bad timestamp parsing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
fwlogwatch (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Log line matching does not account for the fact that for small kernel timestamps, there can be space at the beginning of the stamp.
Marking as security as not having a proper report of blocked connexions reduces auditing capacities
Here is an example of a log line that would not work, because of the space in the timestamp "[ 1690.227087]"
Apr 18 18:05:37 rack1 kernel: [ 1690.227087] fw: IN= OUT=eth0 SRC=166.78.158.192 DST=72.14.183.239 LEN=76 TOS=0x00 PREC=0xC0 TTL=64 ID=0 DF PROTO=UDP
SPT=123 DPT=123 LEN=56
have fun,
Frank
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: fwlogwatch 1.2-2
ProcVersionSign
Uname: Linux 3.2.0-41-generic x86_64
NonfreeKernelMo
ApportVersion: 2.0.1-0ubuntu17.2
Architecture: amd64
CheckboxSubmission: 07acc21e2cd262f
CheckboxSystem: 2a6f54df59af338
Date: Thu May 9 10:13:33 2013
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Release amd64 (20101007)
MarkForUpload: True
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_CA.UTF-8
SHELL=/bin/bash
SourcePackage: fwlogwatch
UpgradeStatus: Upgraded to precise on 2012-06-05 (337 days ago)
mtime.conffile.
information type: | Private Security → Public Security |
I have a patch that fixes it, at least for netfilter.
Can anyone help me have it hit the repos ?