Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

Sync from "Extern...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Normal
Fix Version/s: rhel-9.7
Affects Version/s: CentOS Stream 9, rhel-9.6, rhel-10.0
Component/s: logwatch
Labels:
- enhancement

Fixed in Build:
logwatch-7.5.5-8.el9
Regression:
No
Severity:
Moderate
Keywords:

FutureFeature, EasyFix
sprint_count:
1

AssignedTeam:
rhel-plumbers
Sub-System Group:

ssg_core_services

Story Points:
3
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Products:

Red Hat Enterprise Linux
Sprint:
Plumbers Sprint 2

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/153486
Test Coverage:

Automated

ProdDocsReview-CCS:
Unspecified
ProdDocsReview-Dev:
Unspecified
ProdDocsReview-QE:
Unspecified

Architecture:

All

PX Impact Score:
PX Technical Impact:
PX Impact Range:
PX Priority Data:
PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

As of writing, logwatch-7.5.5-6.el9.noarch, as shipped in RHEL 9.6 and CentOS Stream 9 does not support zstd-compressed log files (only gzip, bzip2 and lzma).

From /usr/sbin/logwatch:

# Handle compressed log files using the archive codepath
foreach my $lf (@{$LogFileData{$LogFile}{'logfiles'}}) {
   if ($lf =~ /\.(?:gz|bz2|xz)$/) {
      push @{$LogFileData{$LogFile}{'archives'}}, $lf;
   } else {
      push @FileList, $lf;
   }
}

and

#Archives are cat'd without any filters then cat'd along with the normal log file
my @FileStat = stat($Archive);
if ($CheckTime <= ($FileStat[9])) {
   if (($Archive =~ m/gz$/) && (-f "$Archive") && (-s "$Archive")) {
      my $arguments = "'${Archive}' >> $DestFile";
      system("$Config{'pathtozcat'} $arguments") == 0
         or die "system '$Config{'pathtozcat'} $arguments' failed: $?"
   } elsif (($Archive =~ m/bz2$/) && (-f "$Archive") && (-s "$Archive")) {
      my $arguments = "'${Archive}' 2>/dev/null >> $DestFile";
      system("$Config{'pathtobzcat'} $arguments") == 0
         or die "system '$Config{'pathtobzcat'} $arguments' failed: $?"
   } elsif (($Archive =~ m/xz$/) && (-f "$Archive") && (-s "$Archive")) {
      my $arguments = "'${Archive}' 2>/dev/null >> $DestFile";
      system("$Config{'pathtoxzcat'} $arguments") == 0
         or die "system '$Config{'pathtoxzcat'} $arguments' failed: $?"
   } elsif ((-f "$Archive") && (-s "$Archive")) {
      my $arguments = "'${Archive}'  >> $DestFile";
      system("$Config{'pathtocat'} $arguments") == 0
         or die "system '$Config{'pathtocat'} $arguments' failed: $?"
   } #End if/elsif existence
} #End if $CheckTime

This leads to the issue that if /var/log/messages is compressed by logrotate using zstd, the zstd-compressed /var/log/messages is no longer evaluated by logwatch.

Please add missing support for zstd-compressed log files to logwatch.

is cloned by

RHEL-102044 [RHEL10] Missing support in logwatch for zstd-compressed log files

Release Pending

links to

RHBA-2025:153486 logwatch update

Assignee:: Pavel Šimovec

Reporter:: Robert Scheck (Inactive)

Developer:: Pavel Šimovec

QA Contact:: Frantisek Sumsal

Votes:: 1 Vote for this issue

Watchers:: 8 Start watching this issue

Created:: 2025/06/16 11:14 AM

Updated:: 2025/08/28 4:11 PM

Next Planned Release Date:: 2025/11/11

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide