When Logwatch compiles the mail with information from the log files, it does not interpret correctly the SU and SUDO generating Username. It says: "root > root" in a "su" declaration. It is wrong, it should give the user name who sued to root. The above URL is more explicit. Reproducible: Always Steps to Reproduce: 1. install syslog-ng & start it 2. install logwatch & configure it to send mails or print logs 3. do something like su or sudo 4. read the logmail containing the logs. Actual Results: "root > root" (for the root case) Expected Results: username_who_su_ed (uid_of_user) > root (or other user account sued into) I am complaining about this from last summer, nobody gives a damn.
Please read http://www.gentoo.org/doc/en/bugzilla-howto.xml regarding what should be put into the summary field. Never ever put a URL in there...
please attach a log excerpt for su/sudo
*** This bug has been marked as a duplicate of bug 244613 ***
