Bug#833350: [logwatch] oom-killer lines not matched (again)

[Marcin Szewczyk]

Package: logwatch
Version: 7.4.1-2
Severity: normal
Tags: patch

Logwatch does not match current oom-killer lines.

Kernel: 3.16.7-ckt25-2+deb8u3

Currently lines look somewhat like this:
#v+
Aug  2 16:05:04 veos01 kernel: [1784876.846422] bash invoked oom-killer: 
gfp_mask=0x2000d0, order=2, oom_score_adj=0
Aug  2 16:05:04 veos01 kernel: [1784876.846425] bash cpuset=/ mems_allowed=0
Aug  2 16:05:04 veos01 kernel: [1784876.846429] CPU: 0 PID: 16245 Comm: bash 
Not tainted 3.16.0-4-amd64 #1 Debian 3.16.7-ckt25-2+deb8u3
[...]
Aug  2 16:05:04 veos01 kernel: [1784876.846724] Out of memory: Kill process 
1390 (sshd) score 13 or sacrifice child
Aug  2 16:05:04 veos01 kernel: [1784876.973189] Killed process 1392 
(rsync_wrapper) total-vm:11692kB, anon-rss:284kB, file-rss:8kB
#v-

Patch attached.

See also:
- logwatch: Wrong regular expression for Out of memmory killer
  (2012-01-21),
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656806

- #53 kernel: Applications invoking oom-killer and those killed by it
  are not the same (2016-08-03),
  https://sourceforge.net/p/logwatch/bugs/53/

--- System information. ---
Architecture: amd64
Kernel:       Linux 3.16.0-4-amd64

Debian Release: 8.5
  500 stable          security.debian.org 
  500 stable          ftp.pl.debian.org 
  500 oldstable       ftp.pl.debian.org 
   50 testing         security.debian.org 
   50 testing         ftp.pl.debian.org 
  100 jessie-backports ftp.pl.debian.org 

--- Package information. ---
Package's Depends field is empty.

Package's Recommends field is empty.

Package's Suggests field is empty.




-- 
Marcin Szewczyk
http://wodny.org

--- /usr/share/logwatch/scripts/services/kernel	2014-11-03 20:03:19.000000000 +0100
+++ /etc/logwatch/scripts/services/kernel	2016-08-03 12:04:43.424018354 +0200
@@ -99,7 +99,7 @@
       $UnalignedErrors{$1}++;
    } elsif ($ThisLine =~ /([^(]*)\(\d+\): floating-point assist fault at ip/) {
       $FPAssists{$1}++;
-   } elsif ($ThisLine =~ /Out of memory: (?:Killed|kill) process \d+ \((.*)\)/) {
+   } elsif ($ThisLine =~ /Out of memory: (?:[Kk]illed|[Kk]ill) process \d+ \((.*)\)/) {
       $OOM{$1}++;
    } elsif ($ThisLine =~ /(EDAC (MC|PCI)\d:.*)/) {
       # Standard boot messages
@@ -229,7 +229,7 @@
 }
 
 if (keys %OOM) {
-   print "\nWARNING:  Out of memory killer killed these executables\n";
+   print "\nWARNING:  Out of memory killer killed these executables or their children\n";
    foreach my $Thisone ( sort {$a cmp $b} keys %OOM ) {
       print "   $Thisone :  $OOM{$Thisone} Time(s)\n";
    }