Jamie L. Penman-Smithson
2004-Sep-06 01:24 UTC
[Logcheck-devel] Bug#270191: logcheck: rules for perdition
Package: logcheck
Version: 1.2.26
Severity: minor
Running perdition (an IMAP and POP proxy) means a lot of messages to syslog:
Sep 6 01:10:13 evenstar perdition[27813]: Connect:
82.133.58.132->82.133.58.132
Sep 6 01:10:14 evenstar perdition[27813]: Auth:
82.133.58.132->82.133.58.132 user="accounts.pinklemon.net"
server="lorien.silverdream.org" port="110"
status="ok"
Sep 6 01:10:14 evenstar perdition[27813]: Close:
82.133.58.132->82.133.58.132 user="accounts.pinklemon.net"
received=12
sent=14
Sep 6 01:10:14 evenstar perdition[27814]: Connect:
82.133.58.132->82.133.58.132
Sep 6 01:10:14 evenstar perdition[27814]: Auth:
82.133.58.132->82.133.58.132 user="postmaster.pinklemon.net"
server="lorien.silverdream.org" port="110"
status="ok"
Sep 6 01:10:14 evenstar perdition[27814]: Close:
82.133.58.132->82.133.58.132 user="postmaster.pinklemon.net"
received=12
sent=14
The following regexps match the above messages, they've been tested to
work on my system:
Connect:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect:
[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
$
Auth:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Auth:
[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
user=\"[[:alnum:]+[:punct:]+]+\"
server=\"[[:alnum:]+[:punct:]]+\" port=\"[0-9]+\"
status=\"ok\"$
Close:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Close:
[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}
user=\"[[:alnum:]+[:punct:]+]+\" received=[0-9]+ sent=[0-9]+$
Thanks for all the effort you've put into logcheck :)
--
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
w: http://www.silverdream.org | p: sms at silverdream.org
pgp key @ http://silverdream.org/~jps/pub.key
04:30:01 up 2 days, 13:39, 13 users, load average: 2.10, 2.19, 2.31
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040906/7c5f3077/attachment.pgp
Todd Troxell
2004-Sep-06 03:22 UTC
Bug#270191: [Logcheck-devel] Bug#270191: logcheck: rules for perdition
Thanks! Applied. This will be in tomorrow's release. On Mon, Sep 06, 2004 at 02:24:33AM +0100, Jamie L. Penman-Smithson wrote:> Connect: > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} $ > Auth: > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Auth: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} user=\"[[:alnum:]+[:punct:]+]+\" server=\"[[:alnum:]+[:punct:]]+\" port=\"[0-9]+\" status=\"ok\"$ > Close: > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Close: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} user=\"[[:alnum:]+[:punct:]+]+\" received=[0-9]+ sent=[0-9]+$-- [ Todd J. Troxell ,''`. Student, Debian GNU/Linux Developer, SysAdmin, Geek : :' : http://debian.org || http://rapidpacket.com/~xtat `. `' `- ] -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040905/64adfaba/attachment.pgp
Debian Bug Tracking System
2004-Sep-07 00:03 UTC
[Logcheck-devel] Bug#270191: marked as done (logcheck: rules for perdition)
Your message dated Mon, 06 Sep 2004 19:47:03 -0400 with message-id <E1C4TCR-0008R1-00 at newraff.debian.org> and subject line Bug#270191: fixed in logcheck 1.2.27 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 6 Sep 2004 01:25:12 +0000>From jamie at silverdream.org Sun Sep 05 18:25:12 2004Return-path: <jamie at silverdream.org> Received: from lorien.silverdream.org [82.133.58.131] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1C48Fs-0000nG-00; Sun, 05 Sep 2004 18:25:12 -0700 Received: from localhost (localhost [127.0.0.1]) by lorien.silverdream.org (Postfix) with ESMTP id DF661482D9BA for <submit at bugs.debian.org>; Mon, 6 Sep 2004 02:24:38 +0100 (BST) Received: from lorien.silverdream.org ([127.0.0.1]) by localhost (lorien.silverdream.org [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 05985-04 for <submit at bugs.debian.org>; Mon, 6 Sep 2004 02:24:33 +0100 (BST) Received: from oasis.silverdream.hq (pegasus.pinklemon.net [82.133.58.129]) (using SSLv3 with cipher RC4-MD5 (128/128 bits)) (Client did not present a certificate) by lorien.silverdream.org (Postfix) with ESMTP id 8E52A482D9B9 for <submit at bugs.debian.org>; Mon, 6 Sep 2004 02:24:33 +0100 (BST) Subject: logcheck: rules for perdition From: "Jamie L. Penman-Smithson" <jamie at silverdream.org> Reply-To: jamie at silverdream.org To: submit at bugs.debian.org Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-a3/lElfEy0Gp88+h6Apj" Organization: PinkLemon Internet Services Message-Id: <1094433872.9787.14.camel at oasis.silverdream.hq> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 Date: Mon, 06 Sep 2004 02:24:33 +0100 X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at silverdream.org Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: --=-a3/lElfEy0Gp88+h6Apj Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Package: logcheck Version: 1.2.26 Severity: minor Running perdition (an IMAP and POP proxy) means a lot of messages to syslog: Sep 6 01:10:13 evenstar perdition[27813]: Connect: 82.133.58.132->82.133.58.132 Sep 6 01:10:14 evenstar perdition[27813]: Auth: 82.133.58.132->82.133.58.132 user=3D"accounts.pinklemon.net" server=3D"lorien.silverdream.org" port=3D"110" status=3D"ok" Sep 6 01:10:14 evenstar perdition[27813]: Close: 82.133.58.132->82.133.58.132 user=3D"accounts.pinklemon.net" received=3D12 sent=3D14 Sep 6 01:10:14 evenstar perdition[27814]: Connect: 82.133.58.132->82.133.58.132 Sep 6 01:10:14 evenstar perdition[27814]: Auth: 82.133.58.132->82.133.58.132 user=3D"postmaster.pinklemon.net" server=3D"lorien.silverdream.org" port=3D"110" status=3D"ok" Sep 6 01:10:14 evenstar perdition[27814]: Close: 82.133.58.132->82.133.58.132 user=3D"postmaster.pinklemon.net" received=3D12 sent=3D14 The following regexps match the above messages, they've been tested to work on my system: Connect: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} $ Auth: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Auth: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} user=3D\"[[:alnum:]+[:punct:]+]+\" server=3D\"[[:alnum:]+[:punct:]]+\" port=3D\"[0-9]+\" status=3D\"ok\"$ Close: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Close: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} user=3D\"[[:alnum:]+[:punct:]+]+\" received=3D[0-9]+ sent=3D[0-9]+$ Thanks for all the effort you've put into logcheck :) --=20 -jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org w: http://www.silverdream.org | p: sms at silverdream.org pgp key @ http://silverdream.org/~jps/pub.key 04:30:01 up 2 days, 13:39, 13 users, load average: 2.10, 2.19, 2.31 --=-a3/lElfEy0Gp88+h6Apj Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQBBO7xP0mxM1DK1CAsRAme8AJ0RQ4eIllAHhe0yLnTUZgLius6x8ACeMaNL YsRHK+dZl85tsSROJqHko6U=SCZu -----END PGP SIGNATURE----- --=-a3/lElfEy0Gp88+h6Apj-- --------------------------------------- Received: (at 270191-close) by bugs.debian.org; 6 Sep 2004 23:55:11 +0000>From katie at ftp-master.debian.org Mon Sep 06 16:55:11 2004Return-path: <katie at ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1C4TKI-000136-00; Mon, 06 Sep 2004 16:55:10 -0700 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1C4TCR-0008R1-00; Mon, 06 Sep 2004 19:47:03 -0400 From: Todd Troxell <ttroxell at debian.org> To: 270191-close at bugs.debian.org X-Katie: $Revision: 1.51 $ Subject: Bug#270191: fixed in logcheck 1.2.27 Message-Id: <E1C4TCR-0008R1-00 at newraff.debian.org> Sender: Archive Administrator <katie at ftp-master.debian.org> Date: Mon, 06 Sep 2004 19:47:03 -0400 Delivered-To: 270191-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: X-CrossAssassin-Score: 5 Source: logcheck Source-Version: 1.2.27 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.27_all.deb to pool/main/l/logcheck/logcheck-database_1.2.27_all.deb logcheck_1.2.27.dsc to pool/main/l/logcheck/logcheck_1.2.27.dsc logcheck_1.2.27.tar.gz to pool/main/l/logcheck/logcheck_1.2.27.tar.gz logcheck_1.2.27_all.deb to pool/main/l/logcheck/logcheck_1.2.27_all.deb logtail_1.2.27_all.deb to pool/main/l/logcheck/logtail_1.2.27_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 270191 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Monday, 06 Sep 2004 19:10:19 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.27 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 268277 269310 269318 269959 270191 Changes: logcheck (1.2.27) unstable; urgency=low . todd: * Add pointer to README.logcheck-database.gz in logcheck man page. (Closes: #268277) * Remove qmail rules because they have been added to qmail package. * Rule updates for spamd (Closes: #269318) * Add note about avoiding file name confilcts in README.Maintainer * Add violations ignore for courier-pop3d-ssl (Closes: #269959) * Add anon-proxy rules (Closes: #269310) * Add perdition rules thanks to jamie at silverdream.org (Closes: #270191) Files: 3b83540730550fc605c480be9fe1ff9e 668 admin optional logcheck_1.2.27.dsc 712939ee0208deb9dceba24798991849 80682 admin optional logcheck_1.2.27.tar.gz 41d40ce1fa306dff8c22d72c6a8afeb2 39060 admin optional logcheck_1.2.27_all.deb 0c414c87cc73407e869ff56d09cb892a 47806 admin optional logcheck-database_1.2.27_all.deb 7c98ef585497f77c228e61f00cefcd72 22908 admin optional logtail_1.2.27_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBPPLr4u3oQ3FHP2YRAl6AAKC44D2pz6+FfpHdUISkFboUkdBhxwCgpK5G Ff/jn4MytuONotRHYbVwebE=6zqn -----END PGP SIGNATURE-----