Package: logwatch
Version: 7.4.3+git20161207-2
Severity: normal
Dear Maintainer,
upgrading from Debian jessie to stretch results in excessive unmatched entries
in the SSHD section of logwatch output.
Example:
Failed logins from:
normal number (e.g. 12) of lines in the format: IP-address (Hostname): X times
Illegal users from:
normal number (e.g. 6) of lines in the format: IP-address (Hostname): X times
Received disconnect:
[preauth] : 1357 Time(s)
Bye Bye [preauth] : 24 Time(s)
Closed due to user request. [preauth] : 22 Time(s)
disconnected by user [preauth] : 1 Time(s)
**Unmatched Entries**
hundreds/thousands of lines like this:
Disconnected from XXX.XXX.XXX.XXX port XXXXXX [preauth] : 1 time(s)
This seems to be due to missing backports of upstream fixes for new SSHD log
file format, see also
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1644057
Expected: only summary in "Received disconnect", limited number of "unmatched
entries"
-- System Information:
Debian Release: 9.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages logwatch depends on:
ii exim4-daemon-light [mail-transport-agent] 4.88-5
pn perl:any <none>
Versions of packages logwatch recommends:
ii libdate-manip-perl 6.57-1
ii libsys-cpu-perl 0.61-2+b1
ii libsys-meminfo-perl 0.99-1
Versions of packages logwatch suggests:
pn fortune-mod <none>
-- no debconf information
