Paul van der Holst
2005-Oct-15 07:31 UTC
[Logcheck-devel] Bug#334042: logcheck: wishlist 2 new options
Package: logcheck Version: 1.2.41 Severity: wishlist My server runs all stuff, also a mailserver (qmail + vpopmail etc). When I receive the update thru mail, it is full with: - imaplogin (LOGIN/LOGOUT) - spamd - qmail-scanner that kinda stuff I don't need to see.. May it is an idea to add these options? thanks! -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.27-speakup Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages logcheck depends on: ii adduser 3.67.2 Add and remove users and groups ii cron 3.0pl1-91 management of regular background p ii debconf [debconf 1.4.58 Debian configuration management sy ii debianutils 2.15 Miscellaneous utilities specific t ii fake-qmail [mail 1.0.3-1 "Fakes" installation of a mail sys ii grep 2.5.1.ds2-1 GNU grep, egrep and fgrep ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.41 database of system log rules for t ii logtail 1.2.41 Print log file lines that have not ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii sysklogd [system 1.4.1-17 System Logging Daemon logcheck recommends no packages. -- debconf information: logcheck/changes: * logcheck/install-note:
Jamie L. Penman-Smithson
2005-Oct-15 14:12 UTC
Bug#334042: [Logcheck-devel] Bug#334042: logcheck: wishlist 2 new options
On Sat, 2005-10-15 at 09:31 +0200, Paul van der Holst wrote:> My server runs all stuff, also a mailserver (qmail + vpopmail etc). When I > receive the update thru mail, it is full with: > - imaplogin (LOGIN/LOGOUT) > - spamd > - qmail-scannerWhich log messages are not being ignored? -j -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051015/61c925de/attachment.pgp
Paul van der Holst
2005-Oct-15 17:45 UTC
Bug#334042: [Logcheck-devel] Bug#334042: logcheck: wishlist 2 new options
I will add one of each below proftpd: 1 <hostname> proftpd: <hostname> (<user ip>) - FTP session opened. 1 <hostname> proftpd: <hostname> (<user ip>) - USER got: Login successful. 1 <hostname> proftpd: <hostname> (<user ip>) - FTP session closed. imap: 47 <hostname> imaplogin: LOGIN, user=<email>, ip=[::ffff:<ip>], protocol=IMAP 27 <hostname> imaplogin: LOGOUT, user=<email>, ip=[::ffff:<ip>], headers=0, body=0, time=0 qmail-scanner: 1 <hostname> qmail-scanner: Clear:RC:0(<ip>):SA:0(-2.5/5.0): 1.737037 593 <email> <email> <message>) <434F6141.6090607 at mystery-land.net> 1129275696.5133-0.only4clans.com:17 orig-only4clans.com11292756967505131:593 spamd: 1 <hostname> spamd: spamd: clean message (-2.5/5.0) for qscand:1011 in 1.7 seconds, 593 bytes. 1 <hostname> spamd: spamd: result: . -2 - AWL,BAYES_00 Hopefully you know something for this All above are allmost the same.. :) (depends from what mail or what ever) paul Jamie L. Penman-Smithson schreef:>On Sat, 2005-10-15 at 09:31 +0200, Paul van der Holst wrote: > > >>My server runs all stuff, also a mailserver (qmail + vpopmail etc). When I >>receive the update thru mail, it is full with: >>- imaplogin (LOGIN/LOGOUT) >>- spamd >>- qmail-scanner >> >> > >Which log messages are not being ignored? > >-j > >
Jamie L. Penman-Smithson
2005-Oct-15 18:00 UTC
Bug#334042: [Logcheck-devel] Bug#334042: logcheck: wishlist 2 new options
On Sat, 2005-10-15 at 19:45 +0200, Paul van der Holst wrote:> I will add one of each below > proftpd:<snip> Can you provide the exact log messages as reported through syslog? It makes it a lot easier that way. If you feel the need, you can change the IP addresses to 127.0.0.1. -- -Jamie L. Penman-Smithson <jamie at silverdream.org> t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: oubliette.z at gmail.com -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051015/e9377865/attachment.pgp
Jamie L. Penman-Smithson
2005-Oct-21 15:21 UTC
Bug#334042: [Logcheck-devel] Bug#334042: logcheck: wishlist 2 new options
tags 334042 moreinfo thanks [Quoted from private reply, submitter requested that log messages were kept private.] On Sat, 2005-10-15 at 09:31 +0200, Paul van der Holst wrote:> My server runs all stuff, also a mailserver (qmail + vpopmail etc). When I > receive the update thru mail, it is full with: > - imaplogin (LOGIN/LOGOUT) > - spamd > - qmail-scanner > > that kinda stuff I don't need to see..These messages..> 183 only4clans CRON: (pam_unix) session closed for user root > 1 only4clans CRON: (pam_unix) session closed for user > logcheck<snip> ..are matched by rules in ignore.d.paranoid/cron: ../logcheck/rulefiles/linux/ignore.d.paranoid/cron:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ../logcheck/rulefiles/linux/ignore.d.paranoid/cron:^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$ These messages are from SA 3.1, they'll be ignored in the next release of logcheck (#335021):> only4clans spamd: spamd: connection from localhost [127.0.0.1] at port > 42461Your proftpd messages are also matched by rules in ignore.d.server/proftpd.> 1 only4clans proftpd: only4clans.com (192.168.1.1[192.168.1.1]) - > FTP session opened.<snip> What is your report level set to? Run ls -al /etc/logcheck and ls -al /etc/logcheck/ignore.d.server -j -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051021/da139f37/attachment.pgp
Debian Bug Tracking System
2005-Oct-21 15:33 UTC
Processed: Re: [Logcheck-devel] Bug#334042: logcheck: wishlist 2 new options
Processing commands for control at bugs.debian.org:> tags 334042 moreinfoBug#334042: logcheck: wishlist 2 new options There were no tags set. Tags added: moreinfo> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)