Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.

Bug 1561587

Summary: Logwatch fails to parse log entries produced by sendmail process with 7-digit PID
Product: [Fedora] Fedora Reporter: Oleg Girko <ol+redhat>
Component: logwatchAssignee: Jan Synacek <jsynacek>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 27CC: bugzilla-fedora, frank, herrold, jsynacek, ol+redhat
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: logwatch-7.4.3-10.fc28 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1580313 (view as bug list) Environment:
Last Closed: 2018-05-30 14:08:43 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1580313    
Attachments:
Description Flags
Patch to fix the described problem none

Description Oleg Girko 2018-03-28 14:50:10 UTC 
Created attachment 1414257 [details]
Patch to fix the described problem

Description of problem:
Logwatch doesn't parse Queue ID correctly for sendmail on long-running system with kernel.pid_max greater than 999999.

Version-Release number of selected component (if applicable):
7.4.3-6, but master branch has the same bug.

How reproducible:
Always.

Steps to Reproduce:
1. Assign any number greater than 999999 to kernel.pid_max sysctl variable ("/proc/sys/kernel/pid_max" file).
2. Run your Linux server with sendmail long enough that PIDs become 7-digit.
3. See full unparsed log sendmail lines in your daily logwatch report.

Actual results:
Unparsed sendmail log lines in logwatch report.

Expected results:
Summary of parsed sendmail log.

Additional info:
Sendmail 8.15 uses the following format for queue id:
- 6 letters or digits dependent on date and time,
- 2 letters or digits dependent on random sequence ID,
- PID of sendmail process formatted by snprintf using "%06d" format.

Format "%06d" means that resulting string has *minimal* length of 6 characters, padded with leading zeroes if necessary. But if PID is greater than 999999, the resulting string can be longer, up to 7 characters if kernel.pid_max sysctl parameter is big enough. By default it's 32768, but can be up to 4194304 on 64-bit systems.

Unfortunately, logwatch uses this to parse sendmail queue ID:

    my $QueueIDFormat = "(?:\\w{7,9}\\d{5}|NOQUEUE)";

This means that once PIDs become larger that 999999, log entries start appearing in "/var/log/maillog" that logwatch fails to parse correctly. This is example of such log line:

    Mar 28 03:20:51 jr sendmail[1237122]: w2S2Ko8R1237121: to=XXXXXX, ctladdr=<YYYYYY> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=31031, relay=[192.168.255.1] [192.168.255.1], dsn=2.0.0, stat=Sent (w2S2KoP91285063 Message accepted for delivery)

(real email addresses replaced with "XXXXXX" and "YYYYYY" to protect privacy).

The patch attached fixes this problem.
Comment 1 Glenn Zazulia 2018-05-13 05:06:37 UTC 
I can confirm both the reported issue and the effectiveness of the proposed patch.

(Thanks for the patch.)
Comment 2 Fedora Update System 2018-05-21 10:57:16 UTC 
logwatch-7.4.3-10.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9cc045c23
Comment 3 Fedora Update System 2018-05-21 10:57:25 UTC 
logwatch-7.4.3-10.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-948f036ba1
Comment 4 Jan Synacek 2018-05-21 11:00:09 UTC 
(In reply to Oleg Girko from comment #0)
> Created attachment 1414257 [details]
> Patch to fix the described problem

Thank you for the patch!

Since you authored the patch, could you please also propose it upstream (https://sourceforge.net/p/logwatch/git/) ?
Comment 5 Fedora Update System 2018-05-21 16:36:02 UTC 
logwatch-7.4.3-10.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-b9cc045c23
Comment 6 Fedora Update System 2018-05-21 17:16:07 UTC 
logwatch-7.4.3-10.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-948f036ba1
Comment 7 Fedora Update System 2018-05-30 14:08:43 UTC 
logwatch-7.4.3-10.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.