Marc Sherman
2004-Dec-19 15:41 UTC
[Logcheck-devel] Bug#286331: logcheck-database: Restart messages for spamd (when using rulesdujour)
Package: logcheck-database
Version: 1.2.31
Severity: wishlist
Tags: patch
I don't know if you want to include these rules in the logcheck-database
package; the log messages are caused by a local install at my site of
rulesdujour, which restarts spamd in the daily cron job when the
downloaded rules are updated.
The following messages are logged when this happens:
Dec 19 07:20:41 pyloric spamd[23676]: server killed by SIGTERM, shutting
down
Dec 19 07:20:43 pyloric root: spamd starting
Dec 19 07:20:58 pyloric spamd[679]: server started on port 783/tcp
(running version 2.64)
The patch is for /etc/logcheck/ignore.d.server/spamd. I think you'll
want to make it more generic for the port/version numbers, though.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-k7
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.4.30.10 Debian configuration management sy
-- debconf information:
logcheck-database/conffile-cleanup: false
logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
-------------- next part --------------
--- spamd.orig 2004-11-09 03:27:08.000000000 -0500
+++ spamd 2004-12-19 10:37:02.000000000 -0500
@@ -3,3 +3,6 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (checking|processing)
message .* for [._[:alnum:]-]+:[0-9]+\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: clean message
\([0-9.-]+/[0-9.]+\) for [._[:alnum:]-]+:[0-9]+ in [0-9.]+ seconds, [0-9]+
bytes\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: identified spam
\([0-9.-]+/[0-9.]+\) for [._[:alnum:]-]+:[0-9]+ in [0-9.]+ seconds, [0-9]+
bytes\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: server killed by SIGTERM,
shutting down$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: server started on port
783/tcp (running version 2.64)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ root: spamd starting$
maximilian attems
2004-Dec-20 21:25 UTC
Bug#286331: [Logcheck-devel] Bug#286331: logcheck-database: Restart messages for spamd (when using rulesdujour)
tags 286331 wontfix thanks On Sun, 19 Dec 2004, Marc Sherman wrote:> I don't know if you want to include these rules in the logcheck-database > package; the log messages are caused by a local install at my site of > rulesdujour, which restarts spamd in the daily cron job when the > downloaded rules are updated.logcheck doesnot filter startup and daemon stop log messages, as admins want to know those. if you still care you might want to sent a patch for level workstation? there rules are less tighter. regards -- maks
Debian Bug Tracking System
2004-Dec-20 21:33 UTC
Processed: Re: [Logcheck-devel] Bug#286331: logcheck-database: Restart messages for spamd (when using rulesdujour)
Processing commands for control at bugs.debian.org:> tags 286331 wontfixBug#286331: logcheck-database: Restart messages for spamd (when using rulesdujour) Tags were: patch Tags added: wontfix> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2005-Jan-06 13:03 UTC
[Logcheck-devel] Bug#286331: marked as done (logcheck-database: Restart messages for spamd (when using rulesdujour))
Your message dated Thu, 6 Jan 2005 13:57:11 +0100 with message-id <20050106125711.GB2600 at stro.at> and subject line [Logcheck-devel] Bug#286331: logcheck-database: Restart messages for spamd (when using rulesdujour) has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 19 Dec 2004 15:41:40 +0000>From msherman at projectile.ca Sun Dec 19 07:41:40 2004Return-path: <msherman at projectile.ca> Received: from mx2.magma.ca [206.191.0.250] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cg3Bk-0005G9-00; Sun, 19 Dec 2004 07:41:40 -0800 Received: from mail1.magma.ca (mail1.magma.ca [206.191.0.252]) by mx2.magma.ca (8.13.0/8.13.0) with ESMTP id iBJFfcOY024247 for <submit at bugs.debian.org>; Sun, 19 Dec 2004 10:41:39 -0500 Received: from pyloric.projectile.ca (ottawa-hs-209-217-79-58.d-ip.magma.ca [209.217.79.58]) by mail1.magma.ca (8.13.0/8.13.0) with ESMTP id iBJFfbfW020986 (version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT) for <submit at bugs.debian.org>; Sun, 19 Dec 2004 10:41:38 -0500 Received: from msherman by pyloric.projectile.ca with local (Exim 4.34) id 1Cg3Bh-0000sE-0e; Sun, 19 Dec 2004 10:41:37 -0500 Content-Type: multipart/mixed; boundary="===============0313246506==" MIME-Version: 1.0 From: Marc Sherman <msherman at projectile.ca> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: logcheck-database: Restart messages for spamd (when using rulesdujour) X-Mailer: reportbug 3.2 Date: Sun, 19 Dec 2004 10:41:36 -0500 Message-Id: <E1Cg3Bh-0000sE-0e at pyloric.projectile.ca> Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: This is a multi-part MIME message sent by reportbug. --===============0313246506=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline Package: logcheck-database Version: 1.2.31 Severity: wishlist Tags: patch I don't know if you want to include these rules in the logcheck-database package; the log messages are caused by a local install at my site of rulesdujour, which restarts spamd in the daily cron job when the downloaded rules are updated. The following messages are logged when this happens: Dec 19 07:20:41 pyloric spamd[23676]: server killed by SIGTERM, shutting down Dec 19 07:20:43 pyloric root: spamd starting Dec 19 07:20:58 pyloric spamd[679]: server started on port 783/tcp (running version 2.64) The patch is for /etc/logcheck/ignore.d.server/spamd. I think you'll want to make it more generic for the port/version numbers, though. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-k7 Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.30.10 Debian configuration management sy -- debconf information: logcheck-database/conffile-cleanup: false logcheck-database/rules-directories-note: logcheck-database/standard-rename-note: --===============0313246506=Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="spamd.patch" --- spamd.orig 2004-11-09 03:27:08.000000000 -0500 +++ spamd 2004-12-19 10:37:02.000000000 -0500 @@ -3,3 +3,6 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (checking|processing) message .* for [._[:alnum:]-]+:[0-9]+\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: clean message \([0-9.-]+/[0-9.]+\) for [._[:alnum:]-]+:[0-9]+ in [0-9.]+ seconds, [0-9]+ bytes\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: identified spam \([0-9.-]+/[0-9.]+\) for [._[:alnum:]-]+:[0-9]+ in [0-9.]+ seconds, [0-9]+ bytes\.$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: server killed by SIGTERM, shutting down$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: server started on port 783/tcp (running version 2.64)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ root: spamd starting$ --===============0313246506==-- --------------------------------------- Received: (at 286331-done) by bugs.debian.org; 6 Jan 2005 12:57:14 +0000>From max at stro.at Thu Jan 06 04:57:14 2005Return-path: <max at stro.at> Received: from baikonur.stro.at [213.239.196.228] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CmXCU-00069N-00; Thu, 06 Jan 2005 04:57:14 -0800 Received: from sputnik (stallburg.stro.at [128.131.216.190]) by baikonur.stro.at (Postfix) with ESMTP id EEAB65C007 for <286331-done at bugs.debian.org>; Thu, 6 Jan 2005 13:57:07 +0100 (CET) Received: from max by sputnik with local (Exim 4.34) id 1CmXCR-0002ET-OF for 286331-done at bugs.debian.org; Thu, 06 Jan 2005 13:57:11 +0100 Date: Thu, 6 Jan 2005 13:57:11 +0100 From: maximilian attems <debian at sternwelten.at> To: 286331-done at bugs.debian.org Subject: Re: [Logcheck-devel] Bug#286331: logcheck-database: Restart messages for spamd (when using rulesdujour) Message-ID: <20050106125711.GB2600 at stro.at> References: <E1Cg3Bh-0000sE-0e at pyloric.projectile.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <E1Cg3Bh-0000sE-0e at pyloric.projectile.ca> User-Agent: Mutt/1.5.6+20040907i Sender: maximilian attems <max at stro.at> X-Virus-Scanned: by Amavis (ClamAV) at stro.at Delivered-To: 286331-done at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: On Sun, 19 Dec 2004, Marc Sherman wrote:> package; the log messages are caused by a local install at my site of > rulesdujour, which restarts spamd in the daily cron job when the > downloaded rules are updated. > > The following messages are logged when this happens: > Dec 19 07:20:41 pyloric spamd[23676]: server killed by SIGTERM, shutting > down > Dec 19 07:20:43 pyloric root: spamd starting > Dec 19 07:20:58 pyloric spamd[679]: server started on port 783/tcp > (running version 2.64)this looks like an "security event" which logcheck out of policy won't filter, please include that in your local-spamd file in /etc/logcheck/violations.ignore.d/. thanks for your reports! current logcheck cvs will be released soon. -- maks
Marc Sherman
2005-Jan-06 13:52 UTC
Bug#286331: acknowledged by developer (Re: [Logcheck-devel] Bug#286331: logcheck-database: Restart messages for spamd (when using rulesdujour))
maximilian attems wrote:> >>package; the log messages are caused by a local install at my site of >>rulesdujour, which restarts spamd in the daily cron job when the >>downloaded rules are updated. >> >>The following messages are logged when this happens: >>Dec 19 07:20:41 pyloric spamd[23676]: server killed by SIGTERM, shutting >>down >>Dec 19 07:20:43 pyloric root: spamd starting >>Dec 19 07:20:58 pyloric spamd[679]: server started on port 783/tcp >>(running version 2.64) > > > this looks like an "security event" which logcheck out of policy > won't filter, please include that in your local-spamd file > in /etc/logcheck/violations.ignore.d/.Nope, those aren't picked up as violations -- I've had them filtered in my ignore.server.d/spamd for a while now, and it works just fine. I understand if you don't want to add them to the distro, though, so please let me know and I'll move them to ignore.server.d/local-spamd. Will logcheck complain if there's a foo and a local-foo in the same directory? Thanks, - Marc