Jari Aalto
2004-Aug-31 21:42 UTC
[Logcheck-devel] Bug#269315: logcheck: /etc/logcheck/ignore.d.server (add bind9 messages)
Package: logcheck Version: 1.2.26 Severity: wishlist Please add following bind9 server messages to ignore: i.e from below, everything that includex "zone.*loaded" + the other messages. Aug 16 20:24:27 ns named[3350]: shutting down: flushing changes Aug 16 20:24:27 ns named[3350]: stopping command channel on 127.0.0.1#953 Aug 16 20:24:27 ns named[3350]: stopping command channel on ::1#953 Aug 16 20:24:28 ns named[3350]: no longer listening on 127.0.0.1#53 Aug 16 20:24:28 ns named[3350]: no longer listening on 192.168.1.20#53 Aug 16 20:24:28 ns named[3348]: exiting Aug 16 20:24:30 ns named[25505]: starting BIND 9.2.4rc5 -u bind Aug 16 20:24:30 ns named[25505]: using 1 CPU Aug 16 20:24:30 ns named[25507]: listening on IPv4 interface lo, 127.0.0.1#53 Aug 16 20:24:30 ns named[25507]: listening on IPv4 interface eth1, 192.168.1.20#53 Aug 16 20:24:30 ns named[25507]: zone 127.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 16.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 17.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 18.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 19.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 20.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 21.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 22.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 23.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 24.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 25.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 26.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 27.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 28.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 29.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 30.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 31.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 168.192.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 1.168.192.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 255.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone localhost/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone cante.net/IN: loaded serial 2004040700 Aug 16 20:24:30 ns named[25507]: running -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.26.20040601 Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to en_US) Versions of packages logcheck depends on: ii adduser 3.59 Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.32 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii exim4 4.34-5 An MTA (Mail Transport Agent) ii exim4-daemon-hea 4.34-5 Exim (v4) with extended features, ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.26 A database of system log rules for ii logtail 1.2.26 Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-1 A simple mail user agent ii perl 5.8.4-2 Larry Wall's Practical Extraction ii sysklogd [system 1.4.1-15 System Logging Daemon -- debconf information: * logcheck/noroot: * logcheck/install-note: logcheck/changes:
Debian Bug Tracking System
2004-Sep-06 19:33 UTC
[Logcheck-devel] Bug#269315: marked as done (logcheck: /etc/logcheck/ignore.d.server (add bind9 messages))
Your message dated Mon, 6 Sep 2004 21:21:50 +0200 with message-id <20040906192150.GC1891 at stro.at> and subject line logcheck rule wishlist has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 31 Aug 2004 21:42:32 +0000>From jaalto at cante.net Tue Aug 31 14:42:32 2004Return-path: <jaalto at cante.net> Received: from fep30-0.kolumbus.fi (fep30-app.kolumbus.fi) [193.229.0.32] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1C2GOe-0008Ve-00; Tue, 31 Aug 2004 14:42:32 -0700 Received: from cante.net ([81.197.3.110]) by fep30-app.kolumbus.fi with ESMTP id <20040831214231.NNSM23396.fep30-app.kolumbus.fi at cante.net>; Wed, 1 Sep 2004 00:42:31 +0300 Received: from jaalto by cante.net with local (Exim 4.34) id 1C2GOO-0004o4-FD; Wed, 01 Sep 2004 00:42:30 +0300 MIME-Version: 1.0 From: Jari Aalto <jari.aalto at poboxes.com> To: Debian Bug Tracking System <submit at bugs.debian.org> X-Mailer: reportbug 2.64 Date: Wed, 01 Sep 2004 00:42:16 +0300 Message-Id: <E1C2GOO-0004o4-FD at cante.net> Sender: Jari Aalto <jaalto at cante.net> X-SA-Exim-Connect-IP: <locally generated> X-SA-Exim-Mail-From: jaalto at cante.net Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: logcheck: /etc/logcheck/ignore.d.server (add bind9 messages) X-SA-Exim-Version: 4.1 (built Tue, 17 Aug 2004 11:06:07 +0200) X-SA-Exim-Scanned: Yes (on cante.net) Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: logcheck Version: 1.2.26 Severity: wishlist Please add following bind9 server messages to ignore: i.e from below, everything that includex "zone.*loaded" + the other messages. Aug 16 20:24:27 ns named[3350]: shutting down: flushing changes Aug 16 20:24:27 ns named[3350]: stopping command channel on 127.0.0.1#953 Aug 16 20:24:27 ns named[3350]: stopping command channel on ::1#953 Aug 16 20:24:28 ns named[3350]: no longer listening on 127.0.0.1#53 Aug 16 20:24:28 ns named[3350]: no longer listening on 192.168.1.20#53 Aug 16 20:24:28 ns named[3348]: exiting Aug 16 20:24:30 ns named[25505]: starting BIND 9.2.4rc5 -u bind Aug 16 20:24:30 ns named[25505]: using 1 CPU Aug 16 20:24:30 ns named[25507]: listening on IPv4 interface lo, 127.0.0.1#53 Aug 16 20:24:30 ns named[25507]: listening on IPv4 interface eth1, 192.168.1.20#53 Aug 16 20:24:30 ns named[25507]: zone 127.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 16.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 17.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 18.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 19.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 20.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 21.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 22.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 23.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 24.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 25.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 26.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 27.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 28.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 29.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 30.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 31.172.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 168.192.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 1.168.192.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone 255.in-addr.arpa/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone localhost/IN: loaded serial 1 Aug 16 20:24:30 ns named[25507]: zone cante.net/IN: loaded serial 2004040700 Aug 16 20:24:30 ns named[25507]: running -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.26.20040601 Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL set to en_US) Versions of packages logcheck depends on: ii adduser 3.59 Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.32 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii exim4 4.34-5 An MTA (Mail Transport Agent) ii exim4-daemon-hea 4.34-5 Exim (v4) with extended features, ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.26 A database of system log rules for ii logtail 1.2.26 Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-1 A simple mail user agent ii perl 5.8.4-2 Larry Wall's Practical Extraction ii sysklogd [system 1.4.1-15 System Logging Daemon -- debconf information: * logcheck/noroot: * logcheck/install-note: logcheck/changes: --------------------------------------- Received: (at 269315-done) by bugs.debian.org; 6 Sep 2004 19:21:51 +0000>From max at stro.at Mon Sep 06 12:21:51 2004Return-path: <max at stro.at> Received: from baikonur.stro.at [213.239.196.228] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1C4P3n-0007K5-00; Mon, 06 Sep 2004 12:21:51 -0700 Received: from localhost (localhost [127.0.0.1]) by baikonur.stro.at (Postfix) with ESMTP id EE2F35C065; Mon, 6 Sep 2004 21:21:47 +0200 (CEST) Received: from baikonur.stro.at ([127.0.0.1]) by localhost (baikonur [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 19302-03; Mon, 6 Sep 2004 21:21:47 +0200 (CEST) Received: from sputnik (M777P004.adsl.highway.telekom.at [62.47.129.4]) by baikonur.stro.at (Postfix) with ESMTP id 787435C008; Mon, 6 Sep 2004 21:21:47 +0200 (CEST) Received: from max by sputnik with local (Exim 4.34) id 1C4P3m-0003YR-BW; Mon, 06 Sep 2004 21:21:50 +0200 Date: Mon, 6 Sep 2004 21:21:50 +0200 From: maks attems <debian at sternwelten.at> To: 269316-done at bugs.debian.org, 269323-done at bugs.debian.org, 269315-done at bugs.debian.org, 269312-done at bugs.debian.org Subject: logcheck rule wishlist Message-ID: <20040906192150.GC1891 at stro.at> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6+20040722i Sender: maximilian attems <max at stro.at> X-Virus-Scanned: by Amavis (ClamAV) at stro.at Delivered-To: 269315-done at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-1.0 required=4.0 tests=BAYES_00,RCVD_IN_DSBL autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: X-CrossAssassin-Score: 2 hello Jari Aalto, please for the next time: * check if your daemons are running in debug modus * check if your reported messages are worth to be ignored for normal operation mode. * propose good rules as described in /usr/share/doc/logcheck-database/README.logcheck-database.gz anyway thanks for your bug reports. -- maks
Maybe Matching Threads
- Bug#269318: logcheck: /etc/logcheck/ignore.d.server (add spamassassin)
- Bug#258427: logcheck/logtail didn't detect tampering logfile
- Bug#260573: logcheck: ignore.d.paranoid/cron and ignore.d.server/cron swapped
- Bug#312376: /etc/logcheck/logcheck.ignore is no longer read
- Bug#303661: logcheck-database: openntpd rules