flavien
2005-Oct-17 10:24 UTC
[Logcheck-devel] Bug#334342: logcheck-database: regexp for postfix/anvil is too restrictive
Package: logcheck-database Version: 1.2.39 Severity: normal postfix configuration (master.cf) allows the administrator to specify a machine name/IP before the "smtp" keyword. For example, I have : 1.2.3.4:smtp inet n - n - - smtpd In this case, when remote server 4.5.6.7 connects too fast, anvil logs look like : Oct 17 06:27:33 red postfix/anvil[10531]: statistics: max connection rate 1/60s for (1.2.3.4:smtp:4.5.6.7) at Oct 17 06:09:23 Because of the "1.2.3.4:" before "smtp", the current regexp in /etc/logcheck/ignore.d.server/postfix does not match. I suggest it to be changed to: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max connection (count|rate) [/[:digit:]s]+ for \(([.[:alnum:]-]+:)?smtp(s)?:[.:[:digit:]]+\) at \w{3} [ :0-9]{11}$ -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy
Jamie L. Penman-Smithson
2005-Oct-18 20:09 UTC
Bug#334342: [Logcheck-devel] Bug#334342: logcheck-database: regexp for postfix/anvil is too restrictive
package logcheck-database tags 334342 pending thanks On Mon, 2005-10-17 at 12:24 +0200, flavien wrote:> postfix configuration (master.cf) allows the administrator to specify a > machine name/IP before the "smtp" keyword. For example, I have : > > 1.2.3.4:smtp inet n - n - - smtpd > > In this case, when remote server 4.5.6.7 connects too fast, anvil logs > look like : > Oct 17 06:27:33 red postfix/anvil[10531]: statistics: max connection rate 1/60s for (1.2.3.4:smtp:4.5.6.7) at Oct 17 06:09:23Thanks for your bug report, this will be fixed in the next release. -- -Jamie L. Penman-Smithson <jamie at silverdream.org> t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: oubliette.z at gmail.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051018/185d2432/attachment.pgp
Debian Bug Tracking System
2005-Oct-18 20:18 UTC
Processed: Re: [Logcheck-devel] Bug#334342: logcheck-database: regexp for postfix/anvil is too restrictive
Processing commands for control at bugs.debian.org:> package logcheck-databaseIgnoring bugs not assigned to: logcheck-database> tags 334342 pendingBug#334342: logcheck-database: regexp for postfix/anvil is too restrictive There were no tags set. Tags added: pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2005-Oct-23 04:48 UTC
[Logcheck-devel] Bug#334342: marked as done (logcheck-database: regexp for postfix/anvil is too restrictive)
Your message dated Sat, 22 Oct 2005 21:32:06 -0700 with message-id <E1ETXWg-0003nl-00 at spohr.debian.org> and subject line Bug#334342: fixed in logcheck 1.2.42 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 17 Oct 2005 10:24:20 +0000>From flavien-debian at lebarbe.net Mon Oct 17 03:24:20 2005Return-path: <flavien-debian at lebarbe.net> Received: from red.intersec.fr (mx1.intersec.fr) [213.251.145.201] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1ERSAG-0002g8-00; Mon, 17 Oct 2005 03:24:20 -0700 Received: from mx1.intersec.fr (localhost [127.0.0.1]) by mx1.intersec.fr (Postfix) with ESMTP id 1FD591168AB for <submit at bugs.debian.org>; Mon, 17 Oct 2005 12:24:19 +0200 (CEST) Received: by mx2.intersec.fr (Postfix, from userid 1004) id D1F47E2CFD; Mon, 17 Oct 2005 12:24:18 +0200 (CEST) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: flavien <flavien-debian at lebarbe.net> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: logcheck-database: regexp for postfix/anvil is too restrictive X-Mailer: reportbug 3.8 Date: Mon, 17 Oct 2005 12:24:18 +0200 Message-Id: <20051017102418.D1F47E2CFD at mx2.intersec.fr> X-AV-Checked: Intersec's mighty antivirus Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: logcheck-database Version: 1.2.39 Severity: normal postfix configuration (master.cf) allows the administrator to specify a machine name/IP before the "smtp" keyword. For example, I have : 1.2.3.4:smtp inet n - n - - smtpd In this case, when remote server 4.5.6.7 connects too fast, anvil logs look like : Oct 17 06:27:33 red postfix/anvil[10531]: statistics: max connection rate 1/60s for (1.2.3.4:smtp:4.5.6.7) at Oct 17 06:09:23 Because of the "1.2.3.4:" before "smtp", the current regexp in /etc/logcheck/ignore.d.server/postfix does not match. I suggest it to be changed to: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max connection (count|rate) [/[:digit:]s]+ for \(([.[:alnum:]-]+:)?smtp(s)?:[.:[:digit:]]+\) at \w{3} [ :0-9]{11}$ -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy --------------------------------------- Received: (at 334342-close) by bugs.debian.org; 23 Oct 2005 04:38:03 +0000>From katie at spohr.debian.org Sat Oct 22 21:38:03 2005Return-path: <katie at spohr.debian.org> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1ETXWg-0003nl-00; Sat, 22 Oct 2005 21:32:06 -0700 From: Todd Troxell <ttroxell at debian.org> To: 334342-close at bugs.debian.org X-Katie: $Revision: 1.56 $ Subject: Bug#334342: fixed in logcheck 1.2.42 Message-Id: <E1ETXWg-0003nl-00 at spohr.debian.org> Sender: Archive Administrator <katie at spohr.debian.org> Date: Sat, 22 Oct 2005 21:32:06 -0700 Delivered-To: 334342-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 4 Source: logcheck Source-Version: 1.2.42 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.42_all.deb to pool/main/l/logcheck/logcheck-database_1.2.42_all.deb logcheck_1.2.42.dsc to pool/main/l/logcheck/logcheck_1.2.42.dsc logcheck_1.2.42.tar.gz to pool/main/l/logcheck/logcheck_1.2.42.tar.gz logcheck_1.2.42_all.deb to pool/main/l/logcheck/logcheck_1.2.42_all.deb logtail_1.2.42_all.deb to pool/main/l/logcheck/logtail_1.2.42_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 334342 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 22 Oct 2005 23:14:54 -0400 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.42 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 312393 324347 324451 324613 324615 324751 325800 325801 325874 327088 327100 327114 328251 328632 330208 331282 332707 332807 333233 333456 333461 334342 334415 335021 Changes: logcheck (1.2.42) unstable; urgency=low . [ maximilian attems ] * Add dccproc timeout rule. * Only source the conffile if we can read it. Should enable logcheck runs directly out of the logcheck source. * Default to send mail to local root otherwise messages go to Nirvana. * Check if conffile with list of logfiles is readable. * Fallback to read syslog if no logfile is provided. * Enhance bind rules ignore NSTATS loglines, remove dup. (Closes: #324751) * Add rule for recent nfs mountd messages. Thanks to toby cabot <toby at caboteria.org>. (Closes: #325800) * Move imap file to server level, not appropriate for paranoid. * Add imap ignore rule for moved bytes, seems pretty normal imap usage. Thanks to toby cabot <toby at caboteria.org>. (Closes: #325801) * Add rule for Postponed keyboard-interactive ssh logins. * Update some usb rules for usb-storage and phone devices. (Closes: #324347) * Update horde3 rules the identifier can be changed by the user to any char. Thanks to Martin Lohmeier <martin at mein-horde.de> (Closes: #324613) * Add imp4 rule for successful logins. Thanks to Martin Lohmeier <martin at mein-horde.de> (Closes: #324615) * Bumped standards to 3.6.2. * Fix exim4 rule for more modern tls string. * logcheck.8 fix add full path to README.logcheck-database.gz. (Closes: #328632) . [ Jamie Penman-Smithson ] * Add the first rules for mon. Thanks to Robbert Muller <muller at muze.nl>. (Closes: #324451) * Modify dovecot rules to match ipv6 addresses too. (Closes: #327088) * Add first polypaudio rules in workstation to suppress module-alsa-sink.c messages. (Closes: #331282) * Add first rules for tftpd, suppress 'connect' and 'get file' messages. (Closes: #333456) * Fix dovecot rules to match the new format log messages in 1.0. (Closes: #332707, #333461) * Fix proftpd rules to match ipv6 addresses. Thanks to Elmar Hoffmann <elho at elho.net> (Closes: #332807) * Update ssh rules to suppress reverse DNS warnings. Thanks to Elmar Hoffmann <elho at elho.net> (Closes: #333233) * Update nagios rules to match host UNREACHABLE notification messages. (Closes: #325874) * Add the first rules for popa3d. (Closes: #328251) * Fix group permissions for /var/lock/logcheck on install or upgrade so logcheck can be executed by the logcheck group. (Closes: #330208) * Add Swedish translation, thanks to Daniel Nylander <yeager at lidkoping.net>. (Closes: #334415) * Fix anvil max rate rule to match statistics messages when postfix is bound to a specific IP. (Closes: #334342) * Modify spamd rules to match log message format in 3.1. (Closes: #335021) . [ Todd Troxell ] * Add check for lockfile-progs to aid non-debian installations. * Set logcheck to remove cleanup trap if an error occours while getting lockfile. This will prevent many confusing error messages. * Add error reporting on -o option * Add IPv6 support to bind rules. Thanks Marco Nenciarin <mnencia at prato.linux.it> (Closes: #327100) * Add IPV6 support to postfix rules. Thanks Marco Nenciarin <mnencia at prato.linux.it> (Closes: #327114) * Add INSTALL documentation for manual/non-Debian installation. * Add 5 receive rules for hylafax's FaxGetty. * Call adduser without --home flag in postinst. (Closes: #312393) Files: bb7c028e97c78ab67d9c8417de1d1d3b 736 admin optional logcheck_1.2.42.dsc a17f485774e5c00cb314b74c30d0929c 104787 admin optional logcheck_1.2.42.tar.gz e06b1c7bea38cf6b8a6977df05997481 48606 admin optional logcheck_1.2.42_all.deb 54f5ed99e3e602561f69e39cf5236800 66628 admin optional logcheck-database_1.2.42_all.deb f2875097308d99e0663d9d583b1548b5 30976 admin optional logtail_1.2.42_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDWw344u3oQ3FHP2YRAm+4AJ4g+FoIjbpI67yD8N9sBXE+Gok5pQCfRF7+ K2Akj9p3eKdJdHqBKRFJjfA=lJbY -----END PGP SIGNATURE-----