Bug#855539: logwatch: Excessive unmatched entries in SSHD section of logwatch
Hello, it seems that these issues have been fixed in the upstream repository: - Disconnected from: https://sourceforge.net/p/logwatch/git/ci/f8aae45768d5ddf01e55b86afa9af90757530089/ - Close session: https://sourceforge.net/p/logwatch/git/ci/6e8d4316275897f70dcfac824a789e480d1f65d4/ I've asked on the project discussion list if a release is forthcoming, so perhaps a new release with these fixes will appear sometime. However, in the meantime, would it be an idea to integrate the above mentioned patches into the current debian package? That way users could profit from the reduced noise in the logwatch output. Kind regards, Paul
Bug#855539: logwatch: Excessive unmatched entries in SSHD section of logwatch
Package: logwatch Version: 7.4.3+git20161207-2 Severity: normal Dear Maintainer, upgrading from Debian jessie to stretch results in excessive unmatched entries in the SSHD section of logwatch output. Example: Failed logins from: normal number (e.g. 12) of lines in the format: IP-address (Hostname): X times Illegal users from: normal number (e.g. 6) of lines in the format: IP-address (Hostname): X times Received disconnect: [preauth] : 1357 Time(s) Bye Bye [preauth] : 24 Time(s) Closed due to user request. [preauth] : 22 Time(s) disconnected by user [preauth] : 1 Time(s) **Unmatched Entries** hundreds/thousands of lines like this: Disconnected from XXX.XXX.XXX.XXX port XX [preauth] : 1 time(s) This seems to be due to missing backports of upstream fixes for new SSHD log file format, see also https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1644057 Expected: only summary in "Received disconnect", limited number of "unmatched entries" -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages logwatch depends on: ii exim4-daemon-light [mail-transport-agent] 4.88-5 pn perl:any Versions of packages logwatch recommends: ii libdate-manip-perl 6.57-1 ii libsys-cpu-perl 0.61-2+b1 ii libsys-meminfo-perl 0.99-1 Versions of packages logwatch suggests: pn fortune-mod -- no debconf information