Lee Maguire
2004-Oct-21 12:37 UTC
[Logcheck-devel] Bug#277644: logcheck-database: ignore rules for removable media
Package: logcheck-database Version: 1.2.29 Severity: wishlist These are some kernel ignore rules I use in the workstation setting relating to removable media (usb, zip, cdr). ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Initializing USB Mass Storage driver\.\.\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: usbcore: registered new driver usb-storage$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: USB Mass Storage support registered.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: scsi[0-9]+ : SCSI emulation for USB Mass Storage devices$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: SCSI device sd[a-z]: [0-9]+ 512-byte hdwr sectors \([0-9]+ MB\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: sd[a-z]: Write Protect is off$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Mode Sense: [ 0-9]{11}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: assuming drive cache: write through$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Attached scsi removable disk sd[a-z] at scsi[0-9], channel [0-9], id [0-9], lun [0-9]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: ISOFS: changing to secondary root$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: ide-floppy driver .*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: hd[a-z]: tray open$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ usb\.agent\[[0-9]+\]:[[:space:]]+usb-storage: loaded successfully$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ scsi\.agent\[[0-9]+\]: disk at /devices/.*
Jamie L. Penman-Smithson
2004-Nov-07 00:51 UTC
[Logcheck-devel] Bug#277644: logcheck-database: ignore rules for removable media
On Thu, 2004-10-21 at 13:37 +0100, Lee Maguire wrote:> These are some kernel ignore rules I use in the workstation setting > relating to removable media (usb, zip, cdr).If you could provide the log messages these rules pertain to, that'd be great. Thanks, -- -jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org w: http://www.silverdream.org | p: sms at silverdream.org pgp key @ http://silverdream.org/~jps/pub.key 21:30:02 up 17 min, 2 users, load average: 2.65, 2.52, 1.58 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20041107/ee7c521d/attachment.pgp
Lee Maguire
2004-Nov-15 20:50 UTC
[Logcheck-devel] Bug#277644: logcheck-database: ignore rules for removable media
Further log entries, after using cd writer: Nov 14 20:27:59 localhost kernel: Attached scsi generic sg0 at scsi0, channel 0, id 0, lun 0, type 0 Nov 14 20:45:26 localhost kernel: ISOFS: changing to secondary root Nov 14 20:49:54 localhost kernel: ISOFS: changing to secondary root
maks attems
2004-Nov-15 23:40 UTC
Bug#277644: [Logcheck-devel] Bug#277644: logcheck-database: ignore rules for removable media
On Mon, 15 Nov 2004, Lee Maguire wrote:> Further log entries, after using cd writer: > > Nov 14 20:27:59 localhost kernel: Attached scsi generic sg0 at scsi0, channel 0, id 0, lun 0, type 0 > Nov 14 20:45:26 localhost kernel: ISOFS: changing to secondary root > Nov 14 20:49:54 localhost kernel: ISOFS: changing to secondary rootwhat kernel are you using, out of interest? (dmesg | head -n1 after reboot or uname -a would be cool) -- maks kernel janitor http://janitor.kernelnewbies.org/
Lee Maguire
2004-Nov-17 21:04 UTC
Bug#277644: [Logcheck-devel] Bug#277644: logcheck-database: ignore rules for removable media
[2004-11-16] maks attems wrote:> > Nov 14 20:49:54 localhost kernel: ISOFS: changing to secondary root > > what kernel are you using, out of interest? > (dmesg | head -n1 after reboot or uname -a would be cool)Linux version 2.6.8-1-386 (dilinger at toaster.hq.voxel.net) (gcc version 3.3.5 (Debian 1:3.3.5-2)) #1 Thu Nov 11 12:18:43 EST 2004 (i.e. kernel-image-2.6.8-1-386_2.6.8-5_i386.deb)
maks attems
2004-Dec-01 12:13 UTC
Bug#277644: [Logcheck-devel] Bug#277644: logcheck-database: ignore rules for removable media
tags 277644 pending thanks On Thu, 21 Oct 2004, Lee Maguire wrote:> These are some kernel ignore rules I use in the workstation setting > relating to removable media (usb, zip, cdr). > > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Initializing USB Mass Storage driver\.\.\.$merged> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: usbcore: registered new driver usb-storage$changed a bit already merged rule: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: usbcore: registered new driver [[:lower:]-]+$> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: USB Mass Storage support registered.$merged with a '\.'> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: scsi[0-9]+ : SCSI emulation for USB Mass Storage devices$merged with existent rule: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: scsi[0-9]+ : SCSI emulation for (IEEE-1394 SBP-2 Devices|USB Mass Storage devices)$> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: SCSI device sd[a-z]: [0-9]+ 512-byte hdwr sectors \([0-9]+ MB\)$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: sd[a-z]: Write Protect is off$merged> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Mode Sense: [ 0-9]{11}$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: assuming drive cache: write through$couldn't reproduce those 2, no messages to match again. for now left.> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Attached scsi removable disk sd[a-z] at scsi[0-9], channel [0-9], id [0-9], lun [0-9]$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: ISOFS: changing to secondary root$merged> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: ide-floppy driver .*$merged without '.*' ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: ide-floppy driver [[:alnum:].]+$> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: hd[a-z]: tray open$hmm is that harmless? no message to match against.> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ usb\.agent\[[0-9]+\]:[[:space:]]+usb-storage: loaded successfully$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ scsi\.agent\[[0-9]+\]: disk at /devices/.*both merged. thanks for your bugreport and patience. :) -- maks
Debian Bug Tracking System
2004-Dec-01 12:18 UTC
Processed: Re: [Logcheck-devel] Bug#277644: logcheck-database: ignore rules for removable media
Processing commands for control at bugs.debian.org:> tags 277644 pendingBug#277644: logcheck-database: ignore rules for removable media There were no tags set. Tags added: pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2004-Dec-07 16:33 UTC
[Logcheck-devel] Bug#277644: marked as done (logcheck-database: ignore rules for removable media)
Your message dated Tue, 07 Dec 2004 11:17:05 -0500 with message-id <E1Cbi1R-0005Cw-00 at newraff.debian.org> and subject line Bug#277644: fixed in logcheck 1.2.32 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 21 Oct 2004 12:37:30 +0000>From lee-debian at hexkey.co.uk Thu Oct 21 05:37:30 2004Return-path: <lee-debian at hexkey.co.uk> Received: from mouse.hexkey.org [212.13.199.141] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1CKcCA-0000D6-00; Thu, 21 Oct 2004 05:37:30 -0700 Received: from lee by mouse.hexkey.org with local (Exim 3.35) id 1CKcC7-0005NT-00 for <submit at bugs.debian.org>; Thu, 21 Oct 2004 13:37:27 +0100 Date: Thu, 21 Oct 2004 13:37:27 +0100 From: Lee Maguire <lee-debian at hexkey.co.uk> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: logcheck-database: ignore rules for removable media Message-ID: <20041021123727.GA20655 at mouse.hexkey.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.3.28i Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Package: logcheck-database Version: 1.2.29 Severity: wishlist These are some kernel ignore rules I use in the workstation setting relating to removable media (usb, zip, cdr). ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Initializing USB Mass Storage driver\.\.\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: usbcore: registered new driver usb-storage$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: USB Mass Storage support registered.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: scsi[0-9]+ : SCSI emulation for USB Mass Storage devices$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: SCSI device sd[a-z]: [0-9]+ 512-byte hdwr sectors \([0-9]+ MB\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: sd[a-z]: Write Protect is off$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Mode Sense: [ 0-9]{11}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: assuming drive cache: write through$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Attached scsi removable disk sd[a-z] at scsi[0-9], channel [0-9], id [0-9], lun [0-9]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: ISOFS: changing to secondary root$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: ide-floppy driver .*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: hd[a-z]: tray open$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ usb\.agent\[[0-9]+\]:[[:space:]]+usb-storage: loaded successfully$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ scsi\.agent\[[0-9]+\]: disk at /devices/.* --------------------------------------- Received: (at 277644-close) by bugs.debian.org; 7 Dec 2004 16:19:51 +0000>From katie at ftp-master.debian.org Tue Dec 07 08:19:51 2004Return-path: <katie at ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1Cbi47-0001Rg-00; Tue, 07 Dec 2004 08:19:51 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1Cbi1R-0005Cw-00; Tue, 07 Dec 2004 11:17:05 -0500 From: Todd Troxell <ttroxell at debian.org> To: 277644-close at bugs.debian.org X-Katie: $Revision: 1.54 $ Subject: Bug#277644: fixed in logcheck 1.2.32 Message-Id: <E1Cbi1R-0005Cw-00 at newraff.debian.org> Sender: Archive Administrator <katie at ftp-master.debian.org> Date: Tue, 07 Dec 2004 11:17:05 -0500 Delivered-To: 277644-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2004_03_25 X-Spam-Level: Source: logcheck Source-Version: 1.2.32 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.32_all.deb to pool/main/l/logcheck/logcheck-database_1.2.32_all.deb logcheck_1.2.32.dsc to pool/main/l/logcheck/logcheck_1.2.32.dsc logcheck_1.2.32.tar.gz to pool/main/l/logcheck/logcheck_1.2.32.tar.gz logcheck_1.2.32_all.deb to pool/main/l/logcheck/logcheck_1.2.32_all.deb logtail_1.2.32_all.deb to pool/main/l/logcheck/logtail_1.2.32_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 277644 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tuesday, 07 Dec 2004 10:57:39 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.32 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 277644 281646 282378 282842 283331 Changes: logcheck (1.2.32) unstable; urgency=low . maks: * Add rules for jabberd, openvpn, rsnapshot, saslauthd, stunnel at level server from Peter Palfrader <weasel at debian.org>. * Default reportlevel is "server", correct logcheck.conf thanks koki. * Fix up space in newer xdm logging. * Add kernel rule for dvd combi drives at level workstation. * Add nss_ldap rule for apache, sshd syslog line at level server. * Ignore also ssh disconnect from win clients on level server. * Have per package NEWS.Debian files, move them below debian/. thanks alfie for hint dh_installchangelogs(1) for multiple NEWS.Debian. (closes: #281646) * Add and fix hostname match in dnsmasq ruleset. (closes: #283331) * Add rules for workstation related to removable media. (closes: #277644) * Remove kernel rules related to tainted modules. * Fix sudo ignore rule for tty usage. * Fix gconfd rules at level workstation for newest gnome. alfie: * logtail.8: Fixed formating to be consistant, changed OPTION to -r (the only OPTION not mentioned yet :)) jamie: * Add rules for nagios, gps. * Added new rules for messages from USB joystick use. (closes: #282378) * Fix spamd rule to match all hosts. (closes: #282842) Files: d4fa21997ef1bf4d68510ebfc73441c4 703 admin optional logcheck_1.2.32.dsc 197466b4414f575d0cc83e04a463ae6c 87932 admin optional logcheck_1.2.32.tar.gz c64e2e54d5755356f498a05f38512349 41036 admin optional logcheck_1.2.32_all.deb b5a45bec8397a77377f7ce79cf7b5965 55280 admin optional logcheck-database_1.2.32_all.deb 7227248dd59bf586666e9f135fc06b90 24894 admin optional logtail_1.2.32_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBtdPq4u3oQ3FHP2YRAm5dAJ90/WyJ62VxyD+w8Mxoa33LP4p5vwCeIAq3 q1vFQQfcujV9FCFcQzX5EjY=FALE -----END PGP SIGNATURE-----