CAiRO
2007-Mar-04 14:31 UTC
[Logcheck-devel] Bug#413364: logcheck ignores cron rules for "session closed" and "session opened"
Package: logcheck Version: 1.2.54 Severity: normal In the file ignore.d.paranoid/cron there are the rules ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$ to ignore lines like 10:17:01 at 04-03-2007 tooar CRON[6356]: (pam_unix) session opened for user root by (uid=0) 10:17:01 at 04-03-2007 tooar CRON[6356]: (pam_unix) session closed for user root but I still get emails from logcheck with those lines. I've tried to test the rules by doing egrep -v -f ignore.d.paranoid/cron /var/log/messages |grep session which correctly shows those "session opened" and "session closed" lines. So I don't know why logcheck still sends me emails with those lines. This looks like a bug to me. -- System Information: Debian Release: 4.0 Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16tooar3 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages logcheck depends on: ii adduser 3.102 Add and remove users and groups ii cron 3.0pl1-100 management of regular background p ii debconf 1.5.11 Debian configuration management sy ii grep 2.5.1.ds2-6 GNU grep, egrep and fgrep ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logtail 1.2.54 Print log file lines that have not ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent ii postfix [mail-tr 2.3.7-3 A high-performance mail transport ii syslog-ng [syste 2.0.0-1 Next generation logging daemon Versions of packages logcheck recommends: ii logcheck-database 1.2.54 database of system log rules for t -- debconf information: * logcheck/install-note: logcheck/changes:
Maybe Matching Threads
- Bug#428428: patch for cron ignore rule
- Bug#260573: logcheck: ignore.d.paranoid/cron and ignore.d.server/cron swapped
- Bug#330220: Permissions of /var/lock/logcheck not conducive to logcheck user writing to it
- Bug#425967: logcheck-database: The patterns for courier-imap-ssl do not match imap, only imap-ssl
- Bug#346350: logcheck-database: dhcp3-server ignores need to include (none ) client host name