thr3ads.net - Logcheck devel - [Logcheck-devel] Bug#428429: patch for stunnel rules [Jun 2007]

If this information is useful, please help other people find it:
Share via:

Jason Martens

2007-Jun-11 16:33 UTC

[Logcheck-devel] Bug#428429: patch for stunnel rules

Package: logcheck
Version: 1.2.54
Severity: normal
Tags: patch

On my system, there is no pid after stunnel in the syslog.  Attached is
a patch to make the pid optional, and add a rule to ignore ldaps
connections.

hostname:/etc/logcheck/ignore.d.server# diff stunnel stunnel.old
1,9c1,9
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: SSL_read .*:
Connection reset by peer$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: .* connected from
.*$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: VERIFY OK:
depth=[0-9]+, .*$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: Received signal
15; terminating$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: stunnel [0-9.]+ on
i386-pc-linux-gnu PTHREAD\+POLL\+IPv6\+LIBWRAP with OpenSSL [0-9a-z.]+ [0-9]{2}
\w{3} [0-9]{4}$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: [0-9]+ clients
allowed$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: SSL_accept: Peer
suddenly disconnected$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: *Connection
closed*$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?:
LOG5\[[0-9]+.*:[0-9]+\]: ldaps connected from
[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:[0-9]+.*$
---> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: SSL_read .*:
Connection reset by peer$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: .* connected from .*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: VERIFY OK:
depth=[0-9]+, .*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: Received signal 15;
terminating$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: stunnel [0-9.]+ on
i386-pc-linux-gnu PTHREAD\+POLL\+IPv6\+LIBWRAP with OpenSSL [0-9a-z.]+ [0-9]{2}
\w{3} [0-9]{4}$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: [0-9]+ clients
allowed$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: SSL_accept: Peer
suddenly disconnected$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]:
LOG5\[[:alnum:].*:[:alnum:]\]: ldaps connected from
...\....\....\....:[:alnum:].*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: *Connection closed*$

Logcheck devel - Jun 2007 - Bug#428429: patch for stunnel rules

[Logcheck-devel] Bug#428429: patch for stunnel rules