SF.net SVN: logwatch:[74] scripts/services/audit

Revision: 74
          http://logwatch.svn.sourceforge.net/logwatch/?rev=74&view=rev
Author:   opoplawski
Date:     2011-12-07 16:25:13 +0000 (Wed, 07 Dec 2011)
Log Message:
-----------
Handle ignoring of dev= messages with ses=

Modified Paths:
--------------
    scripts/services/audit

Modified: scripts/services/audit
===================================================================
--- scripts/services/audit	2011-11-18 20:31:09 UTC (rev 73)
+++ scripts/services/audit	2011-12-07 16:25:13 UTC (rev 74)
@@ -114,7 +114,7 @@
 	( $ThisLine =~ /: enforcing=[0-9]+ old_enforcing=[0-9]+ auid=[0-9]+/) or
 	( $ThisLine =~ /: policy loaded auid=[0-9]+/) or
 	( $ThisLine =~ /: user pid=[0-9]+ uid=[0-9]+ auid=[0-9]+
subj=system_u:system_r:system_dbusd_t:[0-9a-z:.\-]+ msg=/) or
-	( $ThisLine =~ /audit\([0-9.]+:[0-9]+\):
(selinux=[0-9]+|auid=[0-9]+|prom=[0-9]+|old_prom=[0-9]+|dev=[^ ]+| )+$/) or
+	( $ThisLine =~ /audit\([0-9.]+:[0-9]+\):
(selinux=[0-9]+|auid=[0-9]+|prom=[0-9]+|old_prom=[0-9]+|dev=[^ ]+|ses=[0-9]+| )+$/) or
         ( $ThisLine =~ /auditd[ ]+S [0-9A-F]+  [0-9]+  [0-9]+[ ]+[0-9]([ ]*[0-9]+[ ]*|[ ]*)[0-9]+  [0-9]+
\(NOTLB\)/) or
         ( $ThisLine =~ /Started dispatcher: \/sbin\/audispd pid: [0-9]+/) or
         ( $ThisLine =~ /audit\([0-9.]*:[0-9]*\): bool=.* val=.* old_val=.* auid=[0-9]*/) or

Support for PostgreSQL logs

Hello,

I've written a Logwatch script and configuration files to handle
PostgreSQL logs in "stderr" or "syslog" format. All files are available
under https://github.com/dalibo/pgsql_logwatch/ but I think that the
logwatch repository is a better place.

If you plan to add postgresql log support into logwatch distribution
that would be great. Please let me know if there's some additional works
to complete.

Best regards,

--

-- 
Gilles Darold
http://dalibo.com - http://dalibo.org

------------------------------------------------------------------------------
Systems Optimization Self Assessment
Improve efficiency and utilization of IT resources. Drive out cost and 
improve service delivery. Take 5 minutes to use this Systems Optimization 
Self Assessment. http://www.accelacomm.com/jaw/sdnl/114/51450054/

SF.net SVN: logwatch:[75] scripts/services/audit

Revision: 75
          http://logwatch.svn.sourceforge.net/logwatch/?rev=75&view=rev
Author:   opoplawski
Date:     2011-12-13 21:53:56 +0000 (Tue, 13 Dec 2011)
Log Message:
-----------
Handle Fedora 16 auditctl messages

Modified Paths:
--------------
    scripts/services/audit

Modified: scripts/services/audit
===================================================================
--- scripts/services/audit	2011-12-07 16:25:13 UTC (rev 74)
+++ scripts/services/audit	2011-12-13 21:53:56 UTC (rev 75)
@@ -95,6 +95,7 @@
 my $UELimit = 10;
 my $ThisLine;
 my %Warning = ();
+my %AuditctlStatus = ();

 print STDERR "\n\nDEBUG: Inside audit filter\n\n" if ( $Debug >= 5 );

@@ -123,7 +124,8 @@
         ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\):  cwd=".*"/) or
         ( $ThisLine =~ /type=[0-9]+ audit\([0-9.]*:[0-9]*\): user/) or
         ( $ThisLine =~ /audit_printk_skb: [0-9]* callbacks suppressed/) or
-	( $ThisLine =~ /item=[0-9] name="\S*" inode=[0-9]+ dev=\S* mode=[0-9]* ouid=[0-9]* ogid=[0-9]*
rdev=[0-9:]* obj=\S*/)

scripts/services/sendmail Patch: fixed typo

Hello,
I attached a small patch fixing a typo in sendmail service script.

Jan Synacek

Index: sendmail
===================================================================
--- sendmail	(revision 75)
+++ sendmail	(working copy)
@@ -1760,7 +1760,7 @@
       print "\n        Total per host: $TotalAbuse" if ($Detail >= 5);
       $TotalError[$ErrorIndex] += $TotalAbuse;
    }
-   print "\n\tTota: l $TotalError[$ErrorIndex]" if ($Detail >= 3);
+   print "\n\tTotal: $TotalError[$ErrorIndex]" if ($Detail >= 3);
 }
 $TotalError[++$ErrorIndex] = 0;

------------------------------------------------------------------------------
Learn Windows Azure Live!  Tuesday, Dec 13, 2011
Microsoft is holding a special Learn Windows Azure training event for 
developers. It will provide a great way to learn Windows Azure and what it 
provides. You can attend the event by watching it streamed LIVE online.  
Learn more at http://p.sf.net/sfu/ms-windowsazure

_______________________________________________
Logwatch-devel mailing list
Logwatch-devel@...

SF.net SVN: logwatch:[76] scripts/services/kernel

Revision: 76
          http://logwatch.svn.sourceforge.net/logwatch/?rev=76&view=rev
Author:   opoplawski
Date:     2011-12-20 18:15:21 +0000 (Tue, 20 Dec 2011)
Log Message:
-----------
Handle trap int3 messages like faults

Modified Paths:
--------------
    scripts/services/kernel

Modified: scripts/services/kernel
===================================================================
--- scripts/services/kernel	2011-12-13 21:53:56 UTC (rev 75)
+++ scripts/services/kernel	2011-12-20 18:15:21 UTC (rev 76)
@@ -54,10 +54,12 @@

 my $Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'} || 0;
 my $Ignore_faults = $ENV{'ignore_faults'};
+my $Ignore_rpcsec_expired = $ENV{'ignore_rpcsec_expired'} || 0;
 my %SYNflood = ();
 my %RAIDErrors = ();
 my %SegFaults = ();
 my %GPFaults = ();
+my %TrapInt3s = ();
 my %UnalignedErrors = ();
 my %FPAssists = ();
 my %OOM = ();
@@ -88,6 +90,8 @@

SF.net SVN: logwatch:[77] conf/services/kernel.conf

Revision: 77
          http://logwatch.svn.sourceforge.net/logwatch/?rev=77&view=rev
Author:   opoplawski
Date:     2011-12-20 18:16:59 +0000 (Tue, 20 Dec 2011)
Log Message:
-----------
Add option for ignoring RPCSEC expired credentials messages

Modified Paths:
--------------
    conf/services/kernel.conf

Modified: conf/services/kernel.conf
===================================================================
--- conf/services/kernel.conf	2011-12-20 18:15:21 UTC (rev 76)
+++ conf/services/kernel.conf	2011-12-20 18:16:59 UTC (rev 77)
@@ -26,6 +26,10 @@
 # against.  Separate multiple executables with |
 # $ignore_faults = npviewer.bin

+# Ignore Error: state manager encountered RPCSEC_GSS session expired against NFSv4 server
+# messages which often occur when kerberos tickets expire
+# $ignore_rpcsec_expired = Yes
+
 ########################################################
 # This was written and is maintained by:
 #    Kirk Bauer <kirk@...>

This was sent by the SourceForge.net collaborative development platform, the world's largest Open
Source development site.

SF.net SVN: logwatch:[78] scripts/services/sendmail

Revision: 78
          http://logwatch.svn.sourceforge.net/logwatch/?rev=78&view=rev
Author:   opoplawski
Date:     2011-12-20 22:19:52 +0000 (Tue, 20 Dec 2011)
Log Message:
-----------
Fix typo pointed out by Jan Synacek <jsynacek@...>

Modified Paths:
--------------
    scripts/services/sendmail

Modified: scripts/services/sendmail
===================================================================
--- scripts/services/sendmail	2011-12-20 18:16:59 UTC (rev 77)
+++ scripts/services/sendmail	2011-12-20 22:19:52 UTC (rev 78)
@@ -1760,7 +1760,7 @@
       print "\n        Total per host: $TotalAbuse" if ($Detail >= 5);
       $TotalError[$ErrorIndex] += $TotalAbuse;
    }
-   print "\n\tTota: l $TotalError[$ErrorIndex]" if ($Detail >= 3);
+   print "\n\tTotal: $TotalError[$ErrorIndex]" if ($Detail >= 3);
 }
 $TotalError[++$ErrorIndex] = 0;

This was sent by the SourceForge.net collaborative development platform, the world's largest Open
Source development site.

------------------------------------------------------------------------------
Write once. Port to many.

Manpage and scripts/services/secure patches

Hello again, list,

I took the liberty to update logwatch man page and also fix a minor grammar issue in scripts/services/secure.
Patches attached.

Best regards,
Jan Synacek

Index: logwatch.8
===================================================================
--- logwatch.8	(revision 78)
+++ logwatch.8	(working copy)
@@ -66,7 +66,6 @@
 .IP "\fB--mailto\fR address"
 Mail the results to the email address or user specified in
 .I address.
-This option overrides the \-\-print option.
 .IP "\fB--range\fR range"
 You can specify a date-range to process. Common ranges are  
 .I Yesterday, Today, All,
@@ -102,10 +101,28 @@
 if HostLimit is set in the logwatch.conf configuration file (see
 \fBMORE INFORMATION\fR, below),
 then only logs from this hostname will be processed (where appropriate).
+.IP "\fB--hostformat\fR report-options"
+Can be one of none (default), split, splitmail.
+If
+.I report-options
+is set to split, status report entries are generated separately by hostname.
+Setting it to splitmail has the same effect as split with added --output=mail.

SF.net SVN: logwatch:[79]

Revision: 79
          http://logwatch.svn.sourceforge.net/logwatch/?rev=79&view=rev
Author:   opoplawski
Date:     2011-12-21 17:28:39 +0000 (Wed, 21 Dec 2011)
Log Message:
-----------
Spamassassin:
- Ignore messages about ajusting number of children
- Consolidate connection from messages and allow certain hosts to be ignored

Modified Paths:
--------------
    conf/services/spamassassin.conf
    scripts/services/spamassassin

Modified: conf/services/spamassassin.conf
===================================================================
--- conf/services/spamassassin.conf	2011-12-20 22:19:52 UTC (rev 78)
+++ conf/services/spamassassin.conf	2011-12-21 17:28:39 UTC (rev 79)
@@ -8,4 +8,9 @@
 *OnlyService = spamd
 *RemoveHeaders

+# Ignore connections from these hosts.
+# The value is a regular expression that the hostname plus IP address is matched
+# against.  Separate multiple hosts/IPs with |
+# $ignore_connections = myspamclient.mydomain
+
 # vi: shiftwidth=3 tabstop=3 et

logwatch.conf: hostlimit=yes

Hi!

The comments in logwatch.conf indicate [1] that "HostLimit = Yes" would 
cause the output to be limited to the host logwatch is running on 
(hostname()). Unfortunately, this is not correct. Rather, HostLimit = Yes 
says that the output should be limited to the host with the name Yes. 

Could anyone please fix the comment in the config file please?

WM

[1] 
http://logwatch.svn.sourceforge.net/viewvc/logwatch/conf/logwatch.conf?revision=24&view=markup

------------------------------------------------------------------------------
Ridiculously easy VDI. With Citrix VDI-in-a-Box, you don't need a complex
infrastructure or vast IT resources to deliver seamless, secure access to
virtual desktops. With this all-in-one solution, easily deploy virtual 
desktops for less than the cost of PCs and save 60% on VDI infrastructure 
costs. Try it free! http://p.sf.net/sfu/Citrix-VDIinabox