Activity for Logwatch
-
Frank Crawford posted a comment on ticket #99
Terry, Thanks for that I'll look at rolling it in soon. I do know that one of the items is currently in already (but in slightly different format) but will also check out the others and do something about them. Frank
-
Terry posted a comment on ticket #99
Frank, Here's the patch. Terry
-
Terry, Do you actually have a patch for these or just the suggested regex lines? I have an update to the dovecot script that captures some of them (I haven't seen the others in my logs) which I will push shortly, which may take care of some of your issues, but we may need to go through a couple of tests to see if it covers all of them. For example, I don't think it currently handles the passwd-file messages, which also may not be a dovecot module issue anyway. Frank
-
Dovecot script missing log lines
-
Codin created merge request #88 on Git
Update fail2ban parser to treat loglevel as optional.
-
Bjorn posted a comment on merge request #77
You're right - I don't know why it doesn't show up now. I performed a manual update, so hopefully this one sticks.
-
[logwatch.pl] [From merge request 77] Improve readability check for logfiles, by Florian Schwalm
-
I believe this was corrected in Logwatch version 7.14. Can you confirm?
-
pureftpd patch for the to-be-ignored list
-
Thanks for the patch.
-
[pureftpd] Filtering additional messages, and improving filter for cleartext, by Noel.
-
Add emerge Syncing-repository ignore
-
Thanks for the patch.
-
Bjorn committed [335f95] on Git
Merge /u/zany/logwatch/ branch fix-emerge-syncing into master
-
Add emerge Syncing-repository ignore
-
Thanks for the patch.
-
Bjorn committed [5185da] on Git
Merge /u/utopiabound/logwatch/ branch master into master
-
[exim] Account for reformatted authenticator failures
-
Orion Poplawski committed [8f9995] on Git
Fix usage of (?:) no capture groups
-
Christian W. Zuckschwerdt posted a comment on ticket #96
Replaced by https://sourceforge.net/p/logwatch/git/merge-requests/87/
-
Add emerge Syncing-repository ignore
-
Andrew Myers posted a comment on ticket #98
Thank you
-
That sounds reasonable. I'll do an update something like that sometime this week.
-
I see your point. Could we change the one line output to: print STDERR "\n\nDEBUG: Exiting DNF5 Filter - dnf not found at $pathto_dnf5\n\n"; which is consistent with, for example, xntpd?
-
Your point on listing the value before the test is exactly why it is in that order. If it is set to a value and it is wrong, having it listed prior that test may help with the troubleshooting. In addition, if it is not actually set then tat will give you a different area to troubleshoot.
-
I have debug set to 5 so that I can see all the tests that have been carried out. I am not sure that I see your point about the pat the dnf5. If the script fails to find dnf5, and it is installed, then the path set by the script must be wrong, so quoting it will be no help. The script would need to be changed so that the correct path is found from the beginning. Surely the same point would apply to several other scripts?
-
I half agree, the last 2 lines can be moved, although they also need to be surounded by a Debug level. However, the path to dnf5 is important if it fails to find dnf5, and so should not be after that test. However, and additional point is all these lines should not be seen unless you have debugging enabled, so what are you looking for?
-
Make dnf5 less verbose if it is not installed
-
Noel created ticket #97
pureftpd patch for the to-be-ignored list
-
Florian Schwalm posted a comment on merge request #77
I am a bit confused. I can't find the change in the current code anymore. Was there a problem during merge or was this reverted later?
-
[logwatch.spec] Corrected old day-of-week comment.
-
Logwatch released /logwatch-7.14/logwatch-7.14-1.src.rpm
-
-
-
Preparation for release 7.14
-
Utopiabound created merge request #86 on Git
[exim] Account for reformatted authenticator failures
-
Daniel created ticket #26
Unmatched Entries in case of a distribution list
-
Add emerge Syncing-repository ignore
-
Orion Poplawski committed [787379] on Git
Merge /u/opoplawski/logwatch/ branch archives into master
-
Update --archves
-
Add missing flag for Output_Generated in one block
-
Add missing flag for Output_Generated in one block
-
Frank Crawford committed [b7dde7] on Git
Merge /u/fcrawford/logwatch/ branch frank-zz-disk-space into master
-
Sort disk usage in human order
-
Sort disk usage in human order
-
logwatch not reporting on dnf updates
-
upcoming postfix 3.11 will break postfix script regarding smtp client logging
-
Thanks for the patch.
-
Logwatch fails to complete/stop
-
Updated man page.
-
Cannot handle ClamAV 1.0+ logs
-
dovecot does not manage submission-login available in dovecot since 3.x
-
Clam-update always show message error
-
[postfix] Support for Postfix version 3.11, by Michael Grimm
-
[dnf5] Exit gracefully if dnf not installed.
-
[clam-update] Clarified use of files in syslog format.
-
Michael Grimm created ticket #95
upcoming postfix 3.11 will break postfix script regarding smtp client logging
-
Skibbi modified a comment on discussion Help
I'm back with more questions - recently I updated logwatch in my debian (forky) to 7.13. My sshd.conf is following: Logfile = Logfile = none *JournalCtl = "_SYSTEMD_UNIT=ssh.service -o short-iso" But it seems logwatch cannot parse the date from journalctl :( **Unmatched Entries** 2025-11-10T17:57:07+01:00 gw-02 sshd-session[68506]: Accepted publickey for debian from 192.168.5.45 port 46214 ssh2: ED25519 SHA256:<redacted> : 1 Time The only solution that I found working is to set: *JournalCtl = "_SYSTEMD_UNIT=ssh.service...
-
I'm back with more questions - recently I updated logwatch in my debian (forky) to 7.13. My sshd.conf is following: Logfile = Logfile = none *JournalCtl = "_SYSTEMD_UNIT=ssh.service -o short-iso" But it seems logwatch cannot parse the date from journalctl :( **Unmatched Entries** 2025-11-10T17:57:07+01:00 gw-02 sshd-session[68506]: Accepted publickey for debian from 192.168.5.45 port 46214 ssh2: ED25519 SHA256:<redacted> : 1 Time The only solution that I found working is to set: *JournalCtl = "_SYSTEMD_UNIT=ssh.service...
-
Frank Crawford committed [dafde2] on Git
Merge /u/fcrawford/logwatch/ branch frank-misc into master
-
Small updates for changed outputs
-
Small updates for changed outputs
-
Murray, I'll take a shot at this, as a long time user and occassional contributor. First off, logwatch only reports what is in the logs, it does not interpret if they are good or bad. The fact you are getting these logged really goes back to your firewall package, and you may want to see if you can supress the logging from there. Note, I say supress the logging, not disable the actual rule. Now if that is not possible for whatever reason, you should look at the documenataion on how to customise logwatch,...
-
Murray Collingwood posted a comment on discussion Open Discussion
Hello I recently started using Logwatch. I now have some questions about the results I'm receiving. I posted a support ticket here: https://sourceforge.net/p/logwatch/support-requests/10/ I've had no response. Is there a better place where I should ask these questions? Cheers Murray
-
Don't know what the status of this bug is. It is similar to bug #123, which appears to be fixed. Is this the same issue? Or is it specific to some releases of Ubuntu?
-
Thanks for the patch; let us know if that fixes the issue.
-
[dovecot] Added support for Submission statements, by Bob Hockney
-
Is anybody watching these tickets????
-
Suppress newline when no other output generated
-
Suppress newline when no other output generated
-
Ignore virtual filesystem nsfs
-
Ignore virtual filesystem nsfs
-
ICMP entries in my kern.log
-
Fix dnf5 giving time in UTC
-
Fix dnf5 giving time in UTC
-
There is a timezone bug here to be fixed, dnf5 currently reports all times as GMT, not local, but we assume it is local, as there is no indication of timezone. I'll get this fixed in the module, but the DNF team plan to fix it sometime, no timeline yet, and no idea how they will show it.
-
John, Obviously a separate issue, but I will see what I can find. On a more positive note, the fix for SELinux was pushed today, so it should now work automatically. Frank
-
John Dodson posted a comment on ticket #122
Ah script exit status perhaps?
-
Hopefully you don't mind my mentioning this here... Since the Wed 08 Oct 2025 06:31:39 install date of logwatch-7.13-2.fc42.noarch there is a spurious dovecot message in logwatch... --------------------- Dovecot Begin ------------------------ ---------------------- Dovecot End ------------------------- which appears to be a blank line being output by the script /usr/share/logwatch/scripts/services/dovecot (which I can't work out where it's originating in that script) I do not have dovecot installed!...
-
Thanks Frank, I'll leave it for RH/fedora to release.
-
Bob Hockney posted a comment on ticket #124
I implemented this for myself. Attached patch is against 7.13
-
This is better to take up in RedHat bugzilla, which already does have one raised, with relevant details. But to be more specific, this is really a SELinux issue, and there is a ticket in to fix it. Unfortunately it has not yet been released. There are two short term solutions, either semanage permissive -a logwatch_t or a more specific SELinux module allowing the required transition (which will be in the updated SELinux policy update).
-
I'm now getting this... (logwatch.noarch 7.13-2.fc42) --------------------- dnf5 Begin ------------------------ can't run /usr/bin/dnf: Permission denied at /usr/share/logwatch/scripts/services/dnf5 line 48. ---------------------- dnf5 End ------------------------- and from selinux... type=AVC msg=audit(10/10/25 03:22:01.506:12461) : avc: denied { execute } for pid=861782 comm=perl name=dnf5 dev="nvme0n1p3" ino=14478440 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_exec_t:s0...
-
I needed the following in /etc/logwatch/conf/logfiles/clam-update.conf: *OnlyService = freshclam *RemoveHeaders LogFile = LogFile = syslog LogFile = syslog.0 Archive = Archive = syslog.*.gz to really get it right for Ubuntu 22.04 I think.
-
Add new script to process dnf5 reports
-
Add new script to process dnf5 reports
-
Sync state
-
Sync state
-
Vladimir Lomov posted a comment on discussion Help
Thanks! For the future contributions will do as you suggested. P.S. I didn't check the link, but I thought it should give raw file. I checked now (by curl) and it output the patch.
-
Patch applied to the repository. For future reference, just attach the output of the diff as the patch file. The attachment you provided is an html file, not a patch file.
-
[dovecot] Fixed typos, by Vladimir Lomov
-
@bjorn1, sorry, I didn't pay attention to the topic. Thank you for incorporating the patch, but there were two problems with the applied patch. Would you mind applying the fix (here and attached to the thread).
-
I think I found a version of your patch, which it's been incorporated in the repository.
-
[dovecot] Support for dovecot version 2.4, by Vladimir Lomov.
-
Nicolas Croiset posted a comment on ticket #124
This kind of lines should be ignored also : 2025-08-24T10:58:31.691213+02:00 server9 dovecot: submission(fs@test.org)<2189752><az+mpbg9iqzbofqc>: Successfully relayed message: from=fc@test.org, size=730, id=E98nCDfUqmi4aSEAkhEa2Q, nrcpt=1, reply=`250 2.0.0 ok 1756025911 qp 2189755'</az+mpbg9iqzbofqc>
-
in clam-update.conf It was : clam_update_detail = 1 I change to : $clam_update_detail = 1 logwatch.conf : Detail = Low with the prefix $, it is now working :) Thanks !
-
That appears to be the clamav service. Does that mean that the clam-update service did not show any output? Have you set $Clam_Update_Detail=1 in /etc/logwatch/conf/services/clam-update? Otherwise, what is the value of Detail in /etc/logwatch/conf/logwatch.conf? Besides running logwatch --service clam-update, if you want to see what the cron/anacron job outputs, you can run logwatch --output mail. That is the command run by default every day. You can re-run it at any time (not having to wait overnight),...
-
Hi, my logwach today contains the list of virus detected not the release database :( --------------------- Clamav Begin ------------------------ Viruses detected: Sanesecurity.Foxhole.Zip_badexts48.UNOFFICIAL(3bf4419eb32e17251a28c570c018ad49:2300): 1 Time(s) no clam-update section.
-
Hi, my logwach today contains the list of virus detected not the release database :( --------------------- Clamav Begin ------------------------ Viruses detected: Sanesecurity.Foxhole.Zip_badexts48.UNOFFICIAL(3bf4419eb32e17251a28c570c018ad49:2300): 1 Time(s)
-
When I launch manually : logwatch --service clam-update --debug 1 --detail 1 I obtain : --------------------- clam-update Begin ------------------------ Detail set to 1 from conf/logwatch.conf Last ClamAV update process started at Tue Aug 26 23:15:29 2025 Last Status: daily.cld database is up-to-date (version: 27744, sigs: 2076458, f-level: 90, builder: raynman) main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr) bytecode.cvd database is up-to-date (version:...
1 >
