Menu
▾
▴
#122 logwatch not reporting on dnf updates
logwatch no longer reports on dnf changes.
From what I can tell around version 41 of fedora dnf was changed to dnf5 and now uses /var/log/dnf5.log vs /var/log/dnf.log so logwatch is not configured to use new log file. Even if it was configured to use the proper log it appears the file no longer includes update information so it still would not be able to report on updates.
To get the same sort of information that was available with in the dnf.log would require running "dnf history list" to find all executions of dnf that may have occurred on a particular date then use "dnf history info <id>" to report on each of the transactions.</id>
Reproducible: Always
Steps to Reproduce:
- Install logwatch on fedora 42
- perform some dnf install
- run logwatch notice no information about installed software
Actual Results:
No information about dnf updates are reported by logwatch
Expected Results:
logwatch should include dnf update changes as it used to prior to fedora 41.
You can see https://bugzilla.redhat.com/show_bug.cgi?id=2374486 for additional information about this. I also opened https://bugzilla.redhat.com/show_bug.cgi?id=2374643 to see if thy could offer any input.
The following is a working solution I'm currently using to deal with this.
$ sudo cat /etc/logwatch/conf/services/dnf5.conf
Title = "dnf5"
LogFile = NONE
$ sudo cat /etc/logwatch/scripts/services/dnf5
!/bin/perl
use POSIX;
my $date=strftime("%Y-%m-%d",localtime(time-246060)); # yesterday is default
$date=$ARGV[0] if (scalar(@ARGV)>0);
foreach my $line1 (dnf history list) {
my @data1 = ($line1 =~ /([ \d]+) +(.) +([\d]{4}-[\d]{2}-[\d]{2} [\d]{2}:[\d]{2}:[\d]{2}) +(\d+)/);
if ($data1[2] =~ /$date/) {
my $cmd = "dnf history info ".$data1[0];
my $start = 0;
foreach my $line2 ($cmd) {
next if ($line2 =~ /^\s$/);
my @data2 = ($line2 =~ / *([^\s]+) +([^\s]+) +([^\s]+) +([^\s]+)/);
if ($start) {
print $data2[0]." ".$data2[1]."\n";
}
if ($data2[0] =~ "Action") {
$start = 1;
}
}
}
}
I'll look at rolling this up into a more standard
logwatchscript, as long as no one is worried about directly using the output fromdnfrather than reading any log files.From some previous research I did, the only place it is logged is in the audit files as
type=SOFTWARE_UPDATEbut I don't believe it has as much detail as the output fromdnf.I'm now getting this... (logwatch.noarch 7.13-2.fc42)
--------------------- dnf5 Begin ------------------------
can't run /usr/bin/dnf: Permission denied at /usr/share/logwatch/scripts/services/dnf5 line 48.
---------------------- dnf5 End -------------------------
and from selinux...
type=AVC msg=audit(10/10/25 03:22:01.506:12461) : avc: denied { execute } for pid=861782 comm=perl name=dnf5 dev="nvme0n1p3" ino=14478440 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(11/10/25 03:26:01.782:463) : avc: denied { execute } for pid=4200 comm=perl name=dnf5 dev="nvme0n1p3" ino=14478440 scontext=system_u:system_r:logwatch_t:s0-s0:c0.c1023 tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=0
This is better to take up in RedHat bugzilla, which already does have one raised, with relevant details.
But to be more specific, this is really a SELinux issue, and there is a ticket in to fix it. Unfortunately it has not yet been released.
There are two short term solutions, either
or a more specific SELinux module allowing the required transition (which will be in the updated SELinux policy update).
Thanks Frank, I'll leave it for RH/fedora to release.
Hopefully you don't mind my mentioning this here...
Since the Wed 08 Oct 2025 06:31:39 install date of logwatch-7.13-2.fc42.noarch there
is a spurious dovecot message in logwatch...
--------------------- Dovecot Begin ------------------------
---------------------- Dovecot End -------------------------
which appears to be a blank line being output by the script /usr/share/logwatch/scripts/services/dovecot (which I can't work out where it's originating in that script)
I do not have dovecot installed!
I don't see this reported anywhere, do you want me to report it via fedora/redhat/bugzilla?
Ah script exit status perhaps?
John,
Obviously a separate issue, but I will see what I can find.
On a more positive note, the fix for SELinux was pushed today, so it should now work automatically.
Frank
There is a timezone bug here to be fixed, dnf5 currently reports all times as GMT, not local, but we assume it is local, as there is no indication of timezone.
I'll get this fixed in the module, but the DNF team plan to fix it sometime, no timeline yet, and no idea how they will show it.