Ubuntu
logwatch package

Filter/group some of postfix log output

Bug #228917 reported by Wladimir Mutel
2
Affects Status Importance Assigned to Milestone
logwatch (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: logwatch

On some of my systems, spam filtering with postfix+amavis is implemented. During its operation, it generates quite a lot of messages in the log, of the folowing kind :

postfix/smtpd[nnnn]: lost connection after DATA (0 bytes) from unknown[x.y.z.t]

Summarising the logs, logwatch puts all of them into "Unmatched entries" subsection, so its "Postfix" section in the daily report bloats up the whole message, turning it into quite a big blanket with all of these "lost connection after DATA" lines listed as they are and often taking about 90% of the whole report.

I would propose to filter log records by string "lost connection after DATA (0 bytes)" and don't include these lines in the report, or extract IP addresses from these lines and output only a terse list of them. It would reduce the daily report size and make it shorter and more meaningful.

My Ubuntu is Hardy, and my logwatch is 7.3.6-1ubuntu1 .

Related branches

lp:ubuntu/karmic/logwatch
Revision history for this message
Mike Cappella (lists-ubuntu) wrote :

This has been resolved since 2007-11-14, version: 1.36.13pre5 of postfix-logwatch.

Due to licensing differences the postfix filter in logwatch is been reverted to a version from several years ago.

Pick up the latest version of postfix-logwatch (under GPLv2) at :

http://www.mikecappella.com/logwatch

MrC

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package logwatch - 7.3.6.cvs20090906-1ubuntu1

---------------
logwatch (7.3.6.cvs20090906-1ubuntu1) karmic; urgency=low

  * Merge from debian unstable (LP: #228917, #391077, #425206, #443252),
    remaining changes:
    - Use postfix rather than exim4.

logwatch (7.3.6.cvs20090906-1) unstable; urgency=low

  * New CVS snapshot + postfix-logwatch 1.38.01
    - postfix-logwatch now supports SPF \S+ lines (closes: #507937)
  * Support cron with -L2 loglevel (closes: #542453)
  * Move logfiles ending with *.gz or *.bz2 to archive list, so they are
    unpacked before being processed (closes: #536472)
  * Include patch for imapd to support loglines from uw-imapd, submitted by
    Marcin Szewczyk, closes: #541152
  * scripts/services/denyhosts: Output one host per line, not one possibly
    very long line with all hosts. closes: #507042
  * Support "command continues" lines in sudo. closes: #505432
  * Fix typos in exim script. LP: #425206.
  * No longer force recipient in the cron script. (--output mail instead of
    --mailto root)
  * change comment concerning the Mailto parameter to no longer talk about
    removed Print parameter. closes: #499109
  * lintian:
    - Standards-Version: 3.8.3 (no changes)
    - Change path to GPL2 in debian/copyright

 -- Kees Cook <email address hidden> Mon, 05 Oct 2009 09:20:31 -0700

Changed in logwatch (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.