[Logwatch-Devel] samba message difference

Owen Beckley obeckley at claritycsi.com
Wed Oct 24 13:26:48 MST 2007


Hello,

We're running Scientific Linux 4.5 here which is based on Redhat 
Enterprise 4. It currently includes samba-3.0.10-1.4E.12.2 and 
logwatch-5.2.2-2.EL4. The log files generated by this version of samba 
include many lines of the following form:

[root at cole samba]# grep 'connect to' w-obeckley-2.log
   w-obeckley-2 (172.24.9.1) connect to service nobackup initially as 
user obeckley (uid=1000, gid=1000) (pid 28282)
   w-obeckley-2 (172.24.9.1) connect to service shared initially as user 
obeckley (uid=1000, gid=1000) (pid 28282)
   w-obeckley-2 (172.24.9.1) connect to service obeckley initially as 
user obeckley (uid=1000, gid=1000) (pid 28282)
   w-obeckley-2 (172.24.9.1) connect to service twiki initially as user 
obeckley (uid=1000, gid=1000) (pid 28282)

The logwatch services script for samba in this version of logwatch 
expects "connect to service ([^ ]+) as user" on line 72 rather than 
"connect to service ([^ ]+) initially as user". Could I suggest adding 
another case (or extending the RE) and incrementing the same bucket?


$ diff -u services.samba.orig services.samba
--- services.samba.orig.cole    2007-10-24 14:54:11.000000000 -0500
+++ services.samba.cole 2007-10-24 14:53:35.000000000 -0500
@@ -71,6 +71,8 @@
        #Don't care about these...
         } elsif ( ($Host, $Service, $User) = ( $ThisLine =~ /([^ ]+ 
\([^ ]+\)) connect to service ([^ ]+) as user ([^ ]+)/ ) ) {
                 $Connect{$Service}{$User}{$Host}++;
+       } elsif ( ($Host, $Service, $User) = ( $ThisLine =~ /([^ ]+ \([^ 
]+\)) connect to service ([^ ]+) initially as user ([^ ]+)/ ) ) {
+               $Connect{$Service}{$User}{$Host}++;
         } elsif ( ($NoService) = ( $ThisLine =~ /couldn't find service 
(\S+)/ ) ) {
                 $NoServ{$NoService}++;
         } elsif ($ThisLine =~ s/Denied connection from\s+\((\S+)\)([ 
*]+|)$/$1/) {



-- 
Owen Beckley
Clarity Communication Systems


More information about the Logwatch-Devel mailing list