What does this mean

Allen, Jack Jack.Allen at mckesson.com
Fri Jul 11 17:45:26 UTC 2008 

All:
	After some research I was able to determine what the problem was and how to correct it. In /var/log/up2date the following entries are written each time up2date connects to RHN to check for updates:

[Fri Jul 11 11:58:34 2008] up2date updateLoginInfo() login info
[Fri Jul 11 11:58:34 2008] up2date logging into up2date server
[Fri Jul 11 11:58:35 2008] up2date successfully retrieved authentication token from up2date server

	In /usr/share/logwatch/scripts/services/up2date the following perl code checks for some entries to ignore:

if ( ( $ThisLine =~ /^updating login info$/ ) or
     ( $ThisLine =~ /^Opening rpmdb in \/var\/lib\/rpm\/ with option .$/ ) or
     ( $ThisLine =~ /^successfully retrieved authentication token from up2date server$/ ) or
	AND MORE COMPARES

	As you can see the first compare is looking for a line indicating the login information has been updated. Evidently the message has been changed and so it does not match. So I copied the file to /etc/logwatch/scripts/services/up2date and added another compare as follows:

if ( ( $ThisLine =~ /^updating login info$/ ) or
     ( $ThisLine =~ /^updateLoginInfo\(\) login info/ ) or
     ( $ThisLine =~ /^Opening rpmdb in \/var\/lib\/rpm\/ with option .$/ ) or
     ( $ThisLine =~ /^successfully retrieved authentication token from up2date server$/ ) or

	By copying the up2date file to the new location and adding my change there, it will be used when logwatch runs, because that is the way it is designed to function. Also if there is a update to logwatch it will not clobber my change. And after an update I can just rename the file and see if the update fixed this problem along with what ever else it fixed.

Thanks:
Jack Allen

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Florez, Nestor
Sent: Thursday, July 10, 2008 2:46 PM
To: General Red Hat Linux discussion list
Subject: RE: What does this mean

No, I never got the information on how to ignore it, I just chose to ignore it.  Sorry :-(

Nestor :-)

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com]On Behalf Of Allen, Jack
Sent: Thursday, July 10, 2008 11:40 AM
To: General Red Hat Linux discussion list
Subject: RE: What does this mean


Nestor:
	Did you get the information on how to ignore the entries in logwatch?

	If so, can you provide it.

	Another thing about logwatch is in RH AS 4.X it would log most all services started by xinetd, but in RH EL 5.X it does not. So I assume there is some configuration parameter somewhere that may control this. I would like to have that information again because it helps to see if there has been some kind of port scan done on the system.

Thanks:
Jack Allen 

-----Original Message-----
From: redhat-list-bounces at redhat.com [mailto:redhat-list-bounces at redhat.com] On Behalf Of Florez, Nestor
Sent: Thursday, July 10, 2008 2:19 PM
To: General Red Hat Linux discussion list
Subject: RE: What does this mean

I opened a ticket (case# 1832642) because of this problem and this 
is the response I got from rhel:
-------------
I tried to reproduce this problem here on test machines.

There is nothing wrong with the yum, but there is problem with the log filtering by logwatch.

You can ignore these messages in the logwatch report, also there is way with which we can ignore these messages in the logwatch report.

Please let us know if you want to ignore these log entries from the logwatch report.

Thanks & Regards,
Rajmani
------------

Néstor :-)

-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com]On Behalf Of Shaun Meyer
Sent: Thursday, July 10, 2008 11:13 AM
To: General Red Hat Linux discussion list
Subject: Re: What does this mean


Hi,

On Thu, July 10, 2008 12:57 pm, Allen, Jack wrote:
> Hello:
>         I get the following every day from Logwatch. I am running RedHat
> EL 5.2.
>
> Does this indicate there is a problem?
> Or is it just general information?
>

>  --------------------- up2date Begin ------------------------
>
>  **Unmatched Entries**
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>  updateLoginInfo() login info
>
>  ---------------------- up2date End -------------------------
>
> ---
> Thanks:
> Jack Allen


I 've been getting this same message, are you using/have enabled RPMforge?

Cheers,
Shaun

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

More information about the redhat-list mailing list