similar to: Bug#222240: Ask for frequency during install (logcheck)

Package: logcheck Version: 1.2.20a Severity: serious Tags: patch On a system where sh points to dash and LANG=es_ES, I get this: # apt-get -y --reinstall install logcheck Leyendo lista de paquetes... 0% Leyendo lista de paquetes... 0% Leyendo lista de paquetes... 23% Leyendo lista de paquetes... Hecho Creando ?rbol de dependencias... 0% Creando ?rbol de dependencias... 0% Creando ?rbol de

Package: logcheck Version: 1.2.20a Severity: important Since logcheck changed to run as user logcheck, the error mails of the cron daemon end up in /var/mail/logcheck where nobody reads them. Mails for logcheck should be aliased to root like all the other mails of system accounts. I was searching for a long time what was wrong with my logcheck not delivering any mails. The lock directory was

Package: logcheck Version: 1.2.20a Severity: normal Followup-For: Bug #247360 I can't find NEWS.Debian in the package. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.5 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R Versions of packages logcheck depends on: ii adduser

Package: logcheck Version: 1.2.39 Severity: normal Since I've upgraded my servers to sarge, I'm getting mail every hour for stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns out that sarge's version no longer reads that file. If this was a conscious decision, then there should be some warning about this when upgrading (via debconf of NEWS.Debian). Also, the

Package: logcheck-database Version: 1.2.33 Severity: normal I just installed 1.2.33, and it made my rules dirs setuid, not setgid... - Marc -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (900, 'testing'), (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-k7 Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) Versions of

Package: logcheck Version: 1.2.26 Severity: wishlist Please add ignore for Spamassasin's "check" messages like: Aug 16 19:27:54 ns spamd[23853]: checking message <20040816150710.86ADA708A8 at smtp-out.hotpop.com> for nobody:65534. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.26.20040601 Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL

Package: logcheck-database Version: 1.2.34 Severity: minor I have parallel port attached printer and kernel reports whenever printer is out of paper: Mar 6 12:38:50 host kernel: lp0 out of paper However, this is not a situation that should be reported by default (IMHO) by logcheck sending report email. Thus I propose adding following line to ignore.d.workstation/logcheck (possibly to .server

Package: logcheck-database Version: 1.2.26 Severity: normal Hi, the file courier contains the line: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection shutdown\.$ This triggers the security logcheck section because of the word "shutdown". Quick fix is to move or duplicate this line to violations.ignore.d/logcheck-courier. BTW: It looks like the courier package

Package: logcheck-database Version: 1.2.28 Severity: normal Hi, the Internet Software Consortium changed the name to Internet Systems Consortium. For a fix for the logcheck rules see the attachment. -- System Information: Debian Release: 3.0 APT prefers testing APT policy: (600, 'testing'), (100, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel:

Package: logcheck-database Version: 1.2.28 Severity: wishlist Could you add support for dnsmasq for the server profile? This is the standard dnsmasq output. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: read /etc/hosts - [[:digit:]]+ addresses$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: reading /etc/resolv.conf$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck-database Version: 1.2.35 Severity: minor logcheck-database contain postgrey ignore file, but postgrey first attempt is listed in logcheck report $ dpkg -l postgrey ii postgrey 1.18-1 -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.29-C3EZRA Locale: LANG=it_IT,

Package: logcheck-database Version: 1.2.37 Severity: normal Hello again, openntpd gives messages like these failry often: Apr 7 14:25:55 terminus ntpd[673]: peer 204.17.42.202 now invalid Apr 7 14:26:10 terminus ntpd[673]: peer 204.17.42.202 now valid I am not sure if this is something that an admin may find relevant but they happen fairly often and they do not offer a lot of info for me.

Package: logcheck-database Version: 1.2.36 Severity: wishlist Hello, I recently blew away my old logcheck-databse and lost a number of changes that i had made to postfix entries. The default database for postfix reports the following errors that do not seem to be important... Apr 2 13:00:19 terminus postfix/local[29516]: 574B9B3B9F: to=<doug at localhost>, relay=local, delay=13,

Package: logcheck Version: 1.2.32 Severity: wishlist /etc/cron.daily/sysklogd restarts syslogd at the end of the script. This causes a daily log message, currently missed by logcheck: Jan 14 06:55:22 pyloric syslogd 1.4.1#16: restart (remote reception). I'm currently using this regex in ignore.server.d/local-syslogd: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd 1\.4\.1#16: restart \(remote

Package: logcheck Version: 1.2.34 Severity: normal the ignore.d.server pattern for courier 'imaplogin: DISCONNECTED' does not match the following line: Feb 12 16:19:47 backup imaplogin: DISCONNECTED, user=example at example.com, ip=[::ffff:111.111.111.111], headers=14013, body=0, time=1 This line should be ignored like the other DISCONNECTED messages. Or am I wrong? -- System

Package: logcheck Version: 1.2.32 Severity: minor "Ghandi" should be "Gandhi" in README.how.to.interpret, assuming that you mean the Indian freedom fighter M.K. Gandhi a.k.a. Mahatma Gandhi. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.7 Locale: LANG=C, LC_CTYPE=C

Package: logcheck Version: 1.2.32 Severity: normal It seems when someone runs a sudo command on my system, logcheck misses it. The second line of /etc/logcheck/violations.d/sudo matches them, but the /etc/logcheck/violations.ignore.d/logcheck-sudo kills them. Furthermore, when users run commands like '$ sudo rm *' in a directory with lots of files, we reports with lines like: Jan 13

Package: logcheck Version: 1.2.34 Severity: wishlist I have a couple of home-made logcheck ignore files, and happened to have one unescaped (and unmatched) `(' in one of the filter lines. Because of this, cron sent a mail with the body "grep: Invalid regular expression" - the subject is the command in the "2 * * * *" line in /etc/cron.d/logcheck, of course. It would be

Package: logcheck-database Version: 1.2.40 Severity: wishlist Hi, Please duplicate the imap-login related lines and change them to filter out the equivalent messages emitted by pop3-login. regards Andrew -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel:

Package: logcheck-database Version: 1.2.39 Severity: wishlist These are the subject of an am-utils FAQ <URL:http://www.am-utils.org/docs/am-utils/FAQ.txt> and would be useful in the ignored list. Note that it's either `newer' or `older'. Jun 14 14:32:25 albion kernel: nfs warning: mount version newer than kernel Jun 14 14:37:54 dlsy kernel: nfs warning: mount version older