Logcheck devel - Nov 2004 - Some rules that piled up on my notebook

Hi!

 I have some local-* files in my /etc/logcheck/ignore.d.server/ that I'd
like to share with others. I won't commit them directly, rather look for
some hints on them, if the one or the other aren't needed, and such.

 Please find them attached for inspection. The Real Time Clock entry in
local-usb is misplaced, I know -- but I wasn't sure how to name that
file. :)   And some of the dhclient entries might not be worth to really
ignore -- at least I don't want them, but that might result from my
b0rked pcmcia slot and the annoying amount of those lines through this.

 So long,
Alfie
-- 
<Alfie> F?r Linux?  mutt und sonst nichts.
<jbf> mutt ist aber console und ich will eins das ich mit der maus
bedienen
      kann und keinen nostalgischen wert bestitzt :)
                                  -- privater irc query, 2001-10-22
-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient: send_packet: Network is down$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient: No DHCPOFFERS received\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient: No working leases in persistent
database - sleeping\.$
-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dictd\[[0-9]+\]: connect from [[:alnum:]-]+
\(127\.0\.0\.1\)$
-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ francine: \(pam_unix\) session
(opened|closed) for user [a-z]+( by LOGIN\(uid=0\))?$
-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: hub\.c: new USB device [0-9:.-]+,
assigned address [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: PCI: Found IRQ 9 for device [0-9:.]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: PCI: Sharing IRQ 9 with [0-9:.]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: pegasus\.c: eth0: Promiscuous mode
enabled$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Real Time Clock Driver v1\.10f$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: usb\.c: USB disconnect on device
[0-9:.-]+ address [0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: USB Mass Storage device found at
[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: WARNING: USB Mass Storage data
integrity not assured$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ usb\.agent\[[0-9]+\]:     
(usb-storage|pegasus): (loaded successfully|already loaded)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: pegasus\.c: eth0: Belkin F5D5050 USB
Ethernet$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: pegasus\.c: setup Pegasus II specific
registers$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: pegasus\.c: v0\.4\.32
\(2003/06/06\):Pegasus/Pegasus II USB Ethernet driver$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: usb\.c: registered new driver
pegasus$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: usb\.c: USB device 6 \(vend/prod
0x50d/0x121\) is not claimed by any active driver\.$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20041108/36949a86/attachment.pgp

On Mon, 08 Nov 2004, Gerfried Fuchs wrote:
>  I have some local-* files in my /etc/logcheck/ignore.d.server/ that
I'd
> like to share with others. I won't commit them directly, rather look
for
> some hints on them, if the one or the other aren't needed, and such.
cool.
 
>  Please find them attached for inspection. The Real Time Clock entry in
> local-usb is misplaced, I know -- but I wasn't sure how to name that
> file. :)   And some of the dhclient entries might not be worth to really
> ignore -- at least I don't want them, but that might result from my
> b0rked pcmcia slot and the annoying amount of those lines through this.
personally i'm not so motivated to move dmesg stuff into logcheck,
the kernel printk change easily and vary from version to version.

some of your usb stuff is quite similar to #277644,
would be cool to include the rules that you both use.
although i suggest level workstation for them?!

aren't you francine maintainer?
why not add there a logcheck rule for level workstation for the login?
 
a++ maks

On Mon, 08 Nov 2004, Gerfried Fuchs wrote:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dictd\[[0-9]+\]: connect from
[[:alnum:]-]+ \(127\.0\.0\.1\)$
nitpicking pleas use full '[._[:alnum:]-]+' hostname match. ;-)

--
maks