After the upgrade to CentOS 5.9, all my CentOS 5 installations report only "Unmatched Entries" in the "yum" section of their daily logwatch mails. It seems the filter script /usr/share/logwatch/scripts/services/yum got broken: --------8<--------8<--------8<--------8<--------8<--------8<--------8< [root at dns01 ~]# /usr/sbin/logwatch --print --service yum --debug 5 [...] Processing Service: yum ( cat /var/cache/logwatch/logwatch.kKzXpf19/yum | /usr/bin/perl /usr/share/logwatch/scripts/services/yum) 2>&1 ################### Logwatch 7.3 (03/24/06) #################### Processing Initiated: Fri Jan 18 09:21:20 2013 Date Range Processed: yesterday ( 2013-Jan-17 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: dns01.pxnet.com ################################################################## --------------------- yum Begin ------------------------ DEBUG: Inside YUM Filter DEBUG(1): Updated: glibc-common.i386 2.5-107 DEBUG(2): Updated: kernel-headers.i386 2.6.18-348.el5 DEBUG(3): Updated: crontabs.noarch 1.10-11.el5 [...] DEBUG(89): Updated: yum-updatesd.noarch 1:0.9-5.el5 **Unmatched Entries** 2.5-107 2.6.18-348.el5 1.10-11.el5 [...] 1:0.9-5.el5 ---------------------- yum End ------------------------- ###################### Logwatch End ######################### [root at dns01 ~]# >8-------->8-------->8-------->8-------->8-------->8-------->8-------- Looking at the script I find the line 22 $ThisLine =~ s/^[^ ]* [^ ]* //; which looks like its intention was to strip the timestamp from the logfile entry, but the DEBUG output shows it has already been stripped at this point. And a minor nit: who came up with the silly idea of enforcing mode 600 for /var/log/yum.log in /etc/logrotate.d/yum? I don't think it increases security if the intern who checks the logs has to work with full root privileges all the time. -- Tilman Schmidt Phoenix Software GmbH Bonn, Germany