Logcheck devel - Jan 2007 - Bug#406179: logcheck-database: deamon name for openvpn is openvpn and not ovpn-...

Package: logcheck-database
Severity: normal
Tags: patch


The current rules for openvpn in ignore.d.server/openvpn use something
as:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]\[[0-9]+\]: ...
whereas I have in my syslog file :
Jan  9 06:50:34 atsina openvpn[26524]: ...

I suggest to change all rules in ignore.d.server/openvpn in something
as:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|(ovpn-[._[:alnum:]-]))\[[0-9]+\]:
...
(it works for me)

I do not know when the openvpn deamon changes its name in the log, so I
do not know if it is still needed to keep the ovpn-[._[:alnum:]-] part
I cc the openvpn maintainer in case he knows.

  Best regards
    Vincent

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (990, 'unstable'), (500, 'testing'), (500,
'stable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)

reopen #406179
thank

martin f krafft wrote:
> openvpn renames itself for each configuration you start. there is no
> default. thus this is no bug.
In this case, the regexp in the logcheck rules should be permissive enough.
In fact, I just see that openvpn logs its messages with 'ovpn-server' on
my server
and with 'openvpn' on all my clients.
So the logcheck rules are good for an openvpn server but not for an openvpn
client.
Why don't you want to allow 'openvpn' in addition to
'ovpn-[._[:alnum:]-]+' ?

Or perhaps, you would like to write another logcheck rule in
ignore.d.workstation
with the same contents except 'ovpn-[._[:alnum:]-]+' replaced by
'openvpn' ?

  Best regards,
  Vincent

Processing commands for control at bugs.debian.org:
> reopen #406179
Bug#406179: logcheck-database: deamon name for openvpn is openvpn and not
ovpn-...
Bug reopened, originator not changed.
> thank
Stopping processing here.

Please contact me if you need assistance.

Debian bug tracking system administrator
(administrator, Debian Bugs database)

On Tue, Jan 09, 2007 at 11:32:22AM +0100, Vincent Danjean
wrote:
> The current rules for openvpn in ignore.d.server/openvpn use something
> as:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ovpn-[._[:alnum:]-]\[[0-9]+\]: ...
> whereas I have in my syslog file :
> Jan  9 06:50:34 atsina openvpn[26524]: ...
> 
> I suggest to change all rules in ignore.d.server/openvpn in something
> as:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
(openvpn|(ovpn-[._[:alnum:]-]))\[[0-9]+\]: ...
> (it works for me)
> 
> I do not know when the openvpn deamon changes its name in the log, so I
> do not know if it is still needed to keep the ovpn-[._[:alnum:]-] part
> I cc the openvpn maintainer in case he knows.

Hi, your patch is correct. The name in the log depends on whether the
'daemon' option was specified or not in the configuration file. From the
init.d script:

    if grep -q '^[       ]*daemon' $CONFIG_DIR/$NAME.conf ; then
      # daemon already given in config file
      DAEMONARG    else
      # need to daemonize
      DAEMONARG="--daemon ovpn-$NAME"
    fi

Regards,

Alberto

-- 
Alberto Gonzalez Iniesta    | Formaci?n, consultor?a y soporte t?cnico
agi@(inittab.org|debian.org)| en GNU/Linux y software libre
Encrypted mail preferred    | http://inittab.com

Key fingerprint = 9782 04E7 2B75 405C F5E9  0C81 C514 AF8E 4BA4 01C3