Ingo Theiss
2005-Dec-13 19:31 UTC
[Logcheck-devel] Bug#343226: logcheck: Wrong 'Connection from' pattern in ignore.d.server
Package: logcheck Version: 1.2.42 Severity: normal logcheck reports lots (and I mean lots) of messages from snmpd in the following format: Dec 13 16:05:07 example snmpd[571]: Connection from UDP: [xxx.xxx.xxx.xxx]:33164 inside ignore.d.server I found a rule that should in my opinion match those lines but the provided above is slightly different. please update the pattern in ignore.d.server to match the line above. regards, Ingo -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (990, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.26 Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck depends on: ii adduser 3.80 Add and remove users and groups ii cron 3.0pl1-92 management of regular background p ii debconf [debconf 1.4.59 Debian configuration management sy ii debianutils 2.15.1 Miscellaneous utilities specific t ii exim4-daemon-hea 4.60-1 exim MTA (v4) daemon with extended ii grep 2.5.1.ds2-4 GNU grep, egrep and fgrep ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.42 database of system log rules for t ii logtail 1.2.42 Print log file lines that have not ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii sysklogd [system 1.4.1-17 System Logging Daemon logcheck recommends no packages. -- debconf information: logcheck/changes: * logcheck/install-note:
Jamie L. Penman-Smithson
2006-Feb-13 00:38 UTC
Bug#343226: [Logcheck-devel] Bug#343226: logcheck: Wrong 'Connection from' pattern in ignore.d.server
retitle 343226 logcheck: Wrong 'Connection from' pattern in snmpd rules severity 337916 normal reassign 343226 logcheck-database merge 337916 343226 thanks On 13 Dec 2005, at 19:31, Ingo Theiss wrote:> logcheck reports lots (and I mean lots) of messages from snmpd in the > following format: > > Dec 13 16:05:07 example snmpd[571]: Connection from UDP: > [xxx.xxx.xxx.xxx]:33164 > > inside ignore.d.server I found a rule that should in my opinion match > those lines but the provided above is slightly different. > > please update the pattern in ignore.d.server to match the line above.I believe this is the same issue as #337916, the following rules have already been changed in CVS and will be included in the next release, due in the next week or two: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from [. 0-9]{7,15}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from UDP: \[[.0-9]{7,15}\]:[0-9]{4,5}$ Thanks, -- -Jamie L. Penman-Smithson <jamie at silverdream.org> t: +44 1273 424795; f: +44 1273 424795 PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8 never send mail to: oubliette.z at gmail.com -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 186 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060213/72e61356/attachment.pgp