toby cabot
2005-Aug-31 03:53 UTC
[Logcheck-devel] Bug#325801: logcheck: new regex to filter imap "Moved xxx bytes of new mail" messages
Package: logcheck Version: 1.2.41 Severity: wishlist Hi folks, thanks for your work maintaining logcheck, it works well. When my users read their mail using imap (usually via squirrelmail, not sure about other clients) I get a message like this in the log: Aug 22 21:03:32 phoenix imapd[6551]: Moved 11323 bytes of new mail to /home/winky/mail/mbox from /var/spool/mail/winky host= localhost [127.0.0.1] It seems to me that this is a normal enough system event that it can be filtered so I added a new regex to /etc/logcheck/ignore.d.server/imap: imapd\[[._[:alnum:]-]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= localhost \[127.0.0.1\]$ Thanks, Toby -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.10-1-686-smp Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck depends on: ii adduser 3.67 Add and remove users and groups ii cron 3.0pl1-91 management of regular background p ii debconf [debconf 1.4.58 Debian configuration management sy ii debianutils 2.14.2 Miscellaneous utilities specific t ii grep 2.5.1.ds1-5 GNU grep, egrep and fgrep ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.41 database of system log rules for t ii logtail 1.2.41 Print log file lines that have not ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii postfix [mail-tr 2.2.4-1 A high-performance mail transport ii sysklogd [system 1.4.1-17 System Logging Daemon logcheck recommends no packages. -- debconf information: * logcheck/noroot: logcheck/changes: * logcheck/install-note:
maximilian attems
2005-Sep-01 18:46 UTC
Bug#325801: [Logcheck-devel] Bug#325801: logcheck: new regex to filter imap "Moved xxx bytes of new mail" messages
tags 325801 pending thanks On Tue, 30 Aug 2005, toby cabot wrote:> Hi folks, thanks for your work maintaining logcheck, it works well. > > When my users read their mail using imap (usually via squirrelmail, > not sure about other clients) I get a message like this in the log: > > Aug 22 21:03:32 phoenix imapd[6551]: Moved 11323 bytes of new mail to /home/winky/mail/mbox from /var/spool/mail/winky host= localhost [127.0.0.1] > > It seems to me that this is a normal enough system event that it can > be filtered so I added a new regex to /etc/logcheck/ignore.d.server/imap: > > imapd\[[._[:alnum:]-]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= localhost \[127.0.0.1\]$ > > Thanks, > Tobyindeed seems like pretty normal imap usage. ;) thanks a lot for your helpfull bug report, rule added to current logcheck cvs. -- maks
Debian Bug Tracking System
2005-Sep-01 19:03 UTC
Processed: Re: [Logcheck-devel] Bug#325801: logcheck: new regex to filter imap "Moved xxx bytes of new mail" messages
Processing commands for control at bugs.debian.org:> tags 325801 pendingBug#325801: logcheck: new regex to filter imap "Moved xxx bytes of new mail" messages There were no tags set. Tags added: pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2005-Oct-23 04:48 UTC
[Logcheck-devel] Bug#325801: marked as done (logcheck: new regex to filter imap "Moved xxx bytes of new mail" messages)
Your message dated Sat, 22 Oct 2005 21:32:06 -0700 with message-id <E1ETXWg-0003mr-00 at spohr.debian.org> and subject line Bug#325801: fixed in logcheck 1.2.42 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------------------------------- Received: (at submit) by bugs.debian.org; 31 Aug 2005 03:53:30 +0000>From toby at caboteria.org Tue Aug 30 20:53:30 2005Return-path: <toby at caboteria.org> Received: from smtp02.mrf.mail.rcn.net [207.172.4.62] by spohr.debian.org with esmtp (Exim 3.36 1 (Debian)) id 1EAJfG-00021x-00; Tue, 30 Aug 2005 20:53:30 -0700 Received: from 207-172-209-236.c3-0.ded-ubr1.sbo-ded.ma.cable.rcn.com (HELO mail.caboteria.org) ([207.172.209.236]) by smtp02.mrf.mail.rcn.net with ESMTP; 30 Aug 2005 23:53:30 -0400 X-IronPort-AV: i="3.96,156,1122868800"; d="scan'208"; a="80106647:sNHT21378006" Received: by mail.caboteria.org (Postfix, from userid 1000) id 58D05C438C; Tue, 30 Aug 2005 23:53:33 -0400 (EDT) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: toby cabot <toby at caboteria.org> To: Debian Bug Tracking System <submit at bugs.debian.org> Subject: logcheck: new regex to filter imap "Moved xxx bytes of new mail" messages X-Mailer: reportbug 3.17 Date: Tue, 30 Aug 2005 23:53:33 -0400 Message-Id: <20050831035333.58D05C438C at mail.caboteria.org> Delivered-To: submit at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE autolearn=no version=2.60-bugs.debian.org_2005_01_02 Package: logcheck Version: 1.2.41 Severity: wishlist Hi folks, thanks for your work maintaining logcheck, it works well. When my users read their mail using imap (usually via squirrelmail, not sure about other clients) I get a message like this in the log: Aug 22 21:03:32 phoenix imapd[6551]: Moved 11323 bytes of new mail to /home/winky/mail/mbox from /var/spool/mail/winky host= localhost [127.0.0.1] It seems to me that this is a normal enough system event that it can be filtered so I added a new regex to /etc/logcheck/ignore.d.server/imap: imapd\[[._[:alnum:]-]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= localhost \[127.0.0.1\]$ Thanks, Toby -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.10-1-686-smp Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck depends on: ii adduser 3.67 Add and remove users and groups ii cron 3.0pl1-91 management of regular background p ii debconf [debconf 1.4.58 Debian configuration management sy ii debianutils 2.14.2 Miscellaneous utilities specific t ii grep 2.5.1.ds1-5 GNU grep, egrep and fgrep ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.41 database of system log rules for t ii logtail 1.2.41 Print log file lines that have not ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii postfix [mail-tr 2.2.4-1 A high-performance mail transport ii sysklogd [system 1.4.1-17 System Logging Daemon logcheck recommends no packages. -- debconf information: * logcheck/noroot: logcheck/changes: * logcheck/install-note: --------------------------------------- Received: (at 325801-close) by bugs.debian.org; 23 Oct 2005 04:38:27 +0000>From katie at spohr.debian.org Sat Oct 22 21:38:27 2005Return-path: <katie at spohr.debian.org> Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian)) id 1ETXWg-0003mr-00; Sat, 22 Oct 2005 21:32:06 -0700 From: Todd Troxell <ttroxell at debian.org> To: 325801-close at bugs.debian.org X-Katie: $Revision: 1.56 $ Subject: Bug#325801: fixed in logcheck 1.2.42 Message-Id: <E1ETXWg-0003mr-00 at spohr.debian.org> Sender: Archive Administrator <katie at spohr.debian.org> Date: Sat, 22 Oct 2005 21:32:06 -0700 Delivered-To: 325801-close at bugs.debian.org X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 (1.212-2003-09-23-exp) on spohr.debian.org X-Spam-Level: X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER autolearn=no version=2.60-bugs.debian.org_2005_01_02 X-CrossAssassin-Score: 16 Source: logcheck Source-Version: 1.2.42 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.2.42_all.deb to pool/main/l/logcheck/logcheck-database_1.2.42_all.deb logcheck_1.2.42.dsc to pool/main/l/logcheck/logcheck_1.2.42.dsc logcheck_1.2.42.tar.gz to pool/main/l/logcheck/logcheck_1.2.42.tar.gz logcheck_1.2.42_all.deb to pool/main/l/logcheck/logcheck_1.2.42_all.deb logtail_1.2.42_all.deb to pool/main/l/logcheck/logtail_1.2.42_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 325801 at bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster at debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 22 Oct 2005 23:14:54 -0400 Source: logcheck Binary: logcheck logtail logcheck-database Architecture: source all Version: 1.2.42 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org> Changed-By: Todd Troxell <ttroxell at debian.org> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 312393 324347 324451 324613 324615 324751 325800 325801 325874 327088 327100 327114 328251 328632 330208 331282 332707 332807 333233 333456 333461 334342 334415 335021 Changes: logcheck (1.2.42) unstable; urgency=low . [ maximilian attems ] * Add dccproc timeout rule. * Only source the conffile if we can read it. Should enable logcheck runs directly out of the logcheck source. * Default to send mail to local root otherwise messages go to Nirvana. * Check if conffile with list of logfiles is readable. * Fallback to read syslog if no logfile is provided. * Enhance bind rules ignore NSTATS loglines, remove dup. (Closes: #324751) * Add rule for recent nfs mountd messages. Thanks to toby cabot <toby at caboteria.org>. (Closes: #325800) * Move imap file to server level, not appropriate for paranoid. * Add imap ignore rule for moved bytes, seems pretty normal imap usage. Thanks to toby cabot <toby at caboteria.org>. (Closes: #325801) * Add rule for Postponed keyboard-interactive ssh logins. * Update some usb rules for usb-storage and phone devices. (Closes: #324347) * Update horde3 rules the identifier can be changed by the user to any char. Thanks to Martin Lohmeier <martin at mein-horde.de> (Closes: #324613) * Add imp4 rule for successful logins. Thanks to Martin Lohmeier <martin at mein-horde.de> (Closes: #324615) * Bumped standards to 3.6.2. * Fix exim4 rule for more modern tls string. * logcheck.8 fix add full path to README.logcheck-database.gz. (Closes: #328632) . [ Jamie Penman-Smithson ] * Add the first rules for mon. Thanks to Robbert Muller <muller at muze.nl>. (Closes: #324451) * Modify dovecot rules to match ipv6 addresses too. (Closes: #327088) * Add first polypaudio rules in workstation to suppress module-alsa-sink.c messages. (Closes: #331282) * Add first rules for tftpd, suppress 'connect' and 'get file' messages. (Closes: #333456) * Fix dovecot rules to match the new format log messages in 1.0. (Closes: #332707, #333461) * Fix proftpd rules to match ipv6 addresses. Thanks to Elmar Hoffmann <elho at elho.net> (Closes: #332807) * Update ssh rules to suppress reverse DNS warnings. Thanks to Elmar Hoffmann <elho at elho.net> (Closes: #333233) * Update nagios rules to match host UNREACHABLE notification messages. (Closes: #325874) * Add the first rules for popa3d. (Closes: #328251) * Fix group permissions for /var/lock/logcheck on install or upgrade so logcheck can be executed by the logcheck group. (Closes: #330208) * Add Swedish translation, thanks to Daniel Nylander <yeager at lidkoping.net>. (Closes: #334415) * Fix anvil max rate rule to match statistics messages when postfix is bound to a specific IP. (Closes: #334342) * Modify spamd rules to match log message format in 3.1. (Closes: #335021) . [ Todd Troxell ] * Add check for lockfile-progs to aid non-debian installations. * Set logcheck to remove cleanup trap if an error occours while getting lockfile. This will prevent many confusing error messages. * Add error reporting on -o option * Add IPv6 support to bind rules. Thanks Marco Nenciarin <mnencia at prato.linux.it> (Closes: #327100) * Add IPV6 support to postfix rules. Thanks Marco Nenciarin <mnencia at prato.linux.it> (Closes: #327114) * Add INSTALL documentation for manual/non-Debian installation. * Add 5 receive rules for hylafax's FaxGetty. * Call adduser without --home flag in postinst. (Closes: #312393) Files: bb7c028e97c78ab67d9c8417de1d1d3b 736 admin optional logcheck_1.2.42.dsc a17f485774e5c00cb314b74c30d0929c 104787 admin optional logcheck_1.2.42.tar.gz e06b1c7bea38cf6b8a6977df05997481 48606 admin optional logcheck_1.2.42_all.deb 54f5ed99e3e602561f69e39cf5236800 66628 admin optional logcheck-database_1.2.42_all.deb f2875097308d99e0663d9d583b1548b5 30976 admin optional logtail_1.2.42_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDWw344u3oQ3FHP2YRAm+4AJ4g+FoIjbpI67yD8N9sBXE+Gok5pQCfRF7+ K2Akj9p3eKdJdHqBKRFJjfA=lJbY -----END PGP SIGNATURE-----
Maybe Matching Threads
- Bug#328632: Please include README.logcheck-database.gz
- Bug#324615: new rules for imp4
- Bug#322036: logcheck: [manual] typo in SYNOPSIS (TIOS => OPTIONS)
- Bug#313601: logcheck-database: ignore mount version messages
- Bug#317741: logcheck-database: fails to ignore properly some lines from 'rbldnsd'