Raphael Manfredi
2009-Sep-16 12:12 UTC
[Logcheck-devel] Bug#546908: logcheck: Since upgrade to latest, some patterns are no longer filtered
Package: logcheck Version: 1.3.3 Severity: normal After upgrading to the latest logcheck, I've noticed that some local rules I have written no longer filter out the logs properly. I've been able to correlate the non-matching to the presence of the '/' (slash) character or '[' (left bracket) in the string that the ".*" pattern ought to match. For instance, I have this rule in violations.ignore.d/local: sm-mta.* nobody at .*.ram.loc .* did not issue MAIL.* during connection But I still have this line show up in the "System Events" section: Sep 16 11:27:19 tours sm-mta[5597]: n8G9RJLe005597: nobody at tours.ram.loc [192.168.0.4] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA Putting that line in a file and using the pattern above with egrep triggers a match. Is this due to a locale problem maybe? It used to work fine with an earlier version of logcheck (1.2.6, IIRC). -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.30.6 Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages logcheck depends on: ii adduser 3.110 add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logtail 1.3.3 Print log file lines that have not ii mailx 1:8.1.2-0.20020411cvs-1 A simple mail user agent. ii sendmail-bin [ma 8.14.3-1 powerful, efficient, and scalable ii sysklogd [system 1.5-1 System Logging Daemon Versions of packages logcheck recommends: ii logcheck-database 1.3.3 database of system log rules for t Versions of packages logcheck suggests: ii syslog-summary 1.12-0.1 Summarize the contents of a syslog -- no debconf information
Debian Bug Tracking System
2009-Sep-17 17:15 UTC
[Logcheck-devel] Bug#546908: marked as done (logcheck: Since upgrade to latest, some patterns are no longer filtered)
Your message dated Thu, 17 Sep 2009 19:08:59 +0200 with message-id <17916.1253207339 at nice.ram.loc> and subject line Found the root cause has caused the Debian Bug report #546908, regarding logcheck: Since upgrade to latest, some patterns are no longer filtered to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 546908: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546908 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Raphael Manfredi <Raphael_Manfredi at pobox.com> Subject: logcheck: Since upgrade to latest, some patterns are no longer filtered Date: Wed, 16 Sep 2009 14:12:35 +0200 Size: 4244 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20090917/80c13b95/attachment.eml> -------------- next part -------------- An embedded message was scrubbed... From: Raphael Manfredi <Raphael_Manfredi at pobox.com> Subject: Found the root cause Date: Thu, 17 Sep 2009 19:08:59 +0200 Size: 2466 URL: <http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20090917/80c13b95/attachment-0001.eml>
Possibly Parallel Threads
- Bug#252597: logcheck: user logchecks mails should be delivered to root
- Bug#477932: logcheck-database: bind with views - messages not filtered
- Bug#425967: logcheck-database: The patterns for courier-imap-ssl do not match imap, only imap-ssl
- Bug#609649: cron-apt: Insufficient logcheck patterns
- Bug#429384: logcheck: Logcheck depends on mktemp