Hello, when I upgraded my server to stable I started getting a dozen of messages a day from logcheck, each as big as something like 200Kb to 300Kb. I started looking around the internet and I found a lot of ignore rules written for Debian Stable sitting in the BTS, in the wiki or somewhere else around the internet: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681934 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=705988 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=755374 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775090 https://wiki.debian.org/systemd/logcheck https://gist.github.com/towo/9600375 After adding those ignore rules, the mails I received started to be at least readable and I noticed ONE actual problem, which I fixed right away. I would never have noticed it without those extra ignore rules. Even after installing those ignore rules, I still get about ten messages a day, mostly with just one false positive line in them. It feels like playing wack-a-mole. All of this is turning logcheck from something that gives early warnings about problems in a system, into a daily nuisance that adds noise to my inbox. I do not dare to just write and deploy my own rules, because I would like to use ignore rules that have at least been peer reviewed. Would it be possible to have updates of logcheck rules for stable, either via backports or proposed-updates, so that it can be useful by default on stable systems? I'm attaching a tarball with the rules I have collected so far, commented with source information. Thank you, Enrico -- GPG key: 4096R/E7AD5568 2009-05-08 Enrico Zini <enrico at enricozini.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: local.tar.xz Type: application/x-xz Size: 3612 bytes Desc: not available URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20160317/ab56218f/attachment.bin> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: not available URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20160317/ab56218f/attachment.sig>
Hannes von Haugwitz
2016-Mar-17 17:20 UTC
[Logcheck-devel] Logcheck database updates on stable
Hi, On Thu, Mar 17, 2016 at 02:46:43PM +0100, Enrico Zini wrote:> Would it be possible to have updates of logcheck rules for stable, > either via backports or proposed-updates, so that it can be useful by > default on stable systems?I'll look after logcheck within the next weeks. Best regards Hannes