Package: logwatch Version: 7.3.6.cvs20080702-2 Severity: normal For some reason logwatch output with Detail = High spews out garbage in samba log section. Running it afterwards by hand produces valid results. My guess is that logwatch is run exactly when samba rotates & gzips its logs and thus logwatch parses gzip output as normal plaintext log.
Borked log (from mail): **Unmatched Entries** lib/module.c:do_smb_load_module(69) Module '/usr/lib/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION : 66 Time(s) lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected : 3 Time(s) lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected¬‹ pºOJ ÍÕKjÄ0 àýœBË ÊD¶ì<´ï º Jp •„Iíà¸ôúõ¤Sè .. +100 lines more of the same G°r C#4ð$“ Oò´²r C#4à>ž• Í¿på o°Ý[2009/04/14 08:36:52, 0] lib/util_sock.c:write_data(1136) : 1 Time(s) lib/util_sock.c:read_socket_with_timeout(939) : 8 Time(s) lib/util_sock.c:write_data(1136) : 5 Time(s) Manual run: **Unmatched Entries** lib/module.c:do_smb_load_module(69) Module '/usr/lib/samba/idmap/rid.so' initialization failed: NT_STATUS_OBJECT_NAME_COLLISION : 66 Time(s) lib/util_sock.c:get_peer_addr_internal(1676) getpeername failed. Error was Transport endpoint is not connected : 4 Time(s) lib/util_sock.c:read_socket_with_timeout(939) : 8 Time(s) lib/util_sock.c:write_data(1136) : 5 Time(s) -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (700, 'testing'), (300, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.29-2-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages logwatch depends on: ii nullmailer [mail-transport-ag 1:1.04-1.1 simple relay-only mail transport a ii perl 5.10.0-22 Larry Wall's Practical Extraction Versions of packages logwatch recommends: ii libdate-manip-perl 5.54-1 a perl library for manipulating da Versions of packages logwatch suggests: ii fortune-mod 1:1.99.1-3.1 provides fortune cookies on demand -- no debconf information -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
