Hi Vincent, Quoting Vincent Lefevre (2025-01-30 02:44:41) > On 2025-01-28 16:05:13 +0100, Johannes Schauer Marin Rodrigues wrote: > > I can confirm this issue with mailgraph on our systems. This makes mailgraph > > completely unusable, thus raising the severity to RC. Here is an example of > > an > > anonymized log snippet which fails: > > > > 2025-01-28T14:12:33.468866+01:00 email imapd: LOGIN, user=, ip=[::ffff:], > > port=[61585], protocol=IMAP > > 2025-01-28T14:12:37.980934+01:00 email imapd: Connection, ip=[::ffff:], > > port=[50131] > > 2025-01-28T14:12:38.404263+01:00 email imapd: LOGIN, user=, > > ip=[::ffff:31.16.250.164], port=[50131], protocol=IMAP > > 2025-01-28T14:13:28.289022+01:00 email postfix/smtpd[92141]: connect from > > unknown[] > > 2025-01-28T14:13:28.349994+01:00 email postfix/smtpd[92141]: disconnect > > from unknown[] ehlo=1 auth=0/1 quit=1 > > I don't understand. This seems to be the same date format as on > bookworm. For instance, on my machine: > > 2025-01-30T02:41:37.887175+01:00 joooj postfix/smtp[310973]: [...] > > This was fixed there: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1051496
lets look at some reproducers. For easier copypasting of the multiline log
snippet into a shell one-liner I'm converting my example snippet from above to
the following gzipped base64 representation:
echo
H4sICIztmGcAA2xvZwCVjz1PwzAQQPf+ittJXd/ZMbYlD6gDqsTXwBZliPKhWiR2mjiCn0+BCRoJuOV0y3v3iFO+5bgl/YzSIlkhmFRaK3XF0XIO7VD5HvxQjY2Fu8fbw0MGy9xOLgM/usLa7jy2zGCMU3KFwlznH9cUU6xj7w73N08burBcM6O5EXLNso8htHXyMaw7co4CyxWoZpJLUuJfrwtkqBjl/LzkD8cvHcKSZqQNJ/qmHOOcOv+2m4c0NoUhlFhaqL+yoJviAEt4CfE1FBcZn0whjTHyD8zGz+tYaI99dAjVko6O7xBOi08ON++wHLyi8AEAAA==
| base64 -d | gzip -cd
2025-01-28T14:12:33.468866+01:00 email imapd: LOGIN, user=, ip=[::ffff:],
port=[61585], protocol=IMAP
2025-01-28T14:12:37.980934+01:00 email imapd: Connection, ip=[::ffff:],
port=[50131]
2025-01-28T14:12:38.404263+01:00 email imapd: LOGIN, user=,
ip=[::ffff:31.16.250.164], port=[50131], protocol=IMAP
2025-01-28T14:13:28.289022+01:00 email postfix/smtpd[92141]: connect from
unknown[]
2025-01-28T14:13:28.349994+01:00 email postfix/smtpd[92141]: disconnect from
unknown[] ehlo=1 auth=0/1 quit=1
First lets try the log snippet above with mailgraph from bookworm:
mmdebstrap --include=mailgraph \
--customize-hook='echo
H4sICIztmGcAA2xvZwCVjz1PwzAQQPf+ittJXd/ZMbYlD6gDqsTXwBZliPKhWiR2mjiCn0+BCRoJuOV0y3v3iFO+5bgl/YzSIlkhmFRaK3XF0XIO7VD5HvxQjY2Fu8fbw0MGy9xOLgM/usLa7jy2zGCMU3KFwlznH9cUU6xj7w73N08burBcM6O5EXLNso8htHXyMaw7co4CyxWoZpJLUuJfrwtkqBjl/LzkD8cvHcKSZqQNJ/qmHOOcOv+2m4c0NoUhlFhaqL+yoJviAEt4CfE1FBcZn0whjTHyD8zGz+tYaI99dAjVko6O7xBOi08ON++wHLyi8AEAAA==
| base64 -d | gzip -cd > "$1"/log' \
--chrooted-customize-hook='mailgraph --logfile /log --cat' bookworm
/dev/null
This will result in the following output:
WARNING: line not in syslog format: 2025-01-28T14:12:33.468866+01:00 email
imapd: LOGIN, user=, ip=[::ffff:], port=[61585], protocol=IMAP
WARNING: line not in syslog format: 2025-01-28T14:12:37.980934+01:00 email
imapd: Connection, ip=[::ffff:], port=[50131]
WARNING: line not in syslog format: 2025-01-28T14:12:38.404263+01:00 email
imapd: LOGIN, user=, ip=[::ffff:31.16.250.164], port=[50131], protocol=IMAP
WARNING: line not in syslog format: 2025-01-28T14:13:28.289022+01:00 email
postfix/smtpd[92141]: connect from unknown[]
WARNING: line not in syslog format: 2025-01-28T14:13:28.349994+01:00 email
postfix/smtpd[92141]: disconnect from unknown[] ehlo=1 auth=0/1 quit=1
The error message comes from here:
https://sources.debian.org/src/mailgraph/1.14-20/mailgraph.pl/#L218
So lets have a look at the time regex a few lines above:
(\S{3})\s+(\d+) # date -- 1, 2
\s
(\d+):(\d+):(\d+) # time -- 3, 4, 5
This cannot possibly match the ISO8601 date from the log above. Do you agree?
If you look at mailgraph in Trixie, it still uses the same regex:
https://sources.debian.org/src/mailgraph/1.14-22/mailgraph.pl/#L229
Then look at the patch I provided in my last message. The important part is
hunk 5 which changes the regex to this one:
(\d+)-(\d+)-(\d+)T(\d+):(\d+):(\d+)\S+ # datetime
That is why the patch provided by Dimitar and updated by me fixes this.
I hope this helps clearing things up. :)
Thanks!
cheers, josch
signature.asc
Description: signature
