Ingo Theiss
2005-Feb-12 16:11 UTC
[Logcheck-devel] Bug#294950: logcheck: ignore.d.server courier imaplogin: DISCONNECTED not matching
Package: logcheck Version: 1.2.34 Severity: normal the ignore.d.server pattern for courier 'imaplogin: DISCONNECTED' does not match the following line: Feb 12 16:19:47 backup imaplogin: DISCONNECTED, user=example at example.com, ip=[::ffff:111.111.111.111], headers=14013, body=0, time=1 This line should be ignored like the other DISCONNECTED messages. Or am I wrong? -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.26 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck depends on: ii adduser 3.59 Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.30.11 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii exim4-daemon-hea 4.34-10 Exim (v4) with extended features, ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.34 A database of system log rules for ii logtail 1.2.34 Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent ii sysklogd [system 1.4.1-16 System Logging Daemon -- debconf information: logcheck/changes: * logcheck/install-note:
maximilian attems
2005-Feb-13 11:53 UTC
Bug#294950: [Logcheck-devel] Bug#294950: logcheck: ignore.d.server courier imaplogin: DISCONNECTED not matching
tags 294950 pending thanks On Sat, 12 Feb 2005, Ingo Theiss wrote:> the ignore.d.server pattern for courier 'imaplogin: DISCONNECTED' does > not match the following line: > > Feb 12 16:19:47 backup imaplogin: DISCONNECTED, > user=example at example.com, ip=[::ffff:111.111.111.111], > headers=14013, body=0, time=1 > > This line should be ignored like the other DISCONNECTED messages. Or am > I wrong?yes line should be ignored, fixed in current cvs for next release. you might want to test the rule that should match aboves message on your box. thanks for nice bug report + feedback. a++ maks -------------- next part -------------- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imap(login|d-ssl): DISCONNECTED, user=[-_.@[:alnum:]]+, ip=\[[.:[:alnum:]]+\], headers=[0-9]+, body=[0-9]+, time=[0-9]+$
Debian Bug Tracking System
2005-Feb-13 12:03 UTC
Processed: Re: [Logcheck-devel] Bug#294950: logcheck: ignore.d.server courier imaplogin: DISCONNECTED not matching
Processing commands for control at bugs.debian.org:> tags 294950 pendingBug#294950: logcheck: ignore.d.server courier imaplogin: DISCONNECTED not matching There were no tags set. Tags added: pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2005-Feb-21 06:18 UTC
[Logcheck-devel] Bug#294950: marked as done (logcheck: ignore.d.server courier imaplogin: DISCONNECTED not matching)
Your message dated Mon, 21 Feb 2005 01:02:09 -0500 with message-id <E1D36e1-0004nH-00 at newraff.debian.org> and subject line Bug#294950: fixed in logcheck 1.2.35 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 12 Feb 2005 16:10:58 +0000>From ingo.theiss at i-matrixx.de Sat Feb 12 08:10:58 2005Return-path: <ingo.theiss at i-matrixx.de> Received: from backup.planet-multiplayer.de [82.149.225.236] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CzzrG-0006FT-00; Sat, 12 Feb 2005 08:10:58 -0800 Received: from root by backup.planet-multiplayer.de with local (Exim 4.34) id 1CzzrL-00039v-HF; Sat, 12 Feb 2005 17:11:03 +0100 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Ingo Theiss <ingo.theiss at i-matrixx.de> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: logcheck: ignore.d.server courier imaplogin: DISCONNECTED not matching X-Mailer: reportbug 3.2 Date: Sat, 12 Feb 2005 17:11:03 +0100 Message-Id: <E1CzzrL-00039v-HF at backup.planet-multiplayer.de> Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: logcheck Version: 1.2.34 Severity: normal the ignore.d.server pattern for courier 'imaplogin: DISCONNECTED' does not match the following line: Feb 12 16:19:47 backup imaplogin: DISCONNECTED, user=example at example.com, ip=[::ffff:111.111.111.111], headers=14013, body=0, time=1 This line should be ignored like the other DISCONNECTED messages. Or am I wrong? -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.26 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck depends on: ii adduser 3.59 Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.30.11 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii exim4-daemon-hea 4.34-10 Exim (v4) with extended features, ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.34 A database of system log rules for ii logtail 1.2.34 Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent ii sysklogd [system 1.4.1-16 System Logging Daemon -- debconf information: logcheck/changes: * logcheck/install-note: --------------------------------------- Received: (at 294950-close) by bugs.debian.org; 21 Feb 2005 06:08:05 +0000>From katie at ftp-master.debian.org Sun Feb 20 22:08:04 2005Return-path: <katie at ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1D36jk-0003BV-00; Sun, 20 Feb 2005 22:08:04 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1D36e1-0004nH-00; Mon, 21 Feb 2005 01:02:09 -0500 From: Todd Troxell <ttroxell at debian.org> To: 294950-close at bugs.debian.org X-Katie: $Revision: 1.55 $ Subject: Bug#294950: fixed in logcheck 1.2.35 Message-Id: <E1D36e1-0004nH-00 at newraff.debian.org> Sender: Archive Administrator <katie at ftp-master.debian.org> Date: Mon, 21 Feb 2005 01:02:09 -0500 Delivered-To: 294950-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 3 Source: logcheck Source-Version: 1.2.35 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.35_all.deb to pool/main/l/logcheck/logcheck-database_1.2.35_all.deb logcheck_1.2.35.dsc to pool/main/l/logcheck/logcheck_1.2.35.dsc logcheck_1.2.35.tar.gz to pool/main/l/logcheck/logcheck_1.2.35.tar.gz logcheck_1.2.35_all.deb to pool/main/l/logcheck/logcheck_1.2.35_all.deb logtail_1.2.35_all.deb to pool/main/l/logcheck/logtail_1.2.35_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 294950 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sunday, 20 Feb 2005 23:17:00 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.35 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 286307 294612 294950 295254 295257 295418 296014 296110 296214 Changes: logcheck (1.2.35) unstable; urgency=low . maks: * logtail fix invocation without switches (compat to old versions). * Add smartd rule, whitespace fix openvpn rule, merge old smartd rules. * Add rule for imaplogin disconnected + logout messages. (closes: #294950, #295418) * Add rule violations.ignore.d/logcheck-ssh + rule ignore.d.server/ssh for the PARANOID wildcard in /etc/hosts.deny. * Match dots as dots aka '\.' in all rules. * Add kernel rules at level workstation (annoying apm, usb storage) * Fix gconf SIGHUP rule (dup whitespace). jamie: * Add rules for webmin (closes: #286307). * Add rules for postfix 2.2, innd. * Modify rule for pure-ftpd logout messages (closes: #294612). * Add rule for pure-ftpd timeout messages (closes: #295254). * Modify rule for pure-ftpd logout messages to match even if username is missing(!) (closes: #295257). * Add rules in violations.ignore.d/logcheck-postfix for certificate verification failures. * Add rule for courierpop3login (closes: 296014). * Add rule in violations.ignore.d/logcheck-pureftp for upload/download messages (closes: #296110). todd: * Correct link syntax in copyright (closes: 296214). * Add comments to clarify postinst Files: 61d0e485a23687ccc2fd0d179409eb1d 703 admin optional logcheck_1.2.35.dsc a55d9a93f5057c79a6d34ff8191f29be 91356 admin optional logcheck_1.2.35.tar.gz 37be562cc7a5f47023f1783563e2732a 43194 admin optional logcheck_1.2.35_all.deb 9f9371ba32b41374c98eddfb203b9662 59144 admin optional logcheck-database_1.2.35_all.deb 1034df8adfa7d11f126684ce911008db 26332 admin optional logtail_1.2.35_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCGXP04u3oQ3FHP2YRAhKbAKDA5cfe1HPJH6erP1JxNlQd4aiauwCfawoj +khFMcDmYlFYNluR6CG6f54=9LS0 -----END PGP SIGNATURE-----
Reasonably Related Threads
- Bug#296017: logcheck: ignore.d.server pure-ftpd user with trailing whitespace
- Missing/Wrong ignore.d for pureftp
- Bug#322036: logcheck: [manual] typo in SYNOPSIS (TIOS => OPTIONS)
- Bug#300888: logcheck-database: database skip postgrey ignore pattern
- Why no dhclient in ignore.d.workstation?