thr3ads.net - Logcheck devel - [Logcheck-devel] Bug#252966: Debug mode [Jun 2004]

If this information is useful, please help other people find it:
Share via:

Damien Raude-Morvan

2004-Jun-06 13:51 UTC

[Logcheck-devel] Bug#252966: Debug mode

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Some debug output from logcheck for the same error :

-
-------------------------------------------------------------------------------------------
D: [1086529418] Sourcing - /etc/logcheck/logcheck.conf
D: [1086529418] Finished getopts
D: [1086529418] Trying to get lockfile: /var/lock/logcheck.lock
D: [1086529418] Running lockfile-touch /var/lock/logcheck.lock
D: [1086529418] cleanrules: /etc/logcheck/cracking.d/logcheck
D: [1086529418] cleanrules: /etc/logcheck/violations.d/logcheck
D: [1086529419] cleanrules: /etc/logcheck/violations.d/su
D: [1086529419] cleanrules: /etc/logcheck/violations.d/sudo
D: [1086529419] cleanrules: /etc/logcheck/violations.ignore.d/hotplug
D: [1086529420] cleanrules: /etc/logcheck/violations.ignore.d/innd
D: [1086529420] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-bind
D: [1086529420] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-innd
D: [1086529420] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-postfix
D: [1086529420] 
cleanrules: /etc/logcheck/violations.ignore.d/logcheck-sendmail
D: [1086529420] 
cleanrules: /etc/logcheck/violations.ignore.d/logcheck-sendmail_tmp
D: [1086529420] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-spamd
D: [1086529420] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-su
D: [1086529420] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-sudo
D: [1086529421] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-usb
D: [1086529421] cleanrules: /etc/logcheck/violations.ignore.d/su
D: [1086529421] cleanrules: /etc/logcheck/ignore.d.server/arpwatch
D: [1086529422] cleanrules: /etc/logcheck/ignore.d.server/automount
D: [1086529422] cleanrules: /etc/logcheck/ignore.d.server/bind
D: [1086529422] cleanrules: /etc/logcheck/ignore.d.server/courier-imap
D: [1086529422] cleanrules: /etc/logcheck/ignore.d.server/courier-imap-ssl
D: [1086529422] cleanrules: /etc/logcheck/ignore.d.server/cron
D: [1086529422] cleanrules: /etc/logcheck/ignore.d.server/cyrus
D: [1086529422] cleanrules: /etc/logcheck/ignore.d.server/dhclient
D: [1086529422] cleanrules: /etc/logcheck/ignore.d.server/dhcp
D: [1086529422] cleanrules: /etc/logcheck/ignore.d.server/fetchmail
D: [1086529423] cleanrules: /etc/logcheck/ignore.d.server/imap
D: [1086529423] cleanrules: /etc/logcheck/ignore.d.server/imapd-ssl
D: [1086529423] cleanrules: /etc/logcheck/ignore.d.server/imp
D: [1086529424] cleanrules: /etc/logcheck/ignore.d.server/innd
D: [1086529424] cleanrules: /etc/logcheck/ignore.d.server/ipppd
D: [1086529424] cleanrules: /etc/logcheck/ignore.d.server/isdnlog
D: [1086529424] cleanrules: /etc/logcheck/ignore.d.server/isdnutils
D: [1086529424] cleanrules: /etc/logcheck/ignore.d.server/logcheck
D: [1086529424] cleanrules: /etc/logcheck/ignore.d.server/nntpcache
D: [1086529424] cleanrules: /etc/logcheck/ignore.d.server/ntp
D: [1086529424] cleanrules: /etc/logcheck/ignore.d.server/oidentd
D: [1086529424] cleanrules: /etc/logcheck/ignore.d.server/openvpn
D: [1086529424] cleanrules: /etc/logcheck/ignore.d.server/pop3d-ssl
D: [1086529425] cleanrules: /etc/logcheck/ignore.d.server/postfix
D: [1086529425] cleanrules: /etc/logcheck/ignore.d.server/ppp
D: [1086529425] cleanrules: /etc/logcheck/ignore.d.server/proftpd
D: [1086529425] cleanrules: /etc/logcheck/ignore.d.server/rpc_statd
D: [1086529426] cleanrules: /etc/logcheck/ignore.d.server/samba
D: [1086529426] cleanrules: /etc/logcheck/ignore.d.server/spamd
D: [1086529426] cleanrules: /etc/logcheck/ignore.d.server/squid
D: [1086529426] cleanrules: /etc/logcheck/ignore.d.server/ssh
D: [1086529426] cleanrules: /etc/logcheck/ignore.d.server/stunnel
D: [1086529426] cleanrules: /etc/logcheck/ignore.d.server/ucd-snmp
D: [1086529426] cleanrules: /etc/logcheck/ignore.d.server/uptimed
D: [1086529426] cleanrules: /etc/logcheck/ignore.d.paranoid/bind
D: [1086529427] cleanrules: /etc/logcheck/ignore.d.paranoid/cron
D: [1086529427] cleanrules: /etc/logcheck/ignore.d.paranoid/imap
D: [1086529427] cleanrules: /etc/logcheck/ignore.d.paranoid/logcheck
D: [1086529427] cleanrules: /etc/logcheck/ignore.d.paranoid/postfix
D: [1086529428] cleanrules: /etc/logcheck/ignore.d.paranoid/ppp
D: [1086529428] cleanrules: /etc/logcheck/ignore.d.paranoid/proftpd
D: [1086529428] cleanrules: /etc/logcheck/ignore.d.paranoid/qpopper
D: [1086529428] cleanrules: /etc/logcheck/ignore.d.paranoid/squid
D: [1086529428] cleanrules: /etc/logcheck/ignore.d.paranoid/ssh
D: [1086529428] cleanrules: /etc/logcheck/ignore.d.paranoid/stunnel
D: [1086529428] cleanrules: /etc/logcheck/ignore.d.paranoid/sysklogd
D: [1086529429] cleanrules: /etc/logcheck/ignore.d.paranoid/telnetd
D: [1086529429] Running logtail: /var/log/syslog
D: [1086529430] Running logtail: /var/log/auth.log
D: [1086529430] Sorting logs
D: [1086529430] Setting the Intro
D: [1086529430] Checking for security alerts
D: [1086529431] greplogoutput: logcheck
D: [1086529431] greplogoutput: returning 1
D: [1086529431] Checking for security events
D: [1086529431] greplogoutput: logcheck
D: [1086529432] greplogoutput: Entries in checked
D: [1086529432] Applying Logcheck override files
D: [1086529432] clean logcheck-<package>: hotplug
D: [1086529432] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/hotplug
D: [1086529432] clean logcheck-<package>: innd
D: [1086529432] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/innd
D: [1086529432] clean logcheck-<package>: logcheck-bind
D: [1086529432] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/logcheck-bind
D: [1086529432] clean logcheck-<package>: logcheck-innd
D: [1086529432] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/logcheck-innd
D: [1086529433] clean logcheck-<package>: logcheck-postfix
D: [1086529433] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/logcheck-postfix
D: [1086529433] clean logcheck-<package>: logcheck-sendmail
D: [1086529433] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/logcheck-sendmail
D: [1086529433] clean logcheck-<package>: logcheck-sendmail_tmp
D: [1086529433] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/logcheck-sendmail_tmp
D: [1086529434] clean logcheck-<package>: logcheck-spamd
D: [1086529434] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/logcheck-spamd
D: [1086529434] clean logcheck-<package>: logcheck-su
D: [1086529434] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/logcheck-su
D: [1086529434] clean logcheck-<package>: logcheck-sudo
D: [1086529434] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/logcheck-sudo
D: [1086529434] clean logcheck-<package>: logcheck-usb
D: [1086529434] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/logcheck-usb
D: [1086529434] clean logcheck-<package>: su
D: [1086529435] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/su
D: [1086529435] Cleaning logcheck
D: [1086529435] Cleaning logcheck: su
D: [1086529435] cleanchecked - 
file: /tmp/logcheck.XX15SXxJ/violations-ignore/su
D: [1086529435] Cleaning logcheck: sudo
D: [1086529435] error: Killing lockfile-touch - 19120
D: [1086529435] error: Removing lockfile: /var/lock/logcheck.lock
D: [1086529435] Error: cleanchecked: Not a file or a directory
D: [1086529436] cleanup: Killing lockfile-touch - 19120
/usr/sbin/logcheck: line 84: kill: (19120) - No such process
D: [1086529436] Cleanup: Removing - /tmp/logcheck.XX15SXxJ
-
-------------------------------------------------------------------------------------------


on another server (where logcheck run fine) :


D: [1086529390] Sourcing - /etc/logcheck/logcheck.conf
D: [1086529390] Finished getopts
D: [1086529390] Trying to get lockfile: /var/lock/logcheck.lock
D: [1086529390] Running lockfile-touch /var/lock/logcheck.lock
D: [1086529390] cleanrules: /etc/logcheck/cracking.d/logcheck
D: [1086529390] cleanrules: /etc/logcheck/violations.d/logcheck
D: [1086529390] cleanrules: /etc/logcheck/violations.d/su
D: [1086529390] cleanrules: /etc/logcheck/violations.d/sudo
D: [1086529390] cleanrules: /etc/logcheck/violations.ignore.d/innd
D: [1086529390] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-bind
D: [1086529390] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-innd
D: [1086529390] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-postfix
D: [1086529391] 
cleanrules: /etc/logcheck/violations.ignore.d/logcheck-sendmail
D: [1086529391] 
cleanrules: /etc/logcheck/violations.ignore.d/logcheck-sendmail_tmp
D: [1086529391] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-spamd
D: [1086529391] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-su
D: [1086529391] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-sudo
D: [1086529391] cleanrules: /etc/logcheck/violations.ignore.d/logcheck-usb
D: [1086529391] cleanrules: /etc/logcheck/violations.ignore.d/su
D: [1086529391] cleanrules: /etc/logcheck/ignore.d.server/arpwatch
D: [1086529391] cleanrules: /etc/logcheck/ignore.d.server/automount
D: [1086529391] cleanrules: /etc/logcheck/ignore.d.server/bind
D: [1086529391] cleanrules: /etc/logcheck/ignore.d.server/cron
D: [1086529391] cleanrules: /etc/logcheck/ignore.d.server/cyrus
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/dhclient
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/dhcp
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/imap
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/imapd-ssl
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/imp
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/innd
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/ipppd
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/isdnlog
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/isdnutils
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/logcheck
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/mysql-server
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/nntpcache
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/ntp
D: [1086529392] cleanrules: /etc/logcheck/ignore.d.server/oidentd
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/openvpn
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/pop3d-ssl
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/postfix
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/ppp
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/proftpd
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/rpc_statd
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/samba
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/spamd
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/squid
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/ssh
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/stunnel
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/ucd-snmp
D: [1086529393] cleanrules: /etc/logcheck/ignore.d.server/uptimed
D: [1086529394] cleanrules: /etc/logcheck/ignore.d.paranoid/bind
D: [1086529394] cleanrules: /etc/logcheck/ignore.d.paranoid/cron
D: [1086529394] cleanrules: /etc/logcheck/ignore.d.paranoid/imap
D: [1086529394] cleanrules: /etc/logcheck/ignore.d.paranoid/logcheck
D: [1086529394] cleanrules: /etc/logcheck/ignore.d.paranoid/postfix
D: [1086529394] cleanrules: /etc/logcheck/ignore.d.paranoid/ppp
D: [1086529394] cleanrules: /etc/logcheck/ignore.d.paranoid/proftpd
D: [1086529394] cleanrules: /etc/logcheck/ignore.d.paranoid/qpopper
D: [1086529394] cleanrules: /etc/logcheck/ignore.d.paranoid/squid
D: [1086529394] cleanrules: /etc/logcheck/ignore.d.paranoid/ssh
D: [1086529395] cleanrules: /etc/logcheck/ignore.d.paranoid/stunnel
D: [1086529395] cleanrules: /etc/logcheck/ignore.d.paranoid/sysklogd
D: [1086529395] cleanrules: /etc/logcheck/ignore.d.paranoid/telnetd
D: [1086529395] Running logtail: /var/log/syslog
D: [1086529396] Running logtail: /var/log/auth.log
D: [1086529396] Sorting logs
D: [1086529396] Setting the Intro
D: [1086529396] Checking for security alerts
D: [1086529396] greplogoutput: logcheck
D: [1086529396] greplogoutput: returning 1
D: [1086529396] Checking for security events
D: [1086529396] greplogoutput: logcheck
D: [1086529397] greplogoutput: su
D: [1086529397] greplogoutput: Entries in checked
D: [1086529397] cleanchecked - 
file: /tmp/logcheck.XXYJeJnw/violations-ignore/su
D: [1086529397] cleanchecked - 
file: /tmp/logcheck.XXYJeJnw/violations-ignore/logcheck-su
D: [1086529397] greplogoutput: sudo
D: [1086529397] greplogoutput: returning 1
D: [1086529397] Checking for system events
D: [1086529397] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore
D: [1086529397] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/arpwatch
D: [1086529397] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/automount
D: [1086529397] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/bind
D: [1086529398] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/cron
D: [1086529398] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/cyrus
D: [1086529398] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/dhclient
D: [1086529398] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/dhcp
D: [1086529398] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/imap
D: [1086529398] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/imapd-ssl
D: [1086529398] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/imp
D: [1086529399] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/innd
D: [1086529399] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/ipppd
D: [1086529399] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/isdnlog
D: [1086529399] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/isdnutils
D: [1086529399] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/logcheck
D: [1086529399] cleanchecked - dir 
- - /tmp/logcheck.XXYJeJnw/ignore/mysql-server
D: [1086529399] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/nntpcache
D: [1086529400] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/ntp
D: [1086529400] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/oidentd
D: [1086529400] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/openvpn
D: [1086529400] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/pop3d-ssl
D: [1086529400] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/postfix
D: [1086529406] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/ppp
D: [1086529406] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/proftpd
D: [1086529406] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/qpopper
D: [1086529406] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/rpc_statd
D: [1086529406] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/samba
D: [1086529407] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/spamd
D: [1086529407] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/squid
D: [1086529407] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/ssh
D: [1086529407] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/stunnel
D: [1086529407] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/sysklogd
D: [1086529407] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/telnetd
D: [1086529407] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/ucd-snmp
D: [1086529407] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/ignore/uptimed
D: [1086529408] Removing alerts from system events
D: [1086529408] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/cracking
D: [1086529408] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/cracking/logcheck
D: [1086529408] Removing violations from system events
D: [1086529408] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/violations
D: [1086529408] cleanchecked - dir 
- - /tmp/logcheck.XXYJeJnw/violations/logcheck
D: [1086529408] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/violations/su
D: [1086529408] cleanchecked - dir - /tmp/logcheck.XXYJeJnw/violations/sudo
D: [1086529409] report: cat'ing - System Events
D: [1086529409] Setting the footer text
D: [1086529409] Sending report: 'zeus 2004-06-06 15:43 System Events' to
root
D: [1086529409] cleanup: Killing lockfile-touch - 17881
D: [1086529409] cleanup: Removing lockfile: /var/lock/logcheck.lock
D: [1086529409] Cleanup: Removing - /tmp/logcheck.XXYJeJnw

-
--------------------------------------------------------------------------------------------------------------

any idea ?



- -- 
Damien Raude-Morvan - DrazziB
GPG : 0x337C7EBB
WWW : www.drazzib.com
ICQ : 68119943
TEL : (+33) 06 08 80 36 98
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAwyFZ927daDN8frsRAuADAKCA6cHdTTKJkVBy8cYOiGldDUJKJgCeNtkz
FxJEU7W88PH/226Xaof4d6k=qSdj
-----END PGP SIGNATURE-----

Damien Raude-Morvan

2004-Jun-06 14:21 UTC

head link

[Logcheck-devel] Bug#252966: Debug mode

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

To complete my report, I have run a diff. on the two servers (one with
logcheck working and the other with logcheck failing) :

- - md5sum on /usr/sbin/logcheck & logcheck.conf & /usr/sbin/logtail
the same md5's on both.

- - ll /var/lib/ on both
drwxr-xr-x ? ?2 logcheck logcheck ? ? 1024 Jun ?6 14:24 logcheck

- - ll /var/lib/logcheck on both
- -rw------- ? ?1 logcheck logcheck ? ? ? 13 Jun ?6 15:43
offset.var.log.auth.log
- -rw------- ? ?1 logcheck logcheck ? ? ? 13 Jun ?6 15:43 offset.var.log.syslog

- - cat /etc/passwd | grep logcheck on both
logcheck:x:107:107::/var/lib/logcheck:/bin/false

- - when I run logcheck from the command line on the non-working config, i get a
mail :
Warning: If you are seeing this message, your log files may not have been
checked!

Details:
cleanchecked: Not a file or a directory

Check temporary directory: /tmp/logcheck.XX15SXxJ

I hope this help ;(

D.
PS: Thank for your work, logcheck is a useful log checker !

- -- 
Damien Raude-Morvan - DrazziB
GPG : 0x337C7EBB
WWW : www.drazzib.com
ICQ : 68119943
TEL : (+33) 06 08 80 36 98
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAwyiB927daDN8frsRAk/pAJ4mpnbtwVK0GppyxPQU8YnQnC2nvACfYesr
wgeoReAij7hHk3solaFF3rU=nsN8
-----END PGP SIGNATURE-----

Logcheck devel - Jun 2004 - Bug#252966: Debug mode

[Logcheck-devel] Bug#252966: Debug mode

[Logcheck-devel] Bug#252966: Debug mode