This bug was fixed in the package logwatch - 7.4.2-1ubuntu1.1
---
logwatch (7.4.2-1ubuntu1.1) xenial; urgency=medium
[ Bryce Harrington ]
* d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch:
dhcpd: Ignore lease age under threshold messages
(LP: #1578001)
This bug was fixed in the package logwatch -
7.4.3+git20161207-2ubuntu1.2
---
logwatch (7.4.3+git20161207-2ubuntu1.2) bionic; urgency=medium
[ Bryce Harrington ]
* d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch:
dhcpd: Ignore lease age under threshold messages
This bug was fixed in the package logwatch - 7.5.2-1ubuntu1.1
---
logwatch (7.5.2-1ubuntu1.1) focal; urgency=medium
[ Bryce Harrington ]
* d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch:
dhcpd: Ignore lease age under threshold messages
(LP: #1578001)
*
** Tags removed: verification-needed verification-needed-bionic
verification-needed-focal verification-needed-xenial
** Tags added: verification-done verification-done-bionic
verification-done-focal verification-done-xenial
--
You received this bug notification because you are a member of
Verified in LXC on xenial, bionic, and focal per the test case, that the
messages are no longer under "Unmatched" but are still mentioned as
matched entries.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hello Jared, or anyone else affected,
Accepted logwatch into xenial-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/logwatch/7.4.2-1ubuntu1.1 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
Hello Jared, or anyone else affected,
Accepted logwatch into bionic-proposed. The package will build now and
be available at
https://launchpad.net/ubuntu/+source/logwatch/7.4.3+git20161207-2ubuntu1.2
in a few hours, and then in the -proposed repository.
Please help us by testing this new
Hello Jared, or anyone else affected,
Accepted logwatch into focal-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/logwatch/7.5.2-1ubuntu1.1 in a few
hours, and then in the -proposed repository.
Please help us by testing this new package. See
** Changed in: logwatch (Ubuntu Xenial)
Assignee: (unassigned) => Bryce Harrington (bryce)
** Changed in: logwatch (Ubuntu Bionic)
Assignee: (unassigned) => Bryce Harrington (bryce)
** Changed in: logwatch (Ubuntu Focal)
Assignee: (unassigned) => Bryce Harrington (bryce)
**
** Merge proposal linked:
https://code.launchpad.net/~bryce/ubuntu/+source/logwatch/+git/logwatch/+merge/390212
** Merge proposal linked:
https://code.launchpad.net/~bryce/ubuntu/+source/logwatch/+git/logwatch/+merge/390213
** Merge proposal linked:
** Description changed:
[Impact]
Various AppArmor messages aren't handled by logwatch, and thus end up in
the "Unmatched Entries" section. Some of these are noteworthy, others
are innocuous, but given the quantity and variety of them, they can
clutter the log. Common ones should be
** Description changed:
[Impact]
- Various AppArmor messages aren't handled by logwatch, and thus end up in the
"Unmatched Entries" section. Some of these are noteworthy, others are
innocuous, but given the quantity and variety of them, they can clutter the
log. Common ones should be either
** Description changed:
- Under the "Kernel Audit" heading, the following apparmor lines appear as
- unmatched:
+ [Impact]
+ Various AppArmor messages aren't handled by logwatch, and thus end up in the
"Unmatched Entries" section. Some of these are noteworthy, others are
innocuous, but given
** Attachment added: "Sample log entries for testing the apparmor="DENIED"
error messages"
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948/+attachment/5407059/+files/unmatched-entries-apparmor-lxd%3Akern.log
--
You received this bug notification because you are a member of
** Attachment added: "Sample log entries for testing the profile="unconfirmed"
issue."
https://bugs.launchpad.net/ubuntu/+source/logwatch/+bug/1577948/+attachment/5407058/+files/unmatched-entries-apparmor%3Akern.log
--
You received this bug notification because you are a member of Ubuntu
This bug was fixed in the package logwatch - 7.5.4-0ubuntu2
---
logwatch (7.5.4-0ubuntu2) groovy; urgency=medium
[ Bryce Harrington ]
* d/p/0020-dhcpd-Ignore-lease-age-under-threshold-messages.patch:
dhcpd: Ignore lease age under threshold messages
(LP: #1578001)
*
** Merge proposal linked:
https://code.launchpad.net/~bryce/ubuntu/+source/logwatch/+git/logwatch/+merge/389633
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1577948
Title:
unmatched entries
On Thu, Aug 20, 2020 at 11:56:09PM -, Bryce Harrington wrote:
> Thanks for the additional information. I've seen the snap profile_*
> messages in my logwatch output as unmatched, but want to understand them
> more before filtering them.
>
> As to the general unconfined entries, how can we
Thanks for the additional information. I've seen the snap profile_*
messages in my logwatch output as unmatched, but want to understand them
more before filtering them.
As to the general unconfined entries, how can we best distinguish
between the normal behavior and exception cases?
--
You
To add to Seth's answer. unconfined generally doesn't log, the
exceptions are when an unconfined tasks makes policy changes, and when
there is an internal error on profile attachment.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
The log message is reporting the profiles have been loaded. This is a
standard part of booting a full system, starting services, and some
service-specific operations (such as libvirt or snapd demand-loading
profiles as VMs or snaps are used).
There's other similar status messages:
The issue here is that logwatch does match apparmor STATUS messages
generally, but not when they have profile="unconfined" between operation
and name.
I didn't find authoritative documentation on what this log entry means,
but the answer to the following askubuntu post suggests this may be
Yes, on focal I see the same. Since it's kernel, won't see these in an
lxc container, but on bare metal or maybe a vm they add lots of noise.
For Logwatch's purposes, all the apparmor="STATUS" messages should be
filtered, as they're just informative.
(I suspect many of the apparmor="DENIED"
23 matches
Mail list logo
