Douglas F. Calvert
2005-Apr-07 23:16 UTC
[Logcheck-devel] Bug#303661: logcheck-database: openntpd rules
Package: logcheck-database
Version: 1.2.37
Severity: normal
Hello again,
openntpd gives messages like these failry often:
Apr 7 14:25:55 terminus ntpd[673]: peer 204.17.42.202 now invalid
Apr 7 14:26:10 terminus ntpd[673]: peer 204.17.42.202 now valid
I am not sure if this is something that an admin may find relevant but they
happen fairly often and they do not offer a lot of info
for me. If you think they are relevant you can close this bug with no further
comment. However if you like I have contributed these
two rules:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: [.0-9]+ now valid$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: [.0-9]+ now invalid$
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-exec-shield
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.4.47 Debian configuration management sy
-- debconf information:
logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
Debian Bug Tracking System
2005-Apr-19 21:03 UTC
[Logcheck-devel] Bug#303661: marked as done (logcheck-database: openntpd rules)
Your message dated Tue, 19 Apr 2005 22:56:59 +0200 with message-id <20050419205659.GA308 at sputnik.stro.at> and subject line [Logcheck-devel] Bug#303661: logcheck: Simple rule has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 7 Apr 2005 23:16:22 +0000>From dfc at anize.org Thu Apr 07 16:16:22 2005Return-path: <dfc at anize.org> Received: from terminus.anize.org [69.56.216.138] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DJgEX-00020m-00; Thu, 07 Apr 2005 16:16:22 -0700 Received: from localhost (localhost [127.0.0.1]) by terminus.anize.org (Postfix) with ESMTP id AFB68B3BB6; Thu, 7 Apr 2005 19:16:21 -0400 (EDT) Received: from terminus.anize.org ([127.0.0.1]) by localhost (terminus [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 27651-01-4; Thu, 7 Apr 2005 19:16:21 -0400 (EDT) Received: by terminus.anize.org (Postfix, from userid 1002) id 8EA4EB3BE8; Thu, 7 Apr 2005 19:16:21 -0400 (EDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: "Douglas F. Calvert" <dfc at anize.org> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: logcheck-database: openntpd rules X-Mailer: reportbug 3.9 Date: Thu, 07 Apr 2005 19:16:21 -0400 Message-Id: <20050407231621.8EA4EB3BE8 at terminus.anize.org> X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at anize.org Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: Package: logcheck-database Version: 1.2.37 Severity: normal Hello again, openntpd gives messages like these failry often: Apr 7 14:25:55 terminus ntpd[673]: peer 204.17.42.202 now invalid Apr 7 14:26:10 terminus ntpd[673]: peer 204.17.42.202 now valid I am not sure if this is something that an admin may find relevant but they happen fairly often and they do not offer a lot of info for me. If you think they are relevant you can close this bug with no further comment. However if you like I have contributed these two rules: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: [.0-9]+ now valid$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: [.0-9]+ now invalid$ -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11-exec-shield Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.4.47 Debian configuration management sy -- debconf information: logcheck-database/rules-directories-note: logcheck-database/standard-rename-note: logcheck-database/conffile-cleanup: false --------------------------------------- Received: (at 303661-done) by bugs.debian.org; 19 Apr 2005 20:56:58 +0000>From max at stro.at Tue Apr 19 13:56:57 2005Return-path: <max at stro.at> Received: from baikonur.stro.at [213.239.196.228] by spohr.debian.org with esmtp (Exim 3.35 1 (Debian)) id 1DNzmD-0002yv-00; Tue, 19 Apr 2005 13:56:57 -0700 Received: from sputnik (stallburg.stro.at [128.131.216.190]) by baikonur.stro.at (Postfix) with ESMTP id D1A245C001 for <303661-done at bugs.debian.org>; Tue, 19 Apr 2005 22:56:54 +0200 (CEST) Received: from max by sputnik with local (Exim 4.50) id 1DNzmF-0002mx-Up for 303661-done at bugs.debian.org; Tue, 19 Apr 2005 22:57:00 +0200 Date: Tue, 19 Apr 2005 22:56:59 +0200 From: maximilian attems <debian at sternwelten.at> To: 303661-done at bugs.debian.org Subject: Re: [Logcheck-devel] Bug#303661: logcheck: Simple rule Message-ID: <20050419205659.GA308 at sputnik.stro.at> References: <20050416075916.57B7F19B341 at kasbah.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20050416075916.57B7F19B341 at kasbah.dyndns.org> User-Agent: Mutt/1.5.6+20040907i X-Virus-Scanned: by Amavis (ClamAV) at stro.at Delivered-To: 303661-done at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-Spam-Level: On Sat, 16 Apr 2005, Ralf Hildebrandt wrote:> Package: logcheck > Version: 1.2.37 > Followup-For: Bug #303661 > > > ntpd\[[0-9]+\]: peer .* now (in)?valid > > adapted from the ntp-server ruledue to typo in debian/changelog bug didn't get closed as release of 1.3.38. enclosing the message below: -- Source: logcheck Source-Version: 1.2.38 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.38_all.deb to pool/main/l/logcheck/logcheck-database_1.2.38_all.deb logcheck_1.2.38.dsc to pool/main/l/logcheck/logcheck_1.2.38.dsc logcheck_1.2.38.tar.gz to pool/main/l/logcheck/logcheck_1.2.38.tar.gz logcheck_1.2.38_all.deb to pool/main/l/logcheck/logcheck_1.2.38_all.deb logtail_1.2.38_all.deb to pool/main/l/logcheck/logtail_1.2.38_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 304978 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Monday, 18 Apr 2005 23:45:00 -0500 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.38 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - Mails anomalies in the system logfiles to the administrator logcheck-database - A database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 30088 295352 297995 302678 303176 304978 Changes: logcheck (1.2.38) unstable; urgency=low . maks: * Generalise postfix rule concerning network_biopair_interop. * Add rule for ntp message about valid/infalid peers. (Closes #303661) * Improve rules .PHONY target + add checkpo rule for the translation check. * Add help target to debian/rules documenting the syntax. jamie: * Add rule in violations.ignore.d/logcheck-postfix for postgrey (Closes: #30088) * Modify bind notify rule for bind 9.3.x (Closes: #303176) * Add various workstation kernel/udev rules for removable devices (Closes: #297995) * Modify rsync rule to match module names with '.', '-' and '_'. Thanks to SATOH Fumiyasu <fumiya at samba.gr.jp> for the patch (Closes: #295352) * Add nagios rule for UNKNOWN state service notification. * Modify postfix anvil rule for 'max connection' statistics messages to match smtps connections too. * Add new rules for policyd, a postfix policy daemon. * Add more postfix rules for certificate verification failure messages. * Add new rules for postfix scache (connection cache server). * Add rule for bind 9.3 'unexpected RCODE' messages. * Modify dnsmasq rule to match '/var/run/dnsmasq/resolv.conf' too. (Closes: #302678) todd: * Change lockfile location from /var/lock/logcheck to /var/lock/logcheck/logcheck (Thanks Rainer Zocholl) to avoid potential DoS condition. (Closes: #304978) * Make lockfile debug messages refer to the correct files. * Add note about dh_installlogcheck permissions. (See #302379) Files: a040986cd3efb1bc4b4b273ed4a0e635 703 admin optional logcheck_1.2.38.dsc d82a1faa4198dfa7900e518f8b3581d3 94121 admin optional logcheck_1.2.38.tar.gz 520c27384c61dc06f55a9698c42b7bbf 44576 admin optional logcheck_1.2.38_all.deb 70e46d26fa902d29668d16f1f7186af4 61472 admin optional logcheck-database_1.2.38_all.deb 6931679c977e9f6025ebbd4e7ccca586 27374 admin optional logtail_1.2.38_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCZH8R4u3oQ3FHP2YRAlR7AJ9f78c4NhflMsODo+Ov+/zR5bWNZACeJy+n 3OqLY4B4e4FxveJ3bkIPBUU=riHA -----END PGP SIGNATURE-----