Bob Hutchinson wrote:
On Friday 20 Jan 2006 18:01, Jim Maul wrote:
Bob Hutchinson wrote:
There is a thread going on in the logwatch ML, pertaining to a bug found
in the freshclam logging. It would appear to occur when syslog is used
rather than freshclam's own log in Fedora.
Looking at
clamav-devel/freshclam/manager.c
Line 67
logg("ClamAV update process started at %s", ctime(&currtime));
other uses of the logg function in manager.c *do* have a linefeed (\n)
Are you implying that there *should* be a linefeed? A post earlier this
morning seems to say that there *shouldnt* be any linefeeds. Im
confused...
To be honest, so am I.
It would appear that the 'ClamAV update process started at...' line puts a
trailing space on the line when used in syslog under some version of Fedora.
This has caused a glitch in Logwatch's parsing of freshclam entries in
maillog.
The linefeed (\n) is automatically inserted by ctime, not by anything in
the code. Check man ctime as suggested by Tomasz earlier.
The easiest solution is to make Logwatch tolerant of trailing spaces in this
instance, as has been discussed on the Logwatch ML.
This would seem to be the better solution as lots of things log to
syslog and its easier to change logwatch than to make sure everything
that logs to it either does or doesnt include a trailing space.
If Tomasz Kojm and the other coders feel that there shouldn't be a linefeed at
this point I'm sure they are right, I'm just trying to establish wether the
problem lies with Clamav, Fedora's rendition of syslog or Logwatch. As I
don't use Fedora or freshclam -> syslog I can't really test it out myself.
I suspect that the problem is buried somewhere in Fedora, but log parsers
generally should be tolerant of trailing spaces. They happen.
I agree.
-Jim
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
