CAiRO
2007-Mar-04 14:31 UTC
[Logcheck-devel] Bug#413364: logcheck ignores cron rules for "session closed" and "session opened"
Package: logcheck
Version: 1.2.54
Severity: normal
In the file ignore.d.paranoid/cron there are the rules
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session
opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session
closed for user [[:alnum:]-]+$
to ignore lines like
10:17:01 at 04-03-2007 tooar CRON[6356]: (pam_unix) session opened for user root
by (uid=0)
10:17:01 at 04-03-2007 tooar CRON[6356]: (pam_unix) session closed for user root
but I still get emails from logcheck with those lines.
I've tried to test the rules by doing
egrep -v -f ignore.d.paranoid/cron /var/log/messages |grep session
which correctly shows those "session opened" and "session
closed" lines. So I don't know why logcheck still sends me emails with
those lines. This looks like a bug to me.
-- System Information:
Debian Release: 4.0
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16tooar3
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages logcheck depends on:
ii adduser 3.102 Add and remove users and groups
ii cron 3.0pl1-100 management of regular background p
ii debconf 1.5.11 Debian configuration management sy
ii grep 2.5.1.ds2-6 GNU grep, egrep and fgrep
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logtail 1.2.54 Print log file lines that have not
ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii postfix [mail-tr 2.3.7-3 A high-performance mail transport
ii syslog-ng [syste 2.0.0-1 Next generation logging daemon
Versions of packages logcheck recommends:
ii logcheck-database 1.2.54 database of system log rules for t
-- debconf information:
* logcheck/install-note:
logcheck/changes:
Maybe Matching Threads
- Bug#428428: patch for cron ignore rule
- Bug#260573: logcheck: ignore.d.paranoid/cron and ignore.d.server/cron swapped
- Bug#330220: Permissions of /var/lock/logcheck not conducive to logcheck user writing to it
- Bug#425967: logcheck-database: The patterns for courier-imap-ssl do not match imap, only imap-ssl
- Bug#346350: logcheck-database: dhcp3-server ignores need to include (none ) client host name
Wisdom of the Ancients
