[Logwatch-Devel] new filter - doesn't want to work

[Chris Smith]

Hey all,


I'm trying to create a new filter for pure-ftpd. I'm going nuts trying to 
work out what's going on.

my conf file:

###########################################################################
# $Id: pureftpd.conf,v 1.2 2002/10/12 02:08:10 kirk Exp $
###########################################################################

# You can put comments anywhere you want to.  They are effective for the
# rest of the line.

# this is in the format of <name> = <value>.  Whitespace at the beginning
# and end of the lines is removed.  Whitespace before and after the = sign
# is removed.  Everything is case *insensitive*.

# Yes = True  = On  = 1
# No  = False = Off = 0

Title = "pureftp"

# Which logfile group...
LogFile = /var/log/pureftp/syslog.log

*OnlyService = pure-ftpd
*RemoveHeaders =

##################################################################################

my script

#!/usr/bin/perl
$Detail = $ENV{'LOGWATCH_DETAIL_LEVEL'};

while (defined($ThisLine = <STDIN>)) {
    if (
          ( $ThisLine =~ /vpop_mail/ )
       ) {
       # We don't care about these
    } elsif (($IP) = ($ThisLine =~ /\@(.*?)new connection/i )) {
         $NewConnections{$IP}++;
    } elsif (($IP) = ($ThisLine =~ /\@(.*?)logout/i )) {
         $Logouts{$IP}++;
    } else {
       # Report any unmatched entries...
       push @OtherList,$ThisLine;
    }
}

if ( (keys %NewConnections) ) {
    print "\nNew Connections:\n";
    foreach $Line (sort {$a cmp $b} keys %NewConnections) {
       print "\t" . $Line . " - ". $NewConnections{$Line} . " Time(s)\n";
    }
}

if ( (keys %Logouts) ) {
    print "\nLogouts:\n";
    foreach $Line (sort {$a cmp $b} keys %Logouts) {
       print "\t" . $Line . " - ". $Logouts{$Line} . " Time(s)\n";
    }
}

if (($#OtherList >= 0) and (not $IngoreUnmatched)){
    print "\n**Unmatched Entries**\n";
    print @OtherList;
}

exit(0);


running

logwatch --debug 8 --service pureftpd

as root gives me

...................
LogFiles that will be processed:
[0] = /var/log/pureftp/syslog.log


Made Temp Dir: /tmp/logwatch.XXqHnuHU with mktemp
export LOGWATCH_DATE_RANGE='yesterday'
export LOGWATCH_DETAIL_LEVEL='10'
export LOGWATCH_TEMP_DIR='/tmp/logwatch.XXqHnuHU/'
export LOGWATCH_DEBUG='8'
Can't use an undefined value as an ARRAY reference at /usr/sbin/logwatch 
line 540.


However, if I

cat /var/log/pureftp/syslog.log | /etc/log.d/scripts/services/pureftpd

i get results.

Any suggestions?


Chris Smith

 >> 92 Jarrett St Leichhardt, Sydney, NSW 2040 ...>
T: + 61 2 9568 6866
F: + 61 2 9568 6733
W: http://www.squiz.net/
.....>> Open Source - Own it - Squiz.net ...../>