Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 1561587
Summary: | Logwatch fails to parse log entries produced by sendmail process with 7-digit PID | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Oleg Girko <ol+redhat> | ||||
Component: | logwatch | Assignee: | Jan Synacek <jsynacek> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 27 | CC: | bugzilla-fedora, frank, herrold, jsynacek, ol+redhat | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | logwatch-7.4.3-10.fc28 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | |||||||
: | 1580313 (view as bug list) | Environment: | |||||
Last Closed: | 2018-05-30 14:08:43 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1580313 | ||||||
Attachments: |
|
I can confirm both the reported issue and the effectiveness of the proposed patch. (Thanks for the patch.) logwatch-7.4.3-10.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9cc045c23 logwatch-7.4.3-10.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-948f036ba1 (In reply to Oleg Girko from comment #0) > Created attachment 1414257 [details] > Patch to fix the described problem Thank you for the patch! Since you authored the patch, could you please also propose it upstream (https://sourceforge.net/p/logwatch/git/) ? logwatch-7.4.3-10.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9cc045c23 logwatch-7.4.3-10.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-948f036ba1 logwatch-7.4.3-10.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 1414257 [details] Patch to fix the described problem Description of problem: Logwatch doesn't parse Queue ID correctly for sendmail on long-running system with kernel.pid_max greater than 999999. Version-Release number of selected component (if applicable): 7.4.3-6, but master branch has the same bug. How reproducible: Always. Steps to Reproduce: 1. Assign any number greater than 999999 to kernel.pid_max sysctl variable ("/proc/sys/kernel/pid_max" file). 2. Run your Linux server with sendmail long enough that PIDs become 7-digit. 3. See full unparsed log sendmail lines in your daily logwatch report. Actual results: Unparsed sendmail log lines in logwatch report. Expected results: Summary of parsed sendmail log. Additional info: Sendmail 8.15 uses the following format for queue id: - 6 letters or digits dependent on date and time, - 2 letters or digits dependent on random sequence ID, - PID of sendmail process formatted by snprintf using "%06d" format. Format "%06d" means that resulting string has *minimal* length of 6 characters, padded with leading zeroes if necessary. But if PID is greater than 999999, the resulting string can be longer, up to 7 characters if kernel.pid_max sysctl parameter is big enough. By default it's 32768, but can be up to 4194304 on 64-bit systems. Unfortunately, logwatch uses this to parse sendmail queue ID: my $QueueIDFormat = "(?:\\w{7,9}\\d{5}|NOQUEUE)"; This means that once PIDs become larger that 999999, log entries start appearing in "/var/log/maillog" that logwatch fails to parse correctly. This is example of such log line: Mar 28 03:20:51 jr sendmail[1237122]: w2S2Ko8R1237121: to=XXXXXX, ctladdr=<YYYYYY> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=31031, relay=[192.168.255.1] [192.168.255.1], dsn=2.0.0, stat=Sent (w2S2KoP91285063 Message accepted for delivery) (real email addresses replaced with "XXXXXX" and "YYYYYY" to protect privacy). The patch attached fixes this problem.