RE: What does this mean



All:
After some research I was able to determine what the problem was and how to correct it. In /var/log/up2date the following entries are written each time up2date connects to RHN to check for updates:

[Fri Jul 11 11:58:34 2008] up2date updateLoginInfo() login info
[Fri Jul 11 11:58:34 2008] up2date logging into up2date server
[Fri Jul 11 11:58:35 2008] up2date successfully retrieved authentication token from up2date server

In /usr/share/logwatch/scripts/services/up2date the following perl code checks for some entries to ignore:

if ( ( $ThisLine =~ /^updating login info$/ ) or
( $ThisLine =~ /^Opening rpmdb in \/var\/lib\/rpm\/ with option .$/ ) or
( $ThisLine =~ /^successfully retrieved authentication token from up2date server$/ ) or
AND MORE COMPARES

As you can see the first compare is looking for a line indicating the login information has been updated. Evidently the message has been changed and so it does not match. So I copied the file to /etc/logwatch/scripts/services/up2date and added another compare as follows:

if ( ( $ThisLine =~ /^updating login info$/ ) or
( $ThisLine =~ /^updateLoginInfo\(\) login info/ ) or
( $ThisLine =~ /^Opening rpmdb in \/var\/lib\/rpm\/ with option .$/ ) or
( $ThisLine =~ /^successfully retrieved authentication token from up2date server$/ ) or

By copying the up2date file to the new location and adding my change there, it will be used when logwatch runs, because that is the way it is designed to function. Also if there is a update to logwatch it will not clobber my change. And after an update I can just rename the file and see if the update fixed this problem along with what ever else it fixed.

Thanks:
Jack Allen

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Florez, Nestor
Sent: Thursday, July 10, 2008 2:46 PM
To: General Red Hat Linux discussion list
Subject: RE: What does this mean

No, I never got the information on how to ignore it, I just chose to ignore it. Sorry :-(

Nestor :-)

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Allen, Jack
Sent: Thursday, July 10, 2008 11:40 AM
To: General Red Hat Linux discussion list
Subject: RE: What does this mean


Nestor:
Did you get the information on how to ignore the entries in logwatch?

If so, can you provide it.

Another thing about logwatch is in RH AS 4.X it would log most all services started by xinetd, but in RH EL 5.X it does not. So I assume there is some configuration parameter somewhere that may control this. I would like to have that information again because it helps to see if there has been some kind of port scan done on the system.

Thanks:
Jack Allen

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Florez, Nestor
Sent: Thursday, July 10, 2008 2:19 PM
To: General Red Hat Linux discussion list
Subject: RE: What does this mean

I opened a ticket (case# 1832642) because of this problem and this
is the response I got from rhel:
-------------
I tried to reproduce this problem here on test machines.

There is nothing wrong with the yum, but there is problem with the log filtering by logwatch.

You can ignore these messages in the logwatch report, also there is way with which we can ignore these messages in the logwatch report.

Please let us know if you want to ignore these log entries from the logwatch report.

Thanks & Regards,
Rajmani
------------

Néstor :-)

-----Original Message-----
From: redhat-list-bounces@xxxxxxxxxx
[mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Shaun Meyer
Sent: Thursday, July 10, 2008 11:13 AM
To: General Red Hat Linux discussion list
Subject: Re: What does this mean


Hi,

On Thu, July 10, 2008 12:57 pm, Allen, Jack wrote:
Hello:
I get the following every day from Logwatch. I am running RedHat
EL 5.2.

Does this indicate there is a problem?
Or is it just general information?


--------------------- up2date Begin ------------------------

**Unmatched Entries**
updateLoginInfo() login info
updateLoginInfo() login info
updateLoginInfo() login info
updateLoginInfo() login info
updateLoginInfo() login info
updateLoginInfo() login info
updateLoginInfo() login info
updateLoginInfo() login info
updateLoginInfo() login info
updateLoginInfo() login info
updateLoginInfo() login info
updateLoginInfo() login info
updateLoginInfo() login info
updateLoginInfo() login info

---------------------- up2date End -------------------------

---
Thanks:
Jack Allen


I 've been getting this same message, are you using/have enabled RPMforge?

Cheers,
Shaun

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



Relevant Pages

  • RE: What does this mean
    ... There is nothing wrong with the yum, but there is problem with the log filtering by logwatch. ... You can ignore these messages in the logwatch report, also there is way with which we can ignore these messages in the logwatch report. ... updateLoginInfo() login info ...
    (RedHat)
  • RE: What does this mean
    ... There is nothing wrong with the yum, but there is problem with the log filtering by logwatch. ... Please let us know if you want to ignore these log entries from the logwatch report. ... updateLoginInfo() login info ...
    (RedHat)
  • RE: What does this mean
    ... There is nothing wrong with the yum, but there is problem with the log filtering by logwatch. ... You can ignore these messages in the logwatch report, also there is way with which we can ignore these messages in the logwatch report. ... updateLoginInfo() login info ...
    (RedHat)
  • Re: What does this mean
    ... each time up2date connects to RHN to check for updates: ... Also if there is a update to logwatch it will not ... updateLoginInfo() login info ...
    (RedHat)