similar to: Bug#269315: logcheck: /etc/logcheck/ignore.d.server (add bind9 messages)

Package: logcheck Version: 1.2.26 Severity: wishlist Please add ignore for Spamassasin's "check" messages like: Aug 16 19:27:54 ns spamd[23853]: checking message <20040816150710.86ADA708A8 at smtp-out.hotpop.com> for nobody:65534. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.26.20040601 Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL

Package: logcheck wanted to work on #195935, but found a less than funny issue, easy to reproduce: * remove some lines in front of your logfile * invoke logcheck you'll get a big email with all not matching lines from that log. not setting that to high priority because you are getting also the newer loglines. don't know if i find time that weekend. wanted to document it anyways. a++

Package: logcheck Version: 1.2.23 Severity: normal Hello, I have: # /bin/cat ignore.d.server/cron ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST \([[:alnum:]-]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) REPLACE \([[:alnum:]-]+\)$ and: # /bin/cat ignore.d.paranoid/cron ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck Version: 1.2.39 Severity: normal Since I've upgraded my servers to sarge, I'm getting mail every hour for stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns out that sarge's version no longer reads that file. If this was a conscious decision, then there should be some warning about this when upgrading (via debconf of NEWS.Debian). Also, the

Package: logcheck-database Version: 1.2.37 Severity: normal Hello again, openntpd gives messages like these failry often: Apr 7 14:25:55 terminus ntpd[673]: peer 204.17.42.202 now invalid Apr 7 14:26:10 terminus ntpd[673]: peer 204.17.42.202 now valid I am not sure if this is something that an admin may find relevant but they happen fairly often and they do not offer a lot of info for me.

Package: logcheck-database Version: 1.2.40 Severity: wishlist Hi, Please duplicate the imap-login related lines and change them to filter out the equivalent messages emitted by pop3-login. regards Andrew -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel:

Package: logcheck Version: 1.2.35 Severity: minor Manual page reads: SYNOPSIS logcheck [TIONS] Perhaps it was intended to read: SYNOPSIS logcheck [OPTIONS] -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked

Package: logcheck Version: 1.2.20a Severity: serious Tags: patch On a system where sh points to dash and LANG=es_ES, I get this: # apt-get -y --reinstall install logcheck Leyendo lista de paquetes... 0% Leyendo lista de paquetes... 0% Leyendo lista de paquetes... 23% Leyendo lista de paquetes... Hecho Creando ?rbol de dependencias... 0% Creando ?rbol de dependencias... 0% Creando ?rbol de

Package: logcheck-database Version: 1.2.23 Severity: minor Hi, a couple of minor corrections to the dhcp rule sets: First of all, the hostname matching parts need to include the "._-" signs (maybe . is not needed but it might be). Then when using failover, log lines of type DHCPDISCOVER and DHCPREQUEST may be entailed by the string ": load balance to peer <somestring>".

Package: logcheck-database Version: 1.2.25 Severity: normal postfix/smtpd\[[0-9]+\]: lost connection after (CONNECT|DATA|RCPT|RSET|EHLO|HELO|MAIL) from Please include the above line in the ignore.d/server/postfix file. That catches messages that occur very often on busy Postfix servers. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable')

Package: logcheck-database Version: 1.2.26 Severity: normal Hi, the file courier contains the line: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection shutdown\.$ This triggers the security logcheck section because of the word "shutdown". Quick fix is to move or duplicate this line to violations.ignore.d/logcheck-courier. BTW: It looks like the courier package

Package: logcheck-database Version: 1.2.28 Severity: wishlist Could you add support for dnsmasq for the server profile? This is the standard dnsmasq output. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: read /etc/hosts - [[:digit:]]+ addresses$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: reading /etc/resolv.conf$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck-database Version: 1.2.28 Severity: normal Hi, the Internet Software Consortium changed the name to Internet Systems Consortium. For a fix for the logcheck rules see the attachment. -- System Information: Debian Release: 3.0 APT prefers testing APT policy: (600, 'testing'), (100, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel:

Package: logcheck Version: 1.1.1-13.1woody1 Severity: important logcheck line 56 uses "TMPDIR=$(mktemp -d -p ..." but mktemp from woody doesn't accept -p option Cheers, Chris -- System Information Debian Release: 3.0 Kernel Version: Linux ethlife-a 2.4.26-vs1.27 #4 SMP Mit Apr 28 15:20:15 MEST 2004 i686 unknown Versions of the packages logcheck depends on: ii cron

Package: logcheck Version: 1.2.20a Severity: important Since logcheck changed to run as user logcheck, the error mails of the cron daemon end up in /var/mail/logcheck where nobody reads them. Mails for logcheck should be aliased to root like all the other mails of system accounts. I was searching for a long time what was wrong with my logcheck not delivering any mails. The lock directory was

Package: logcheck-database Version: 1.2.31 Severity: wishlist The following is reported by logcheck when inserting a USB joystick for the first time (workstation), none of which (I assume) I need to be informed of. Nov 21 17:50:08 localhost kernel: ohci_hcd 0000:00:01.2: wakeup Nov 21 17:50:08 localhost kernel: usb 1-1: new low speed USB device using address 2 Nov 21 17:50:10 localhost kernel:

package: logcheck-database version: 1.2.23 severity: wishlist The current regexp's for postfix/lmtp.. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]: to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>, relay=[^[:space:]]+\], delay=[0-9]+ status=sent \(250 2\.1\.5 Ok\)$ ..doesn't catch these messages: Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B:

Package: logcheck Version: 1.2.22a Severity: wishlist There is no support for imapproxy, and it would be a great help if it was added. Following are two sample lines from the syslog: Jun 11 09:36:55 MyHost in.imapproxyd[30845]: LOGOUT: '"MyUser"' from server sd [13] Jun 11 09:37:02 MyHost in.imapproxyd[30846]: LOGIN: '"MyUser"' (xxx.xxx.xxx.xx:yyyyy) on

Package: logcheck Version: 1.2.32 Severity: important In postinst logcheck "fixes" permissions of /etc/logcheck/* to 750. In my (and others on #d-d) opinion ownership and permissions should be preserved upon package upgrades. Logcheck must not screw with my decision to make them world readable every time it configures. -- Peter

Package: logcheck Version: 1.2.27 Severity: wishlist hello, in ignore.d.server/oidentd you have: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \ [._[:alnum:]-]+ \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$ anyway, some oidentd logs don't have a hostname: oidentd[34562]: Connection from 241.145.24.135:2353 therefore you have to add: ^\w{3} [