Ingo Theiss
2005-Feb-14 18:48 UTC
[Logcheck-devel] Bug#295257: logcheck: ignore.d.server pure-ftpd 'Logout' without user name not matched
Package: logcheck Version: 1.2.34 Severity: normal the 'Logout' pattern does not match a message without a ftp user name given. here is the message from syslog: Feb 14 16:31:51 web1 pure-ftpd: (?@84.133.64.201) [INFO] Logout. although the missing user name from pure-ftpd is not correct the message is not 'critical', or? -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.26 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck depends on: ii adduser 3.59 Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.30.11 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.34 A database of system log rules for ii logtail 1.2.34 Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent ii postfix [mail-tr 2.1.5-5 A high-performance mail transport ii sysklogd [system 1.4.1-16 System Logging Daemon -- debconf information: logcheck/changes: * logcheck/install-note:
Jamie L. Penman-Smithson
2005-Feb-15 11:41 UTC
[Logcheck-devel] Bug#295257: logcheck: ignore.d.server pure-ftpd 'Logout' without user name not matched
tag 295257 pending thanks On Mon, 2005-02-14 at 19:48 +0100, Ingo Theiss wrote:> the 'Logout' pattern does not match a message without a ftp user name > given. here is the message from syslog: > > Feb 14 16:31:51 web1 pure-ftpd: (?@84.133.64.201) [INFO] Logout.I'm a bit confused as to how someone can 'logout' when they haven't logged in yet? However that's not really relevant..> although the missing user name from pure-ftpd is not correct the message > is not 'critical', or?I've never used pure-ftpd so I don't really know. Since this is being logged as INFO it's /probably/ not anything significant. Added the following (updated) rule to CVS: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \([\?.[:alnum:]-]+@[._[:alnum:]-]+\) \[INFO\] Logout.$ Thanks, -- -jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org w: http://www.silverdream.org | p: sms at silverdream.org pgp key @ http://silverdream.org/~jps/pub.key 21:30:02 up 17 min, 2 users, load average: 2.65, 2.52, 1.58 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050215/966e2545/attachment.pgp
Debian Bug Tracking System
2005-Feb-15 12:03 UTC
[Logcheck-devel] Processed: Re: Bug#295257: logcheck: ignore.d.server pure-ftpd 'Logout' without user name not matched
Processing commands for control at bugs.debian.org:> tag 295257 pendingBug#295257: logcheck: ignore.d.server pure-ftpd 'Logout' without user name not matched There were no tags set. Tags added: pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2005-Feb-21 06:18 UTC
[Logcheck-devel] Bug#295257: marked as done (logcheck: ignore.d.server pure-ftpd 'Logout' without user name not matched)
Your message dated Mon, 21 Feb 2005 01:02:09 -0500 with message-id <E1D36e1-0004nQ-00 at newraff.debian.org> and subject line Bug#295257: fixed in logcheck 1.2.35 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 14 Feb 2005 18:48:44 +0000>From ingo.theiss at i-matrixx.de Mon Feb 14 10:48:44 2005Return-path: <ingo.theiss at i-matrixx.de> Received: from web1.planet-multiplayer.de [82.149.225.235] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1D0lH2-0004Z8-00; Mon, 14 Feb 2005 10:48:44 -0800 Received: by web1.planet-multiplayer.de (Postfix, from userid 0) id E41449FE; Mon, 14 Feb 2005 19:48:16 +0100 (CET) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Ingo Theiss <ingo.theiss at i-matrixx.de> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: logcheck: ignore.d.server pure-ftpd 'Logout' without user name not matched X-Mailer: reportbug 3.2 Date: Mon, 14 Feb 2005 19:48:16 +0100 Message-Id: <20050214184816.E41449FE at web1.planet-multiplayer.de> Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: logcheck Version: 1.2.34 Severity: normal the 'Logout' pattern does not match a message without a ftp user name given. here is the message from syslog: Feb 14 16:31:51 web1 pure-ftpd: (?@84.133.64.201) [INFO] Logout. although the missing user name from pure-ftpd is not correct the message is not 'critical', or? -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.26 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck depends on: ii adduser 3.59 Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.30.11 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.34 A database of system log rules for ii logtail 1.2.34 Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent ii postfix [mail-tr 2.1.5-5 A high-performance mail transport ii sysklogd [system 1.4.1-16 System Logging Daemon -- debconf information: logcheck/changes: * logcheck/install-note: --------------------------------------- Received: (at 295257-close) by bugs.debian.org; 21 Feb 2005 06:08:40 +0000>From katie at ftp-master.debian.org Sun Feb 20 22:08:40 2005Return-path: <katie at ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1D36kK-0003KB-00; Sun, 20 Feb 2005 22:08:40 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1D36e1-0004nQ-00; Mon, 21 Feb 2005 01:02:09 -0500 From: Todd Troxell <ttroxell at debian.org> To: 295257-close at bugs.debian.org X-Katie: $Revision: 1.55 $ Subject: Bug#295257: fixed in logcheck 1.2.35 Message-Id: <E1D36e1-0004nQ-00 at newraff.debian.org> Sender: Archive Administrator <katie at ftp-master.debian.org> Date: Mon, 21 Feb 2005 01:02:09 -0500 Delivered-To: 295257-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 5 Source: logcheck Source-Version: 1.2.35 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.35_all.deb to pool/main/l/logcheck/logcheck-database_1.2.35_all.deb logcheck_1.2.35.dsc to pool/main/l/logcheck/logcheck_1.2.35.dsc logcheck_1.2.35.tar.gz to pool/main/l/logcheck/logcheck_1.2.35.tar.gz logcheck_1.2.35_all.deb to pool/main/l/logcheck/logcheck_1.2.35_all.deb logtail_1.2.35_all.deb to pool/main/l/logcheck/logtail_1.2.35_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 295257 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sunday, 20 Feb 2005 23:17:00 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.35 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 286307 294612 294950 295254 295257 295418 296014 296110 296214 Changes: logcheck (1.2.35) unstable; urgency=low . maks: * logtail fix invocation without switches (compat to old versions). * Add smartd rule, whitespace fix openvpn rule, merge old smartd rules. * Add rule for imaplogin disconnected + logout messages. (closes: #294950, #295418) * Add rule violations.ignore.d/logcheck-ssh + rule ignore.d.server/ssh for the PARANOID wildcard in /etc/hosts.deny. * Match dots as dots aka '\.' in all rules. * Add kernel rules at level workstation (annoying apm, usb storage) * Fix gconf SIGHUP rule (dup whitespace). jamie: * Add rules for webmin (closes: #286307). * Add rules for postfix 2.2, innd. * Modify rule for pure-ftpd logout messages (closes: #294612). * Add rule for pure-ftpd timeout messages (closes: #295254). * Modify rule for pure-ftpd logout messages to match even if username is missing(!) (closes: #295257). * Add rules in violations.ignore.d/logcheck-postfix for certificate verification failures. * Add rule for courierpop3login (closes: 296014). * Add rule in violations.ignore.d/logcheck-pureftp for upload/download messages (closes: #296110). todd: * Correct link syntax in copyright (closes: 296214). * Add comments to clarify postinst Files: 61d0e485a23687ccc2fd0d179409eb1d 703 admin optional logcheck_1.2.35.dsc a55d9a93f5057c79a6d34ff8191f29be 91356 admin optional logcheck_1.2.35.tar.gz 37be562cc7a5f47023f1783563e2732a 43194 admin optional logcheck_1.2.35_all.deb 9f9371ba32b41374c98eddfb203b9662 59144 admin optional logcheck-database_1.2.35_all.deb 1034df8adfa7d11f126684ce911008db 26332 admin optional logtail_1.2.35_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCGXP04u3oQ3FHP2YRAhKbAKDA5cfe1HPJH6erP1JxNlQd4aiauwCfawoj +khFMcDmYlFYNluR6CG6f54=9LS0 -----END PGP SIGNATURE-----