The problem is here: http://forums.gentoo.org/viewtopic-t-709953.html and here http://forums.gentoo.org/viewtopic-t-712723.html I don't want to type it again because it is long and painfull. Please open the above URLs. Reproducible: Always Steps to Reproduce: 1. install syslog-ng, logwatch and logrotate 2. start syslog-ng 3. set rootlogin=no, and use a local user to su- to root via ssh 4. wait one day or force logwatch to submit a report mail 5. you will see the output of the mail similar to my problem. Actual Results: I've got fustrated :) Expected Results: it should have told me the actual user who sued I'm using syslog-ng, logrotate and logwatch, the latest versions.
If I got it correctly, this is just wrong behaviour and not a security bug. Assigning as maintainers as such.
if this is still an issue please attach a logfile excerpt from su/sudo
*** Bug 269384 has been marked as a duplicate of this bug. ***
fixed in sys-apps/logwatch-7.3.7_pre20091204