thr3ads.net - Logcheck devel - [Logcheck-devel] Bug#459876: ignore.d.server/krb5kdc: new file & new rules [Jan 2008]

If this information is useful, please help other people find it:
Share via:

Thomas Mueller

2008-Jan-09 08:55 UTC

[Logcheck-devel] Bug#459876: ignore.d.server/krb5kdc: new file & new rules

Package: logcheck-database
Version: 1.2.54
Severity: wishlist


I'm using krb5-kdc (krb5kdc daemon name). I'd like to have added my
rules for this daemon.

Sample syslog entries:
Jan  9 09:36:57 server krb5kdc[2705]: DISPATCH: repeated (retransmitted?)
request from 192.168.1.14, resending previous response
Jan  9 09:36:57 server krb5kdc[2705]: AS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.1.14: ISSUE: authtime 1199867817, etypes {rep=16 tkt=16 ses=16}, user at
KERBEROS.DOMAIN for krbtgt/KERBEROS.DOMAIN at KERBEROS.DOMAIN
Jan  9 09:36:57 server krb5kdc[2705]: TGS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.1.14: ISSUE: authtime 1199867817, etypes {rep=16 tkt=16 ses=16}, user at
KERBEROS.DOMAIN for nfs/web.elefantag.local at KERBEROS.DOMAIN
Jan  9 09:36:58 server krb5kdc[2705]: AS_REQ (3 etypes {18 17 16}) 192.168.1.14:
NEEDED_PREAUTH: user at KERBEROS.DOMAIN for krbtgt/KERBEROS.DOMAIN at
KERBEROS.DOMAIN, Additional pre-authentication required
Jan  9 09:36:58 server krb5kdc[2705]: AS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.1.14: ISSUE: authtime 1199867818, etypes {rep=16 tkt=16 ses=16},
nfs/host.domain.name at KERBEROS.DOMAIN for krbtgt/KERBEROS.DOMAIN at
KERBEROS.DOMAIN
Jan  9 09:36:58 server krb5kdc[2705]: TGS_REQ (7 etypes {18 17 16 23 1 3 2})
192.168.1.14: ISSUE: authtime 1199867818, etypes {rep=16 tkt=16 ses=16}, user at
KERBEROS.DOMAIN for HTTP/web.elefantag.local at KERBEROS.DOMAIN
Jan  9 09:36:58 server krb5kdc[2705]: AS_REQ (1 etypes {13}) 192.168.1.14:
NEEDED_PREAUTH: user at KERBEROS.DOMAIN for krbtgt/KERBEROS.DOMAIN at
KERBEROS.DOMAIN, Additional pre-authentication required

New rules for new file ignore.d.server/krb5kdc:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ krb5kdc\[[0-9]+\]: (AS|TGS)_REQ \([0-9]+
etypes {[0-9\ ]+}\) [0-9\.]{7,15}: ISSUE: authtime [0-9]+, etypes {rep=[0-9]+
tkt=[0-9]+ ses=[0-9]+}, [[:alnum:]@/\._\-]+ for [[:alnum:]@/\._\-]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ krb5kdc\[[0-9]+\]: (AS|TGS)_REQ \([0-9]+
etypes {[0-9\ ]+}\) [0-9\.]{7,15}: NEEDED_PREAUTH: [[:alnum:]@/\._\-]+ for
[[:alnum:]@/\._\-]+, Additional pre-authentication required
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ krb5kdc\[[0-9]+\]: DISPATCH: repeated
\(retransmitted\?\) request from [0-9\.]{7,16}, resending previous response$

- Thomas


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable'), (100, 'testing')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.22-3-amd64
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]        1.5.11etch1 Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information excluded

Debian Bug Tracking System

2008-Jul-07 18:30 UTC

head link

[Logcheck-devel] Bug#459876: marked as done (ignore.d.server/krb5kdc: new file & new rules)

Your message dated Mon, 7 Jul 2008 20:28:28 +0200
with message-id <20080707182828.GA15864 at edna.gwendoline.at>
and subject line Re: Bug#459876: ignore.d.server/krb5kdc: new file & new
rules
has caused the Debian Bug report #459876,
regarding ignore.d.server/krb5kdc: new file & new rules
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
459876: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=459876
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Thomas Mueller <thomas at chaschperli.ch>
Subject: ignore.d.server/krb5kdc: new file & new rules
Date: Wed, 09 Jan 2008 09:55:22 +0100
Size: 4328
Url:
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20080707/835f2a17/attachment.eml
-------------- next part --------------
An embedded message was scrubbed...
From: Gerfried Fuchs <rhonda at deb.at>
Subject: Re: Bug#459876: ignore.d.server/krb5kdc: new file & new rules
Date: Mon, 7 Jul 2008 20:28:28 +0200
Size: 2372
Url:
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20080707/835f2a17/attachment-0001.eml

Logcheck devel - Jan 2008 - Bug#459876: ignore.d.server/krb5kdc: new file & new rules

[Logcheck-devel] Bug#459876: ignore.d.server/krb5kdc: new file & new rules

[Logcheck-devel] Bug#459876: marked as done (ignore.d.server/krb5kdc: new file & new rules)