Logcheck devel - Sep 2004 - Bug#270019: logcheck-database: update and extend ppp/serial/parallel rules

Package: logcheck-database
Version: 1.2.25
Severity: wishlist

I get a fair amount of chatter related to the serial and parallel
ports in my logs.  In some cases, the logcheck ppp files attempt to
screen out some of these items, but the messages seem to have drifted.

Here are the rules I use.  Obviously, they would need adjustment.
chat\[[[:digit:]]+\]: 
kernel: lp0 off-line
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: parport[[:digit:]]: Printer,
kernel: parport0: PC-style at 0x378 \[PCSPP\]
wheat kernel: lp0: using parport0 \(polling\)\.
# I get lots of PPP BSD Compression module registered
# and Deflate Compression module registered
# This rule obviously ignores all module registration,
# which might or might not be a good thing.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:.* module registered

# for CSLIP: code copyright 1989 Regents of the University of California
# existing files attempt to screen this out
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: +CSLIP: code copyright

pppd\[[[:digit:]]+\]: +Connect time [[:graph:]]+ minutes\.$
pppd\[[[:digit:]]+\]: +Connect: +ppp0
pppd\[[[:digit:]]+\]: +local  IP address
pppd\[[[:digit:]]+\]: +primary   DNS address
pppd\[[[:digit:]]+\]: +secondary +DNS address
pppd\[[[:digit:]]+\]: +Cannot determine ethernet address for proxy ARP
pppd\[[[:digit:]]+\]: +using channel
pppd\[[[:digit:]]+\]: +(sent|rcvd) \[
pppd\[[[:digit:]]+\]: +Script /etc/ppp/ip-(up|down) (started|finished)
pppd\[[[:digit:]]+\]: +script /etc/ppp/ip-(up|down), pid [[:digit:]]+
pppd\[[[:digit:]]+\]: +Waiting for
pppd\[[[:digit:]]+\]: +PAP authentication succeeded
pppd\[[[:digit:]]+\]: Perms of /dev/ttyS[[:digit:]] are ok, no 'mesg n'
neccesary.
pppd\[[[:digit:]]+\]: +Modem hangup$


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.26advncdfs
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.30.2   Debian configuration management sy

-- debconf information:
* logcheck-database/rules-directories-note:
* logcheck-database/standard-rename-note:
* logcheck-database/conffile-cleanup: true
* logcheck-database/security_level: workstation

On Sat, 04 Sep 2004, Ross Boylan wrote:
> I get a fair amount of chatter related to the serial and parallel
> ports in my logs.  In some cases, the logcheck ppp files attempt to
> screen out some of these items, but the messages seem to have drifted.
please send rules according README.logcheck-database.gz  that match a hole
logline or those messages you name above.
i'll wait a bit before closing that bug.

a++ maks

Your message dated Sat, 2 Oct 2004 12:30:40 +0200
with message-id <20041002103040.GA2567 at stro.at>
and subject line ppp/serial/parallel rules
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Sep 2004 22:42:57
+0000
>From RossBoylan at stanfordalumni.org Sat Sep 04 15:42:57 2004
Return-path: <RossBoylan at stanfordalumni.org>
Received: from mallard.mail.pas.earthlink.net [207.217.120.48] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1C3jFJ-0006VA-00; Sat, 04 Sep 2004 15:42:57 -0700
Received: from dialup-4.243.230.125.dial1.sanfrancisco1.level3.net
([4.243.230.125] helo=wheat.dslnorthwest.net)
	by mallard.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 1C3jFH-0003w6-00; Sat, 04 Sep 2004 15:42:56 -0700
Received: from ross by wheat.dslnorthwest.net with local (Exim 3.36 #1 (Debian))
	id 1C3jFG-0005ct-00; Sat, 04 Sep 2004 15:42:54 -0700
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Ross Boylan <RossBoylan at stanfordalumni.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
CC: RossBoylan at stanfordalumni.org
Subject: logcheck-database: update and extend ppp/serial/parallel rules
X-Mailer: reportbug 2.63
Date: Sat, 04 Sep 2004 15:42:54 -0700
Message-Id: <E1C3jFG-0005ct-00 at wheat.dslnorthwest.net>
Sender: Ross Boylan <RossBoylan at stanfordalumni.org>
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: logcheck-database
Version: 1.2.25
Severity: wishlist

I get a fair amount of chatter related to the serial and parallel
ports in my logs.  In some cases, the logcheck ppp files attempt to
screen out some of these items, but the messages seem to have drifted.

Here are the rules I use.  Obviously, they would need adjustment.
chat\[[[:digit:]]+\]: 
kernel: lp0 off-line
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: parport[[:digit:]]: Printer,
kernel: parport0: PC-style at 0x378 \[PCSPP\]
wheat kernel: lp0: using parport0 \(polling\)\.
# I get lots of PPP BSD Compression module registered
# and Deflate Compression module registered
# This rule obviously ignores all module registration,
# which might or might not be a good thing.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:.* module registered

# for CSLIP: code copyright 1989 Regents of the University of California
# existing files attempt to screen this out
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: +CSLIP: code copyright

pppd\[[[:digit:]]+\]: +Connect time [[:graph:]]+ minutes\.$
pppd\[[[:digit:]]+\]: +Connect: +ppp0
pppd\[[[:digit:]]+\]: +local  IP address
pppd\[[[:digit:]]+\]: +primary   DNS address
pppd\[[[:digit:]]+\]: +secondary +DNS address
pppd\[[[:digit:]]+\]: +Cannot determine ethernet address for proxy ARP
pppd\[[[:digit:]]+\]: +using channel
pppd\[[[:digit:]]+\]: +(sent|rcvd) \[
pppd\[[[:digit:]]+\]: +Script /etc/ppp/ip-(up|down) (started|finished)
pppd\[[[:digit:]]+\]: +script /etc/ppp/ip-(up|down), pid [[:digit:]]+
pppd\[[[:digit:]]+\]: +Waiting for
pppd\[[[:digit:]]+\]: +PAP authentication succeeded
pppd\[[[:digit:]]+\]: Perms of /dev/ttyS[[:digit:]] are ok, no 'mesg n'
neccesary.
pppd\[[[:digit:]]+\]: +Modem hangup$


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.26advncdfs
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.30.2   Debian configuration management sy

-- debconf information:
* logcheck-database/rules-directories-note:
* logcheck-database/standard-rename-note:
* logcheck-database/conffile-cleanup: true
* logcheck-database/security_level: workstation

---------------------------------------
Received: (at 270019-done) by bugs.debian.org; 2 Oct 2004 10:30:30
+0000
>From max at stro.at Sat Oct 02 03:30:29 2004
Return-path: <max at stro.at>
Received: from baikonur.stro.at [213.239.196.228] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CDh9p-0007B2-00; Sat, 02 Oct 2004 03:30:29 -0700
Received: from localhost (localhost [127.0.0.1])
	by baikonur.stro.at (Postfix) with ESMTP id BE8B45C06C
	for <270019-done at bugs.debian.org>; Sat,  2 Oct 2004 12:30:25 +0200
(CEST)
Received: from baikonur.stro.at ([127.0.0.1])
	by localhost (baikonur [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 26530-03 for <270019-done at bugs.debian.org>;
	Sat, 2 Oct 2004 12:30:25 +0200 (CEST)
Received: from sputnik (stallburg.stro.at [128.131.216.190])
	by baikonur.stro.at (Postfix) with ESMTP id 583935C034
	for <270019-done at bugs.debian.org>; Sat,  2 Oct 2004 12:30:25 +0200
(CEST)
Received: from max by sputnik with local (Exim 4.34)
	id 1CDhA0-0000g8-JK
	for 270019-done at bugs.debian.org; Sat, 02 Oct 2004 12:30:40 +0200
Date: Sat, 2 Oct 2004 12:30:40 +0200
From: maks attems <debian at sternwelten.at>
To: 270019-done at bugs.debian.org
Subject: ppp/serial/parallel rules
Message-ID: <20041002103040.GA2567 at stro.at>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040722i
Sender: maximilian attems <max at stro.at>
X-Virus-Scanned: by Amavis (ClamAV) at stro.at
Delivered-To: 270019-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 
X-CrossAssassin-Score: 2

closing, please follow README.logcheck-database.gz the next time
and or post the loglines without the startup noise.


--
maks

Your message dated Sat, 16 Oct 2004 19:47:08 -0400
with message-id <E1CIyGS-0006ns-00 at newraff.debian.org>
and subject line Bug#270019: fixed in logcheck 1.2.29
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 4 Sep 2004 22:42:57
+0000
>From RossBoylan at stanfordalumni.org Sat Sep 04 15:42:57 2004
Return-path: <RossBoylan at stanfordalumni.org>
Received: from mallard.mail.pas.earthlink.net [207.217.120.48] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1C3jFJ-0006VA-00; Sat, 04 Sep 2004 15:42:57 -0700
Received: from dialup-4.243.230.125.dial1.sanfrancisco1.level3.net
([4.243.230.125] helo=wheat.dslnorthwest.net)
	by mallard.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 1C3jFH-0003w6-00; Sat, 04 Sep 2004 15:42:56 -0700
Received: from ross by wheat.dslnorthwest.net with local (Exim 3.36 #1 (Debian))
	id 1C3jFG-0005ct-00; Sat, 04 Sep 2004 15:42:54 -0700
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Ross Boylan <RossBoylan at stanfordalumni.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
CC: RossBoylan at stanfordalumni.org
Subject: logcheck-database: update and extend ppp/serial/parallel rules
X-Mailer: reportbug 2.63
Date: Sat, 04 Sep 2004 15:42:54 -0700
Message-Id: <E1C3jFG-0005ct-00 at wheat.dslnorthwest.net>
Sender: Ross Boylan <RossBoylan at stanfordalumni.org>
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: logcheck-database
Version: 1.2.25
Severity: wishlist

I get a fair amount of chatter related to the serial and parallel
ports in my logs.  In some cases, the logcheck ppp files attempt to
screen out some of these items, but the messages seem to have drifted.

Here are the rules I use.  Obviously, they would need adjustment.
chat\[[[:digit:]]+\]: 
kernel: lp0 off-line
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: parport[[:digit:]]: Printer,
kernel: parport0: PC-style at 0x378 \[PCSPP\]
wheat kernel: lp0: using parport0 \(polling\)\.
# I get lots of PPP BSD Compression module registered
# and Deflate Compression module registered
# This rule obviously ignores all module registration,
# which might or might not be a good thing.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:.* module registered

# for CSLIP: code copyright 1989 Regents of the University of California
# existing files attempt to screen this out
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: +CSLIP: code copyright

pppd\[[[:digit:]]+\]: +Connect time [[:graph:]]+ minutes\.$
pppd\[[[:digit:]]+\]: +Connect: +ppp0
pppd\[[[:digit:]]+\]: +local  IP address
pppd\[[[:digit:]]+\]: +primary   DNS address
pppd\[[[:digit:]]+\]: +secondary +DNS address
pppd\[[[:digit:]]+\]: +Cannot determine ethernet address for proxy ARP
pppd\[[[:digit:]]+\]: +using channel
pppd\[[[:digit:]]+\]: +(sent|rcvd) \[
pppd\[[[:digit:]]+\]: +Script /etc/ppp/ip-(up|down) (started|finished)
pppd\[[[:digit:]]+\]: +script /etc/ppp/ip-(up|down), pid [[:digit:]]+
pppd\[[[:digit:]]+\]: +Waiting for
pppd\[[[:digit:]]+\]: +PAP authentication succeeded
pppd\[[[:digit:]]+\]: Perms of /dev/ttyS[[:digit:]] are ok, no 'mesg n'
neccesary.
pppd\[[[:digit:]]+\]: +Modem hangup$


-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (50, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.26advncdfs
Locale: LANG=en_US, LC_CTYPE=en_US

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.30.2   Debian configuration management sy

-- debconf information:
* logcheck-database/rules-directories-note:
* logcheck-database/standard-rename-note:
* logcheck-database/conffile-cleanup: true
* logcheck-database/security_level: workstation

---------------------------------------
Received: (at 270019-close) by bugs.debian.org; 16 Oct 2004 23:53:06
+0000
>From katie at ftp-master.debian.org Sat Oct 16 16:53:06 2004
Return-path: <katie at ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CIyME-0006lq-00; Sat, 16 Oct 2004 16:53:06 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1CIyGS-0006ns-00; Sat, 16 Oct 2004 19:47:08 -0400
From: Todd Troxell <ttroxell at debian.org>
To: 270019-close at bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#270019: fixed in logcheck 1.2.29
Message-Id: <E1CIyGS-0006ns-00 at newraff.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Sat, 16 Oct 2004 19:47:08 -0400
Delivered-To: 270019-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Source: logcheck
Source-Version: 1.2.29

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:

logcheck-database_1.2.29_all.deb
  to pool/main/l/logcheck/logcheck-database_1.2.29_all.deb
logcheck_1.2.29.dsc
  to pool/main/l/logcheck/logcheck_1.2.29.dsc
logcheck_1.2.29.tar.gz
  to pool/main/l/logcheck/logcheck_1.2.29.tar.gz
logcheck_1.2.29_all.deb
  to pool/main/l/logcheck/logcheck_1.2.29_all.deb
logtail_1.2.29_all.deb
  to pool/main/l/logcheck/logtail_1.2.29_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 270019 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Saturday, 16 Oct 2004 19:14:03 -0500
Source: logcheck
Binary: logcheck logtail logcheck-database
Architecture: source all
Version: 1.2.29
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel at
lists.alioth.debian.org>
Changed-By: Todd Troxell <ttroxell at debian.org>
Description: 
 logcheck   - Mails anomalies in the system logfiles to the administrator
 logcheck-database - A database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read
Closes: 270019 270677 272969 273433 276063 276317
Changes: 
 logcheck (1.2.29) unstable; urgency=low
 .
   maks:
   * Don't report sudo calls where pwd contains spaces (Closes: #272969)
   * Fix trailing space in perdition rule. (Closes: #273433)
   * Small documentation update how to test rules without fiddling with
     trailing space.
   * sed fine tuning to speed up + remove trailing tabs. thanks alfie
   * Don't use -m switch from sort, it basically disables sorting.
     Remove gratious call to uniq that should be done with SORTUNIQ.
     (Closes: #270677)
   * Add violations.ignore.d/su on old logfiles to be removed on sarge upgrade.
   * Add rules for kdm/wdm/xdm, kernel (usb, keyboard) on level workstation.
   * Only show "rules-directories-note" on upgrade.
   * Enhance ppp rules on level workstation. (Closes: #270019)
     Add pppoa3 rules to the ppp rules.
   * Small update concerning reject messages in postfix + new rule.
   * Added pptpd rules at level workstation.
     thanks to Erich Schubert <erich at debian.org>
   * Added first pure-ftpd rules at level server.
   * Fix cyrus violations.ignore.d rules for higher pids.
   todd:
   * Add 1 dovecot rule
   * Fix another permission issue involving rulefiles.  Added chown to debian/
   rules.
   * Simpler formatting on version string.
   jamie:
   * Updated rules for innd, added rule for cleanfeed.
   * Small correction to gps rules.
   * Added SPF postfix policy server rule for 'SPF pass'.
   * Fix spelling mistake in dhcp rules. (Closes: #276063)
   * Change dhcp rules to reflect ISC's change of name.
     Thanks to Dirk Prosdorf for the patch. (Closes: #276317)
Files: 
 f7720d493d22ecc98da401f694d4b894 668 admin optional logcheck_1.2.29.dsc
 6eb2aca5a62e1506ff9da91f70c5c5dc 83385 admin optional logcheck_1.2.29.tar.gz
 a16f72d33f2f74b99454ed59ff088e14 40122 admin optional logcheck_1.2.29_all.deb
 22c9bc92215aa4917125903264492df0 50294 admin optional
logcheck-database_1.2.29_all.deb
 0be6a2f4354e5eb85654aeab28020c4e 23734 admin optional logtail_1.2.29_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBcawf4u3oQ3FHP2YRAploAKCeVtHWvKgupv3HIiRtX3b2nt2nZACeJ8Xu
oHXCzqSgmE6v9mCNWbspCNY=qAeK
-----END PGP SIGNATURE-----