Ingo Theiss
2005-Feb-20 11:10 UTC
[Logcheck-devel] Bug#296110: logcheck: ignore.d.server pure-ftpd pattern for '[NOTICE] ... uploaded' not matching
Package: logcheck Version: 1.2.34 Severity: normal the pattern in ignore.d.server pure-ftpd for '[NOTICE] ... uploaded' is not matching the following message: Feb 18 23:06:18 example pure-ftpd: (test-9999-99 at 111.111.111.111) [NOTICE] /docroot/example.com//htdocs/guradia/plugin/net.php.smarty/libs/plugins/function.assign_debug_info.php uploaded (1116 bytes, 7.47KB/sec) maybe the double '//' is the problem. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.26 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck depends on: ii adduser 3.59 Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.30.11 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.34 A database of system log rules for ii logtail 1.2.34 Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent ii postfix [mail-tr 2.1.5-5 A high-performance mail transport ii sysklogd [system 1.4.1-16 System Logging Daemon -- debconf information: logcheck/changes: * logcheck/install-note:
Jamie L. Penman-Smithson
2005-Feb-20 16:55 UTC
[Logcheck-devel] Bug#296110: logcheck: ignore.d.server pure-ftpd pattern for '[NOTICE] ... uploaded' not matching
On Sun, 2005-02-20 at 12:10 +0100, Ingo Theiss wrote:> the pattern in ignore.d.server pure-ftpd for '[NOTICE] ... uploaded' is > not matching the following message: > > Feb 18 23:06:18 example pure-ftpd: (test-9999-99 at 111.111.111.111) [NOTICE] > /docroot/example.com//htdocs/guradia/plugin/net.php.smarty/libs/plugins/function.assign_debug_info.php > uploaded (1116 bytes, 7.47KB/sec) > > maybe the double '//' is the problem.The following rule matches those messages: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: \([._[:alnum:]-]+@[._[:alnum:]-]+\) \[NOTICE\] .+ (up|down)loaded \([0-9]+ bytes, [0-9]+.[0-9]+KB/sec\)$ It's been in logcheck since 1.2.29, since you're using 1.2.34 you shouldn't be seeing those messages.. Make sure you've got that rule in your ignore.d.server/pure-ftpd. Are those messages showing up as Security Events? Are the permissions on ignore.d.server/pure-ftpd okay? -- -jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org w: http://www.silverdream.org | p: sms at silverdream.org pgp key @ http://silverdream.org/~jps/pub.key 21:30:02 up 17 min, 2 users, load average: 2.65, 2.52, 1.58 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050220/a8879d16/attachment.pgp
Debian Bug Tracking System
2005-Feb-21 06:18 UTC
[Logcheck-devel] Bug#296110: marked as done (logcheck: ignore.d.server pure-ftpd pattern for '[NOTICE] ... uploaded' not matching)
Your message dated Mon, 21 Feb 2005 01:02:09 -0500 with message-id <E1D36e1-0004nW-00 at newraff.debian.org> and subject line Bug#296110: fixed in logcheck 1.2.35 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 20 Feb 2005 11:11:14 +0000>From ingo.theiss at i-matrixx.de Sun Feb 20 03:11:14 2005Return-path: <ingo.theiss at i-matrixx.de> Received: from web1.planet-multiplayer.de [82.149.225.235] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1D2ozZ-00039u-00; Sun, 20 Feb 2005 03:11:14 -0800 Received: by web1.planet-multiplayer.de (Postfix, from userid 0) id 681C28E2; Sun, 20 Feb 2005 12:10:45 +0100 (CET) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Ingo Theiss <ingo.theiss at i-matrixx.de> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: logcheck: ignore.d.server pure-ftpd pattern for '[NOTICE] ... uploaded' not matching X-Mailer: reportbug 3.2 Date: Sun, 20 Feb 2005 12:10:45 +0100 Message-Id: <20050220111045.681C28E2 at web1.planet-multiplayer.de> Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: logcheck Version: 1.2.34 Severity: normal the pattern in ignore.d.server pure-ftpd for '[NOTICE] ... uploaded' is not matching the following message: Feb 18 23:06:18 example pure-ftpd: (test-9999-99 at 111.111.111.111) [NOTICE] /docroot/example.com//htdocs/guradia/plugin/net.php.smarty/libs/plugins/function.assign_debug_info.php uploaded (1116 bytes, 7.47KB/sec) maybe the double '//' is the problem. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Kernel: Linux 2.4.26 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck depends on: ii adduser 3.59 Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.30.11 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.34 A database of system log rules for ii logtail 1.2.34 Print log file lines that have not ii mailx 1:8.1.2-0.20040524cvs-4 A simple mail user agent ii postfix [mail-tr 2.1.5-5 A high-performance mail transport ii sysklogd [system 1.4.1-16 System Logging Daemon -- debconf information: logcheck/changes: * logcheck/install-note: --------------------------------------- Received: (at 296110-close) by bugs.debian.org; 21 Feb 2005 06:08:42 +0000>From katie at ftp-master.debian.org Sun Feb 20 22:08:42 2005Return-path: <katie at ftp-master.debian.org> Received: from newraff.debian.org [208.185.25.31] (mail) by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1D36kL-0003Kl-00; Sun, 20 Feb 2005 22:08:41 -0800 Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian)) id 1D36e1-0004nW-00; Mon, 21 Feb 2005 01:02:09 -0500 From: Todd Troxell <ttroxell at debian.org> To: 296110-close at bugs.debian.org X-Katie: $Revision: 1.55 $ Subject: Bug#296110: fixed in logcheck 1.2.35 Message-Id: <E1D36e1-0004nW-00 at newraff.debian.org> Sender: Archive Administrator <katie at ftp-master.debian.org> Date: Mon, 21 Feb 2005 01:02:09 -0500 Delivered-To: 296110-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: X-CrossAssassin-Score: 8 Source: logcheck Source-Version: 1.2.35 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.35_all.deb to pool/main/l/logcheck/logcheck-database_1.2.35_all.deb logcheck_1.2.35.dsc to pool/main/l/logcheck/logcheck_1.2.35.dsc logcheck_1.2.35.tar.gz to pool/main/l/logcheck/logcheck_1.2.35.tar.gz logcheck_1.2.35_all.deb to pool/main/l/logcheck/logcheck_1.2.35_all.deb logtail_1.2.35_all.deb to pool/main/l/logcheck/logtail_1.2.35_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 296110 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sunday, 20 Feb 2005 23:17:00 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.35 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 286307 294612 294950 295254 295257 295418 296014 296110 296214 Changes: logcheck (1.2.35) unstable; urgency=low . maks: * logtail fix invocation without switches (compat to old versions). * Add smartd rule, whitespace fix openvpn rule, merge old smartd rules. * Add rule for imaplogin disconnected + logout messages. (closes: #294950, #295418) * Add rule violations.ignore.d/logcheck-ssh + rule ignore.d.server/ssh for the PARANOID wildcard in /etc/hosts.deny. * Match dots as dots aka '\.' in all rules. * Add kernel rules at level workstation (annoying apm, usb storage) * Fix gconf SIGHUP rule (dup whitespace). jamie: * Add rules for webmin (closes: #286307). * Add rules for postfix 2.2, innd. * Modify rule for pure-ftpd logout messages (closes: #294612). * Add rule for pure-ftpd timeout messages (closes: #295254). * Modify rule for pure-ftpd logout messages to match even if username is missing(!) (closes: #295257). * Add rules in violations.ignore.d/logcheck-postfix for certificate verification failures. * Add rule for courierpop3login (closes: 296014). * Add rule in violations.ignore.d/logcheck-pureftp for upload/download messages (closes: #296110). todd: * Correct link syntax in copyright (closes: 296214). * Add comments to clarify postinst Files: 61d0e485a23687ccc2fd0d179409eb1d 703 admin optional logcheck_1.2.35.dsc a55d9a93f5057c79a6d34ff8191f29be 91356 admin optional logcheck_1.2.35.tar.gz 37be562cc7a5f47023f1783563e2732a 43194 admin optional logcheck_1.2.35_all.deb 9f9371ba32b41374c98eddfb203b9662 59144 admin optional logcheck-database_1.2.35_all.deb 1034df8adfa7d11f126684ce911008db 26332 admin optional logtail_1.2.35_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCGXP04u3oQ3FHP2YRAhKbAKDA5cfe1HPJH6erP1JxNlQd4aiauwCfawoj +khFMcDmYlFYNluR6CG6f54=9LS0 -----END PGP SIGNATURE-----