Stefan Tomanek
2008-Sep-17 19:44 UTC
[Logcheck-devel] Bug#499323: logcheck-database: Logcheck fails to ignore certain OpenVPN messages
Package: logcheck-database
Version: 1.2.54
Severity: normal
Tags: patch
Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch
fixes several regular expressions:
* OpenVPN does not print the full path to ifconfig or route (at least here)
* The interface name can also contain dots and does not always start with
"tun"
* The startup messages now gets suppressed as well
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-xen-vserver-amd64
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.11etch2 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/conffile-cleanup: false
-------------- next part --------------
12c12
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: Preserving previous TUN/TAP instance:
[[:alnum:]-]+$
---> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: Preserving previous TUN/TAP instance:
[[:alnum:].-]+$
34c34
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: /sbin/route del -net
[.[:digit:]]{7,15} netmask [.[:digit:]]{7,15}$
---> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (/sbin/)?route del -net
[.[:digit:]]{7,15} netmask [.[:digit:]]{7,15}$
39c39
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: /sbin/ifconfig tun[[:digit:]]+
[.[:digit:]]{7,15} pointopoint [.[:digit:]]{7,15} mtu [[:digit:]]+$
---> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (/sbin/)?ifconfig [-._[:alnum:]]+
[.[:digit:]]{7,15} pointopoint [.[:digit:]]{7,15} mtu [[:digit:]]+$
53a54> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
(openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: OpenVPN [[:digit:].]+ [[:alnum:]_-]+
(\[[A-Z]+\] )*built on [[:alpha:]]{3} [[:digit:]]{2} [[:digit:]]{4}$
Frédéric Brière
2009-Aug-18 19:24 UTC
[Logcheck-devel] Bug#499323: logcheck-database: Logcheck fails to ignore certain OpenVPN messages
On Wed, Sep 17, 2008 at 09:44:29PM +0200, Stefan Tomanek wrote:> * OpenVPN does not print the full path to ifconfig or route (at least here)That was due to a defective build (2.1~rc9-1). I'm surprised that you got a log message out of it, since people reported that the invocation of ifconfig/route simply failed. Well, no harm in updating that rule anyway.> * The interface name can also contain dotsAdded.> and does not always start with "tun"That part has already been removed in 1.3.0 (e5fe781).> * The startup messages now gets suppressed as wellThe policy is not to filter startup/shutdown messages, unless there's a strong justification for it. On Thu, Sep 18, 2008 at 10:22:28PM +0200, Stefan Tomanek wrote:> I've created some additional regular expressions for use with > logcheck and openVPN; The existing ones do not expect OpenVPN to > log the clients name and address, which these do:Most of these have been part of logcheck-database for years, with the exception of:> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?TLS: Username/Password authentication succeeded for username '\w+' (\[CN SET\])?$I've therefore added this one. -- < DanielS> still, throne of blood sounds like a movie about overfiend and virgins or some crap -- in #debian-devel
Debian Bug Tracking System
2009-Dec-10 19:21 UTC
[Logcheck-devel] Bug#499323: marked as done (logcheck-database: Logcheck fails to ignore certain OpenVPN messages)
Your message dated Thu, 10 Dec 2009 19:19:22 +0000 with message-id <E1NIoXq-0000MD-M4 at ries.debian.org> and subject line Bug#499323: fixed in logcheck 1.3.4 has caused the Debian Bug report #499323, regarding logcheck-database: Logcheck fails to ignore certain OpenVPN messages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 499323: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499323 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Stefan Tomanek <stefan at pico.ruhr.de> Subject: logcheck-database: Logcheck fails to ignore certain OpenVPN messages Date: Wed, 17 Sep 2008 21:44:29 +0200 Size: 4323 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20091210/2e869b3f/attachment-0002.eml> -------------- next part -------------- An embedded message was scrubbed... From: Gerfried Fuchs <rhonda at debian.at> Subject: Bug#499323: fixed in logcheck 1.3.4 Date: Thu, 10 Dec 2009 19:19:22 +0000 Size: 8647 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20091210/2e869b3f/attachment-0003.eml>
Apparently Analagous Threads
- Bug#368313: logcheck-database: new postfix violations ignore rule
- Bug#276317: logcheck-database: Namechange for ISC in /etc/logcheck/ignore.d.server/dhcp
- Bug#277636: logcheck-database: support for dnsmasq
- Bug#532719: logcheck-database: filter pam_env complaining about missing /etc/default/locale
- Bug#302744: logcheck-database: postfix rules