Logcheck devel - Dec 2005 - Bug#343226: logcheck: Wrong 'Connection from' pattern in ignore.d.server

Package: logcheck
Version: 1.2.42
Severity: normal

logcheck reports lots (and I mean lots) of messages from snmpd in the
following format:

Dec 13 16:05:07 example snmpd[571]: Connection from UDP:
[xxx.xxx.xxx.xxx]:33164

inside ignore.d.server I found a rule that should in my opinion match
those lines but the provided above is slightly different.

please update the pattern in ignore.d.server to match the line above.

regards,

Ingo

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.26
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages logcheck depends on:
ii  adduser          3.80                    Add and remove users and groups
ii  cron             3.0pl1-92               management of regular background p
ii  debconf [debconf 1.4.59                  Debian configuration management sy
ii  debianutils      2.15.1                  Miscellaneous utilities specific t
ii  exim4-daemon-hea 4.60-1                  exim MTA (v4) daemon with extended
ii  grep             2.5.1.ds2-4             GNU grep, egrep and fgrep
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logcheck-databas 1.2.42                  database of system log rules for t
ii  logtail          1.2.42                  Print log file lines that have not
ii  mailx            1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii  sysklogd [system 1.4.1-17                System Logging Daemon

logcheck recommends no packages.

-- debconf information:
  logcheck/changes:
* logcheck/install-note:

retitle 343226 logcheck: Wrong 'Connection from' pattern in snmpd rules
severity 337916 normal
reassign 343226 logcheck-database
merge 337916 343226
thanks

On 13 Dec 2005, at 19:31, Ingo Theiss wrote:
> logcheck reports lots (and I mean lots) of messages from snmpd in the
> following format:
>
> Dec 13 16:05:07 example snmpd[571]: Connection from UDP:
> [xxx.xxx.xxx.xxx]:33164
>
> inside ignore.d.server I found a rule that should in my opinion match
> those lines but the provided above is slightly different.
>
> please update the pattern in ignore.d.server to match the line above.
I believe this is the same issue as #337916, the following rules have  
already been changed in CVS and will be included in the next release,  
due in the next week or two:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from [. 
0-9]{7,15}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from  
UDP: \[[.0-9]{7,15}\]:[0-9]{4,5}$

Thanks,

-- 
-Jamie L. Penman-Smithson <jamie at silverdream.org>
  t: +44 1273 424795; f: +44 1273 424795
  PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
  never send mail to: oubliette.z at gmail.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060213/72e61356/attachment.pgp