/patches/08-debspecific-datemanip-apt-install.diff	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/patches/08-debspecific-datemanip-apt-install.diff	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,11 +0,0 @@
-diff -ur logwatch-7.3.1.b/lib/Logwatch.pm logwatch-7.3.1/lib/Logwatch.pm
---- logwatch-7.3.1.b/lib/Logwatch.pm	2006-01-21 00:20:20.000000000 +0100
-+++ logwatch-7.3.1/lib/Logwatch.pm	2006-09-22 12:00:19.000000000 +0200
-@@ -358,6 +358,7 @@
-        print STDERR "\nThis system does not have Date::Manip module loaded, and therefore\n";
-        print STDERR "the only valid --range parameters are 'yesterday', 'today', or 'all'.\n";
-        print STDERR "The Date::Manip module can be installed by using either of:\n";
-+       print STDERR "   apt-get install libdate-manip-perl (recommended on Debian)'\n";
-        print STDERR "   cpan -i 'Date::Manip'\n";
-        print STDERR "   perl -MCPAN -e 'install Date::Manip'\n";
-        print STDERR "\nFollowing is a description of the full capabilities available if\n";

Deleted: trunk/patches/09-postfix-unmatched-bug390741.diff
===================================================================
--- trunk/patches/09-postfix-unmatched-bug390741.diff	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/patches/09-postfix-unmatched-bug390741.diff	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,21 +0,0 @@
-diff -u logwatch-7.3.1/scripts/services/postfix logwatch-7.3.1/scripts/services/postfix
---- logwatch-7.3.1/scripts/services/postfix	2006-10-03 08:52:17.000000000 +0200
-+++ logwatch-7.3.1/scripts/services/postfix	2006-10-14 12:19:37.000000000 +0200
-@@ -174,6 +174,7 @@
-       ( $ThisLine =~ m/^$re_MsgID: to=\<.*>, relay=.*, delay=[\d.]+,(?: delays=[\d\/.]+, dsn=[\d.]+,)? status=(?:sent|deferred)/ ) or
-       ( $ThisLine =~ m/^$re_MsgID: host [^ ]*\[[^ ]*\] said: 4[0-9][0-9]/ ) or
-       ( $ThisLine =~ m/^$re_MsgID: host [^ ]*\[[^ ]*\] refused to talk to me: 4[0-9][0-9]/ ) or
-+      ( $ThisLine =~ m/^$re_MsgID: sender non-delivery notification: $re_MsgID/ ) or
-       ( $ThisLine =~ m/^Deleted: \d message$/ ) or
-       ( $ThisLine =~ m/^Peer certficate could not be verified$/ ) or #postfix typo
-       ( $ThisLine =~ m/^Peer certificate could not be verified$/ ) or
-@@ -331,7 +332,8 @@
-       $SaslAuthenticationFail{$Host}++;
-    } elsif (
-          ($Host,$User) = ($ThisLine =~ /^$re_MsgID: client=([^ ]*\[[^ ]*\]), .* sasl_username=([^ ]*)$/) or
--         ($Host,$User) = ($ThisLine =~ /^$re_MsgID: client=([^ ]*\[[^ ]*\]), sasl_sender=([^ ]*)$/)
-+         ($Host,$User) = ($ThisLine =~ /^$re_MsgID: client=([^ ]*\[[^ ]*\]), sasl_sender=([^ ]*)$/) or
-+         ($Host,$User) = ($ThisLine =~ /^$re_MsgID: client=([^ ]*\[[^ ]*\]), .* sasl_username=([^ ]*), sasl_sender=[^ ]*$/)
-       ) {
-       chomp($User);
-       $SaslAuth{$Host}{$User}++;

Deleted: trunk/patches/10-postfix-smtpd-ignore-in-secure.diff
===================================================================
--- trunk/patches/10-postfix-smtpd-ignore-in-secure.diff	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/patches/10-postfix-smtpd-ignore-in-secure.diff	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,12 +0,0 @@
-diff -ur logwatch-7.3.1.b/conf/services/secure.conf logwatch-7.3.1/conf/services/secure.conf
---- logwatch-7.3.1.b/conf/services/secure.conf	2005-02-24 18:05:20.000000000 +0100
-+++ logwatch-7.3.1/conf/services/secure.conf	2006-10-15 14:08:24.000000000 +0200
-@@ -24,7 +24,7 @@
- # Use this to ignore certain services in the secure log.
- # You can ignore as many services as you would like.
- # (we ignore sshd because its entries are processed by the sshd script)
--$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd
-+$ignore_services = sshd Pluto stunnel proftpd saslauthd imapd postfix/smtpd
- 
- # For these services, summarize only (i.e. don't least each IP, just
- # list the number of connections total)

Deleted: trunk/patches/11-fail2ban.diff
===================================================================
--- trunk/patches/11-fail2ban.diff	2007-04-23 09:27:11 UTC (rev 62)
+++ trunk/patches/11-fail2ban.diff	2007-04-24 15:44:56 UTC (rev 63)
@@ -1,54 +0,0 @@
-diff -Naur logwatch-7.3.1.orig/conf/logfiles/fail2ban.conf logwatch-7.3.1/conf/logfiles/fail2ban.conf
---- logwatch-7.3.1.orig/conf/logfiles/fail2ban.conf	2006-05-30 15:04:26.000000000 -0400
-+++ logwatch-7.3.1/conf/logfiles/fail2ban.conf	2006-11-21 12:58:35.000000000 -0500
-@@ -17,9 +17,12 @@
- # Yes = True  = On  = 1
- # No  = False = Off = 0
- 
--Title = fail2ban-messages
- 
--# Which logfile group...
-+*ApplyEuroDate
-+
-+
--LogFile = fail2ban
-+LogFile = fail2ban.log
- 
-+Archive = fail2ban.log.1
-+Archive = fail2ban.log.*.gz
- 
-diff -Naur logwatch-7.3.1.orig/scripts/services/fail2ban logwatch-7.3.1/scripts/services/fail2ban
---- logwatch-7.3.1.orig/scripts/services/fail2ban	2006-05-30 15:04:26.000000000 -0400
-+++ logwatch-7.3.1/scripts/services/fail2ban	2006-11-22 09:46:49.000000000 -0500
-@@ -36,7 +36,9 @@
-     }
-     chomp($ThisLine);
-     if ( ($ThisLine =~ /..,... DEBUG: /) or
-+	 ($ThisLine =~ /..,... \S*\s*: DEBUG /) or # syntax of 0.7.? fail2ban
- 	 ($ThisLine =~ /..,... INFO: (Fail2Ban v.* is running|Exiting|Enabled sections:)/) or
-+	 ($ThisLine =~ /..,... \S+\s*: INFO\s+(Set |Socket|Exiting|Gamin|Created|Added|Using)/) or # syntax of 0.7.? fail2ban
- 	 ($ThisLine =~ /..,... WARNING: Verbose level is /) or
- 	 ($ThisLine =~ /..,... WARNING: Restoring firewall rules/)
- 	 )
-@@ -44,7 +46,7 @@
- 	if ( $Debug >= 6 ) {
- 	    print STDERR "DEBUG($DebugCounter): line ignored\n";
- 	}
--    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:\s(.*):\s(Ban|Unban)[^\.]* (\S+)/)) {
-+    } elsif ( my ($Service,$Action,$Host) = ($ThisLine =~ m/WARNING:?\s\[?(.*?)[]:]?\s(Ban|Unban)[^\.]* (\S+)/)) {
- 	if ( $Debug >= 6 ) {
- 	    print STDERR "DEBUG($DebugCounter): Found $Action for $Service from $Host\n";
- 	}
-@@ -59,9 +61,10 @@
- 	$ServicesBans{$Service}{$Host}{'AlreadyInTheList'}++;
-     } elsif ( my ($Service,$Host) = ($ThisLine =~ m/ WARNING:\s(.*):\sReBan (\S+)/)) {
- 	$ServicesBans{$Service}{$Host}{'ReBan'}++;
--    } elsif ($ThisLine =~ /..,... ERROR: (Execution of command )?\'iptables/) {
-+    } elsif ($ThisLine =~ / ERROR:?\s*(Execution of command )?\'?iptables/) {
- 	push @IptablesErrors, "$ThisLine\n";
--    } elsif ($ThisLine =~ /..,... WARNING: \#\S+ reinitialization of firewalls/) {
-+    } elsif (($ThisLine =~ /..,... WARNING: \#\S+ reinitialization of firewalls/) or
-+	     ($ThisLine =~ / ERROR\s*Invariant check failed. Trying to restore a sane environment/)) {
- 	$ReInitializations++;
-     } elsif ($ThisLine =~ /..,... WARNING:  is not a valid IP address/) {
- 	# just ignore - this will be fixed within fail2ban and is harmless warning




More information about the Pkg-logwatch-general mailing list