Frédéric Brière
2007-Sep-26 03:49 UTC
[Logcheck-devel] Bug#444100: /etc/logcheck/ignore.d.server/telnetd: "connect from $X" and "ttloop: peer died: EOF"
Package: logcheck
Version: 1.2.62
Severity: wishlist
Yeah, I know, I'm the only person left who's foolish enough to run
telnetd. <g> But just in case there's someone else out there, here
are
two rules to weed out the boring stuff:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.telnetd\[[[:digit:]]+\]: connect from
[._[:alnum:]-]+ \([:[:xdigit:].]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ telnetd\[[[:digit:]]+\]: ttloop: peer died:
EOF$
(Actually, I use telnetd-ssl, but their log messages appear identical.)
The second rule occurs whenever someone connects and hangs up
afterwards, which people apparently love to do. (Maybe they're confused
by the attempt at a SSL handshake.)
BTW, a similar version of that second rule appears in ignore.d.paranoid.
It shouldn't match anything anymore if my look at telnetd's source is
correct, and I'm kind of puzzled as to what it's doing there in the
first place. Just thought you might want to know.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core)
Locale: LANG=en_CA.utf-8, LC_CTYPE=en_CA.utf-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages logcheck depends on:
ii adduser 3.105 add and remove users and groups
ii cron 3.0pl1-100 management of regular background p
ii lockfile-progs 0.1.11 Programs for locking and unlocking
ii logtail 1.2.62 Print log file lines that have not
ii mailx 1:8.1.2-0.20070424cvs-1 A simple mail user agent
ii postfix [mail-tr 2.4.5-4 High-performance mail transport ag
ii sysklogd [system 1.5-1 System Logging Daemon
Versions of packages logcheck recommends:
ii logcheck-database 1.2.62 database of system log rules for t
-- no debconf information
Debian Bug Tracking System
2008-Jun-03 22:54 UTC
[Logcheck-devel] Bug#444100: marked as done (/etc/logcheck/ignore.d.server/telnetd: "connect from $X" and "ttloop: peer died: EOF")
Your message dated Tue, 03 Jun 2008 22:47:04 +0000 with message-id <E1K3fHU-0000MF-Cu at ries.debian.org> and subject line Bug#444100: fixed in logcheck 1.2.64 has caused the Debian Bug report #444100, regarding /etc/logcheck/ignore.d.server/telnetd: "connect from $X" and "ttloop: peer died: EOF" to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 444100: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=444100 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: =?utf-8?b?RnLDqWTDqXJpYyBCcmnDqHJl?= <fbriere at fbriere.net> Subject: /etc/logcheck/ignore.d.server/telnetd: "connect from $X" and "ttloop: peer died: EOF" Date: Tue, 25 Sep 2007 23:49:44 -0400 Size: 3430 Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20080603/865b53ba/attachment.eml -------------- next part -------------- An embedded message was scrubbed... From: maximilian attems <maks at debian.org> Subject: Bug#444100: fixed in logcheck 1.2.64 Date: Tue, 03 Jun 2008 22:47:04 +0000 Size: 9508 Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20080603/865b53ba/attachment-0001.eml