Ross Boylan
2004-Sep-04 22:42 UTC
[Logcheck-devel] Bug#270019: logcheck-database: update and extend ppp/serial/parallel rules
Package: logcheck-database Version: 1.2.25 Severity: wishlist I get a fair amount of chatter related to the serial and parallel ports in my logs. In some cases, the logcheck ppp files attempt to screen out some of these items, but the messages seem to have drifted. Here are the rules I use. Obviously, they would need adjustment. chat\[[[:digit:]]+\]: kernel: lp0 off-line ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: parport[[:digit:]]: Printer, kernel: parport0: PC-style at 0x378 \[PCSPP\] wheat kernel: lp0: using parport0 \(polling\)\. # I get lots of PPP BSD Compression module registered # and Deflate Compression module registered # This rule obviously ignores all module registration, # which might or might not be a good thing. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:.* module registered # for CSLIP: code copyright 1989 Regents of the University of California # existing files attempt to screen this out ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: +CSLIP: code copyright pppd\[[[:digit:]]+\]: +Connect time [[:graph:]]+ minutes\.$ pppd\[[[:digit:]]+\]: +Connect: +ppp0 pppd\[[[:digit:]]+\]: +local IP address pppd\[[[:digit:]]+\]: +primary DNS address pppd\[[[:digit:]]+\]: +secondary +DNS address pppd\[[[:digit:]]+\]: +Cannot determine ethernet address for proxy ARP pppd\[[[:digit:]]+\]: +using channel pppd\[[[:digit:]]+\]: +(sent|rcvd) \[ pppd\[[[:digit:]]+\]: +Script /etc/ppp/ip-(up|down) (started|finished) pppd\[[[:digit:]]+\]: +script /etc/ppp/ip-(up|down), pid [[:digit:]]+ pppd\[[[:digit:]]+\]: +Waiting for pppd\[[[:digit:]]+\]: +PAP authentication succeeded pppd\[[[:digit:]]+\]: Perms of /dev/ttyS[[:digit:]] are ok, no 'mesg n' neccesary. pppd\[[[:digit:]]+\]: +Modem hangup$ -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.26advncdfs Locale: LANG=en_US, LC_CTYPE=en_US Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.30.2 Debian configuration management sy -- debconf information: * logcheck-database/rules-directories-note: * logcheck-database/standard-rename-note: * logcheck-database/conffile-cleanup: true * logcheck-database/security_level: workstation
maks attems
2004-Sep-28 15:26 UTC
Bug#270019: [Logcheck-devel] Bug#270019: logcheck-database: update and extend ppp/serial/parallel rules
On Sat, 04 Sep 2004, Ross Boylan wrote:> I get a fair amount of chatter related to the serial and parallel > ports in my logs. In some cases, the logcheck ppp files attempt to > screen out some of these items, but the messages seem to have drifted.please send rules according README.logcheck-database.gz that match a hole logline or those messages you name above. i'll wait a bit before closing that bug. a++ maks
Debian Bug Tracking System
2004-Oct-02 10:48 UTC
[Logcheck-devel] Bug#270019: marked as done (logcheck-database: update and extend ppp/serial/parallel rules)
Your message dated Sat, 2 Oct 2004 12:30:40 +0200 with message-id <20041002103040.GA2567 at stro.at> and subject line ppp/serial/parallel rules has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 4 Sep 2004 22:42:57 +0000>From RossBoylan at stanfordalumni.org Sat Sep 04 15:42:57 2004Return-path: <RossBoylan at stanfordalumni.org> Received: from mallard.mail.pas.earthlink.net [207.217.120.48] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1C3jFJ-0006VA-00; Sat, 04 Sep 2004 15:42:57 -0700 Received: from dialup-4.243.230.125.dial1.sanfrancisco1.level3.net ([4.243.230.125] helo=wheat.dslnorthwest.net) by mallard.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 1C3jFH-0003w6-00; Sat, 04 Sep 2004 15:42:56 -0700 Received: from ross by wheat.dslnorthwest.net with local (Exim 3.36 #1 (Debian)) id 1C3jFG-0005ct-00; Sat, 04 Sep 2004 15:42:54 -0700 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Ross Boylan <RossBoylan at stanfordalumni.org> To: Debian Bug Tracking System <submit at bugs.debian.org> CC: RossBoylan at stanfordalumni.org Subject: logcheck-database: update and extend ppp/serial/parallel rules X-Mailer: reportbug 2.63 Date: Sat, 04 Sep 2004 15:42:54 -0700 Message-Id: <E1C3jFG-0005ct-00 at wheat.dslnorthwest.net> Sender: Ross Boylan <RossBoylan at stanfordalumni.org> Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: logcheck-database Version: 1.2.25 Severity: wishlist I get a fair amount of chatter related to the serial and parallel ports in my logs. In some cases, the logcheck ppp files attempt to screen out some of these items, but the messages seem to have drifted. Here are the rules I use. Obviously, they would need adjustment. chat\[[[:digit:]]+\]: kernel: lp0 off-line ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: parport[[:digit:]]: Printer, kernel: parport0: PC-style at 0x378 \[PCSPP\] wheat kernel: lp0: using parport0 \(polling\)\. # I get lots of PPP BSD Compression module registered # and Deflate Compression module registered # This rule obviously ignores all module registration, # which might or might not be a good thing. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:.* module registered # for CSLIP: code copyright 1989 Regents of the University of California # existing files attempt to screen this out ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: +CSLIP: code copyright pppd\[[[:digit:]]+\]: +Connect time [[:graph:]]+ minutes\.$ pppd\[[[:digit:]]+\]: +Connect: +ppp0 pppd\[[[:digit:]]+\]: +local IP address pppd\[[[:digit:]]+\]: +primary DNS address pppd\[[[:digit:]]+\]: +secondary +DNS address pppd\[[[:digit:]]+\]: +Cannot determine ethernet address for proxy ARP pppd\[[[:digit:]]+\]: +using channel pppd\[[[:digit:]]+\]: +(sent|rcvd) \[ pppd\[[[:digit:]]+\]: +Script /etc/ppp/ip-(up|down) (started|finished) pppd\[[[:digit:]]+\]: +script /etc/ppp/ip-(up|down), pid [[:digit:]]+ pppd\[[[:digit:]]+\]: +Waiting for pppd\[[[:digit:]]+\]: +PAP authentication succeeded pppd\[[[:digit:]]+\]: Perms of /dev/ttyS[[:digit:]] are ok, no 'mesg n' neccesary. pppd\[[[:digit:]]+\]: +Modem hangup$ -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.26advncdfs Locale: LANG=en_US, LC_CTYPE=en_US Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.30.2 Debian configuration management sy -- debconf information: * logcheck-database/rules-directories-note: * logcheck-database/standard-rename-note: * logcheck-database/conffile-cleanup: true * logcheck-database/security_level: workstation --------------------------------------- Received: (at 270019-done) by bugs.debian.org; 2 Oct 2004 10:30:30 +0000>From max at stro.at Sat Oct 02 03:30:29 2004Return-path: <max at stro.at> Received: from baikonur.stro.at [213.239.196.228] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CDh9p-0007B2-00; Sat, 02 Oct 2004 03:30:29 -0700 Received: from localhost (localhost [127.0.0.1]) by baikonur.stro.at (Postfix) with ESMTP id BE8B45C06C for <270019-done at bugs.debian.org>; Sat, 2 Oct 2004 12:30:25 +0200 (CEST) Received: from baikonur.stro.at ([127.0.0.1]) by localhost (baikonur [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 26530-03 for <270019-done at bugs.debian.org>; Sat, 2 Oct 2004 12:30:25 +0200 (CEST) Received: from sputnik (stallburg.stro.at [128.131.216.190]) by baikonur.stro.at (Postfix) with ESMTP id 583935C034 for <270019-done at bugs.debian.org>; Sat, 2 Oct 2004 12:30:25 +0200 (CEST) Received: from max by sputnik with local (Exim 4.34) id 1CDhA0-0000g8-JK for 270019-done at bugs.debian.org; Sat, 02 Oct 2004 12:30:40 +0200 Date: Sat, 2 Oct 2004 12:30:40 +0200 From: maks attems <debian at sternwelten.at> To: 270019-done at bugs.debian.org Subject: ppp/serial/parallel rules Message-ID: <20041002103040.GA2567 at stro.at> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.6+20040722i Sender: maximilian attems <max at stro.at> X-Virus-Scanned: by Amavis (ClamAV) at stro.at Delivered-To: 270019-done at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: X-CrossAssassin-Score: 2 closing, please follow README.logcheck-database.gz the next time and or post the loglines without the startup noise. -- maks
Debian Bug Tracking System
2004-Oct-17 00:03 UTC
[Logcheck-devel] Bug#270019: marked as done (logcheck-database: update and extend ppp/serial/parallel rules)
Your message dated Sat, 16 Oct 2004 19:47:08 -0400 with message-id <E1CIyGS-0006ns-00 at newraff.debian.org> and subject line Bug#270019: fixed in logcheck 1.2.29 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 4 Sep 2004 22:42:57 +0000>From RossBoylan at stanfordalumni.org Sat Sep 04 15:42:57 2004Return-path: <RossBoylan at stanfordalumni.org> Received: from mallard.mail.pas.earthlink.net [207.217.120.48] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1C3jFJ-0006VA-00; Sat, 04 Sep 2004 15:42:57 -0700 Received: from dialup-4.243.230.125.dial1.sanfrancisco1.level3.net ([4.243.230.125] helo=wheat.dslnorthwest.net) by mallard.mail.pas.earthlink.net with esmtp (Exim 3.33 #1) id 1C3jFH-0003w6-00; Sat, 04 Sep 2004 15:42:56 -0700 Received: from ross by wheat.dslnorthwest.net with local (Exim 3.36 #1 (Debian)) id 1C3jFG-0005ct-00; Sat, 04 Sep 2004 15:42:54 -0700 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Ross Boylan <RossBoylan at stanfordalumni.org> To: Debian Bug Tracking System <submit at bugs.debian.org> CC: RossBoylan at stanfordalumni.org Subject: logcheck-database: update and extend ppp/serial/parallel rules X-Mailer: reportbug 2.63 Date: Sat, 04 Sep 2004 15:42:54 -0700 Message-Id: <E1C3jFG-0005ct-00 at wheat.dslnorthwest.net> Sender: Ross Boylan <RossBoylan at stanfordalumni.org> Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: logcheck-database Version: 1.2.25 Severity: wishlist I get a fair amount of chatter related to the serial and parallel ports in my logs. In some cases, the logcheck ppp files attempt to screen out some of these items, but the messages seem to have drifted. Here are the rules I use. Obviously, they would need adjustment. chat\[[[:digit:]]+\]: kernel: lp0 off-line ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: parport[[:digit:]]: Printer, kernel: parport0: PC-style at 0x378 \[PCSPP\] wheat kernel: lp0: using parport0 \(polling\)\. # I get lots of PPP BSD Compression module registered # and Deflate Compression module registered # This rule obviously ignores all module registration, # which might or might not be a good thing. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:.* module registered # for CSLIP: code copyright 1989 Regents of the University of California # existing files attempt to screen this out ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: +CSLIP: code copyright pppd\[[[:digit:]]+\]: +Connect time [[:graph:]]+ minutes\.$ pppd\[[[:digit:]]+\]: +Connect: +ppp0 pppd\[[[:digit:]]+\]: +local IP address pppd\[[[:digit:]]+\]: +primary DNS address pppd\[[[:digit:]]+\]: +secondary +DNS address pppd\[[[:digit:]]+\]: +Cannot determine ethernet address for proxy ARP pppd\[[[:digit:]]+\]: +using channel pppd\[[[:digit:]]+\]: +(sent|rcvd) \[ pppd\[[[:digit:]]+\]: +Script /etc/ppp/ip-(up|down) (started|finished) pppd\[[[:digit:]]+\]: +script /etc/ppp/ip-(up|down), pid [[:digit:]]+ pppd\[[[:digit:]]+\]: +Waiting for pppd\[[[:digit:]]+\]: +PAP authentication succeeded pppd\[[[:digit:]]+\]: Perms of /dev/ttyS[[:digit:]] are ok, no 'mesg n' neccesary. pppd\[[[:digit:]]+\]: +Modem hangup$ -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing'), (50, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.26advncdfs Locale: LANG=en_US, LC_CTYPE=en_US Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.30.2 Debian configuration management sy -- debconf information: * logcheck-database/rules-directories-note: * logcheck-database/standard-rename-note: * logcheck-database/conffile-cleanup: true * logcheck-database/security_level: workstation --------------------------------------- Received: (at 270019-close) by bugs.debian.org; 16 Oct 2004 23:53:06 +0000>From katie at ftp-master.debian.org Sat Oct 16 16:53:06 2004Return-path: <katie at ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CIyME-0006lq-00; Sat, 16 Oct 2004 16:53:06 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1CIyGS-0006ns-00; Sat, 16 Oct 2004 19:47:08 -0400 From: Todd Troxell <ttroxell at debian.org> To: 270019-close at bugs.debian.org X-Katie: $Revision: 1.51 $ Subject: Bug#270019: fixed in logcheck 1.2.29 Message-Id: <E1CIyGS-0006ns-00 at newraff.debian.org> Sender: Archive Administrator <katie at ftp-master.debian.org> Date: Sat, 16 Oct 2004 19:47:08 -0400 Delivered-To: 270019-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Source: logcheck Source-Version: 1.2.29 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.29_all.deb to pool/main/l/logcheck/logcheck-database_1.2.29_all.deb logcheck_1.2.29.dsc to pool/main/l/logcheck/logcheck_1.2.29.dsc logcheck_1.2.29.tar.gz to pool/main/l/logcheck/logcheck_1.2.29.tar.gz logcheck_1.2.29_all.deb to pool/main/l/logcheck/logcheck_1.2.29_all.deb logtail_1.2.29_all.deb to pool/main/l/logcheck/logtail_1.2.29_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 270019 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Saturday, 16 Oct 2004 19:14:03 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.29 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 270019 270677 272969 273433 276063 276317 Changes: logcheck (1.2.29) unstable; urgency=low . maks: * Don't report sudo calls where pwd contains spaces (Closes: #272969) * Fix trailing space in perdition rule. (Closes: #273433) * Small documentation update how to test rules without fiddling with trailing space. * sed fine tuning to speed up + remove trailing tabs. thanks alfie * Don't use -m switch from sort, it basically disables sorting. Remove gratious call to uniq that should be done with SORTUNIQ. (Closes: #270677) * Add violations.ignore.d/su on old logfiles to be removed on sarge upgrade. * Add rules for kdm/wdm/xdm, kernel (usb, keyboard) on level workstation. * Only show "rules-directories-note" on upgrade. * Enhance ppp rules on level workstation. (Closes: #270019) Add pppoa3 rules to the ppp rules. * Small update concerning reject messages in postfix + new rule. * Added pptpd rules at level workstation. thanks to Erich Schubert <erich at debian.org> * Added first pure-ftpd rules at level server. * Fix cyrus violations.ignore.d rules for higher pids. todd: * Add 1 dovecot rule * Fix another permission issue involving rulefiles. Added chown to debian/ rules. * Simpler formatting on version string. jamie: * Updated rules for innd, added rule for cleanfeed. * Small correction to gps rules. * Added SPF postfix policy server rule for 'SPF pass'. * Fix spelling mistake in dhcp rules. (Closes: #276063) * Change dhcp rules to reflect ISC's change of name. Thanks to Dirk Prosdorf for the patch. (Closes: #276317) Files: f7720d493d22ecc98da401f694d4b894 668 admin optional logcheck_1.2.29.dsc 6eb2aca5a62e1506ff9da91f70c5c5dc 83385 admin optional logcheck_1.2.29.tar.gz a16f72d33f2f74b99454ed59ff088e14 40122 admin optional logcheck_1.2.29_all.deb 22c9bc92215aa4917125903264492df0 50294 admin optional logcheck-database_1.2.29_all.deb 0be6a2f4354e5eb85654aeab28020c4e 23734 admin optional logtail_1.2.29_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBcawf4u3oQ3FHP2YRAploAKCeVtHWvKgupv3HIiRtX3b2nt2nZACeJ8Xu oHXCzqSgmE6v9mCNWbspCNY=qAeK -----END PGP SIGNATURE-----