After the upgrade to CentOS 5.9, all my CentOS 5 installations
report only "Unmatched Entries" in the "yum" section of
their
daily logwatch mails. It seems the filter script
/usr/share/logwatch/scripts/services/yum got broken:
--------8<--------8<--------8<--------8<--------8<--------8<--------8<
[root at dns01 ~]# /usr/sbin/logwatch --print --service yum --debug 5
[...]
Processing Service: yum
( cat /var/cache/logwatch/logwatch.kKzXpf19/yum | /usr/bin/perl
/usr/share/logwatch/scripts/services/yum) 2>&1
################### Logwatch 7.3 (03/24/06) ####################
Processing Initiated: Fri Jan 18 09:21:20 2013
Date Range Processed: yesterday
( 2013-Jan-17 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: dns01.pxnet.com
##################################################################
--------------------- yum Begin ------------------------
DEBUG: Inside YUM Filter
DEBUG(1): Updated: glibc-common.i386 2.5-107
DEBUG(2): Updated: kernel-headers.i386 2.6.18-348.el5
DEBUG(3): Updated: crontabs.noarch 1.10-11.el5
[...]
DEBUG(89): Updated: yum-updatesd.noarch 1:0.9-5.el5
**Unmatched Entries**
2.5-107
2.6.18-348.el5
1.10-11.el5
[...]
1:0.9-5.el5
---------------------- yum End -------------------------
###################### Logwatch End #########################
[root at dns01 ~]#>8-------->8-------->8-------->8-------->8-------->8-------->8--------
Looking at the script I find the line
22 $ThisLine =~ s/^[^ ]* [^ ]* //;
which looks like its intention was to strip the timestamp from
the logfile entry, but the DEBUG output shows it has already
been stripped at this point.
And a minor nit: who came up with the silly idea of enforcing
mode 600 for /var/log/yum.log in /etc/logrotate.d/yum? I don't
think it increases security if the intern who checks the logs
has to work with full root privileges all the time.
--
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany
On 18.01.2013 09:49, /me wrote:> Looking at the script I find the line > > 22 $ThisLine =~ s/^[^ ]* [^ ]* //; > > which looks like its intention was to strip the timestamp from > the logfile entry, but the DEBUG output shows it has already > been stripped at this point.Correction: Whatever that line tries to strip, it isn't a timestamp. Btw, the format of /var/log/yum.log differs between CentOS 5 and 6: - CentOS 5: Jan 10 11:33:49 Updated: bacula-client.i386 5.2.12-6.el5 - CentOS 6: Jan 11 03:39:39 Updated: bacula-client-5.2.12-6.el6.x86_64 On CentOS 6, the script line above would do no harm because after stripping the timestamp there is only one space character left in the line, so the pattern doesn't match. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany