Jonas Meurer
2004-Sep-12 12:25 UTC
[Logcheck-devel] Bug#271286: minor fix for ignore.d.server/oidentd
Package: logcheck
Version: 1.2.27
Severity: wishlist
hello,
in ignore.d.server/oidentd you have:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
[._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$
anyway, some oidentd logs don't have a hostname:
oidentd[34562]: Connection from 241.145.24.135:2353
therefore you have to add:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
\([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$
but maybe this works for both directives:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
[._[:alnum:]-]* \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$
bye
jonas
maks attems
2004-Sep-12 22:19 UTC
Bug#271286: [Logcheck-devel] Bug#271286: minor fix for ignore.d.server/oidentd
On Sun, 12 Sep 2004, Jonas Meurer wrote:> in ignore.d.server/oidentd you have: > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \ > [._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$ > > anyway, some oidentd logs don't have a hostname: > oidentd[34562]: Connection from 241.145.24.135:2353could you post full log line?> therefore you have to add: > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \ > \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$hmm that shouldn't work for aboves messages because of the enclosed '\(...\)' you can easily test your regexes in a file like local-oidentd put in the /etc/logcheck/ignore.d.server. please report back. :) -- maks
Debian Bug Tracking System
2004-Sep-22 21:03 UTC
[Logcheck-devel] Bug#271286: marked as done (minor fix for ignore.d.server/oidentd)
Your message dated Wed, 22 Sep 2004 16:47:06 -0400 with message-id <E1CAE14-0001My-00 at newraff.debian.org> and subject line Bug#271286: fixed in logcheck 1.2.28 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 12 Sep 2004 12:26:01 +0000>From jonas at freesources.org Sun Sep 12 05:26:01 2004Return-path: <jonas at freesources.org> Received: from ns2.kidns.de (diana50.kidns.de) [62.75.129.11] (Debian-exim) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1C6TQf-0000VJ-00; Sun, 12 Sep 2004 05:26:01 -0700 Received: from pd9e9c8cd.dip0.t-ipconnect.de ([217.233.200.205] helo=resivo.mejo.net ident=Debian-exim) by diana50.kidns.de with asmtp (TLS-1.0:RSA_ARCFOUR_SHA:16) (Exim 4.34) id 1C6TQa-0004U4-H8; Sun, 12 Sep 2004 14:25:56 +0200 Received: from jonas by resivo.mejo.net with local (Exim 4.34) id 1C6TQc-0002QY-TS; Sun, 12 Sep 2004 14:25:58 +0200 Date: Sun, 12 Sep 2004 14:25:58 +0200 From: Jonas Meurer <jonas at freesources.org> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: minor fix for ignore.d.server/oidentd Message-ID: <20040912122555.GA9323 at resivo.mejo.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Reportbug-Version: 2.64 User-Agent: Mutt/1.5.6+20040818i Sender: jonas <jonas at freesources.org> X-SA-Exim-Connect-IP: 217.233.200.205 X-SA-Exim-Mail-From: jonas at freesources.org X-SA-Exim-Scanned: No (on diana50.kidns.de); SAEximRunCond expanded to false Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: logcheck Version: 1.2.27 Severity: wishlist hello, in ignore.d.server/oidentd you have: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \ [._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$ anyway, some oidentd logs don't have a hostname: oidentd[34562]: Connection from 241.145.24.135:2353 therefore you have to add: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$ but maybe this works for both directives: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \ [._[:alnum:]-]* \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$ bye jonas --------------------------------------- Received: (at 271286-close) by bugs.debian.org; 22 Sep 2004 20:58:38 +0000>From katie at ftp-master.debian.org Wed Sep 22 13:58:37 2004Return-path: <katie at ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CAECD-0000M3-00; Wed, 22 Sep 2004 13:58:37 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1CAE14-0001My-00; Wed, 22 Sep 2004 16:47:06 -0400 From: Todd Troxell <ttroxell at debian.org> To: 271286-close at bugs.debian.org X-Katie: $Revision: 1.51 $ Subject: Bug#271286: fixed in logcheck 1.2.28 Message-Id: <E1CAE14-0001My-00 at newraff.debian.org> Sender: Archive Administrator <katie at ftp-master.debian.org> Date: Wed, 22 Sep 2004 16:47:06 -0400 Delivered-To: 271286-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: X-CrossAssassin-Score: 3 Source: logcheck Source-Version: 1.2.28 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.28_all.deb to pool/main/l/logcheck/logcheck-database_1.2.28_all.deb logcheck_1.2.28.dsc to pool/main/l/logcheck/logcheck_1.2.28.dsc logcheck_1.2.28.tar.gz to pool/main/l/logcheck/logcheck_1.2.28.tar.gz logcheck_1.2.28_all.deb to pool/main/l/logcheck/logcheck_1.2.28_all.deb logtail_1.2.28_all.deb to pool/main/l/logcheck/logtail_1.2.28_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 271286 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wednesday, 22 Sep 2004 16:35:03 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.28 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 260743 270398 271286 271482 Changes: logcheck (1.2.28) unstable; urgency=low . maks: * Small fixes: join 2 lines in ignore.d.server/postfix, add '^' for start-of-line ignore.d.server/scponly (Closes: #270398) * Small rule update oidentd (Closes: #271286) * Check if logcheck has the permissions to read the offsetfiles. * Allow Hostname for logcheck mail to be set by commandline switch for log hosts. thanks to Joerg Jaspert <joerg at debian.org> * Minor comment fixes for picky readers. * Handle lack of permissions gracefully. (Closes: #271482) * Small update dhcp for dyndns support. (Closes: #260743) * Add a sendfile rule at level workstation for its connect syslogging. Files: 8c637493c86f9837bf562948ab13b2c0 668 admin optional logcheck_1.2.28.dsc 6e4d2752d7d6ff9ce715b72f54008d5b 81327 admin optional logcheck_1.2.28.tar.gz d1ffd289685832e7996435d5ae3c45cb 39542 admin optional logcheck_1.2.28_all.deb 4826a618a56a8972fbeb8d5d9ddb38ff 48216 admin optional logcheck-database_1.2.28_all.deb 304d26bb982ee707fc522222ef6eb58b 23138 admin optional logtail_1.2.28_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBUeJd4u3oQ3FHP2YRArC7AKCDxvbr8v3stHMV4A0F8bPxs2F+NQCfck+7 pLnknmV272C+HIjbcLRTrPk=7w+3 -----END PGP SIGNATURE-----