Displaying 20 results from an estimated 2000 matches similar to: "Bug#290195: violations.d/sudo and violations.ignore.d/logcheck-sudo missing sudo log entries"
2005 Jan 09
2
Bug#289529: logcheck: "Ghandi" should be "Gandhi" in README.how.to.interpret
Package: logcheck
Version: 1.2.32
Severity: minor
"Ghandi" should be "Gandhi" in README.how.to.interpret, assuming that
you mean the Indian freedom fighter M.K. Gandhi a.k.a. Mahatma Gandhi.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.7
Locale: LANG=C, LC_CTYPE=C
2005 Jan 14
3
Bug#290511: logcheck: syslogd restart in cron.daily/sysklogd causes a log message
Package: logcheck
Version: 1.2.32
Severity: wishlist
/etc/cron.daily/sysklogd restarts syslogd at the end of the script.
This causes a daily log message, currently missed by logcheck:
Jan 14 06:55:22 pyloric syslogd 1.4.1#16: restart (remote reception).
I'm currently using this regex in ignore.server.d/local-syslogd:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd 1\.4\.1#16: restart \(remote
2005 Jan 20
2
Bug#291395: logcheck-database: Rules dirs are setuid, they should be setgid
Package: logcheck-database
Version: 1.2.33
Severity: normal
I just installed 1.2.33, and it made my rules dirs setuid, not setgid...
- Marc
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (900, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-k7
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)
Versions of
2005 Jan 11
2
Bug#289801: Logtail should output error messages to stderr, not stdout
Package: logtail
Version: 1.2.33
Severity: normal
Hi...
Logtail should not output error messages to standard output, since this
violates the principle of least surprise.
In particular, my application was broken by the semantics of logtail changing
in version 1.2.21 (when you added switches for the default arguments to
logtail). I think this was a bad move -- you broke an interface used by
2005 Apr 02
3
Bug#302744: logcheck-database: postfix rules
Package: logcheck-database
Version: 1.2.36
Severity: wishlist
Hello,
I recently blew away my old logcheck-databse and lost a number of changes that i had made to postfix entries. The default database for postfix reports the
following errors that do not seem to be important...
Apr 2 13:00:19 terminus postfix/local[29516]: 574B9B3B9F: to=<doug at localhost>, relay=local, delay=13,
2010 Jan 21
1
Bug#566107: logcheck-database: with violations.d/logcheck empty most rules in violations.ignore.d look useless
Package: logcheck-database
Version: 1.3.5
Severity: normal
Hi,
I was having a look at logcheck and why I received a "verification failed:
Temporary failure in name resolution" as a _system_ message.
Turns out that since violations.d/logcheck is empty now, most of the rules in
violations.ignore.d look quite useless, can you confirm?
I suspect that a big part of those rules should be
2005 Feb 12
3
Bug#294950: logcheck: ignore.d.server courier imaplogin: DISCONNECTED not matching
Package: logcheck
Version: 1.2.34
Severity: normal
the ignore.d.server pattern for courier 'imaplogin: DISCONNECTED' does
not match the following line:
Feb 12 16:19:47 backup imaplogin: DISCONNECTED,
user=example at example.com, ip=[::ffff:111.111.111.111],
headers=14013, body=0, time=1
This line should be ignored like the other DISCONNECTED messages. Or am
I wrong?
-- System
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
2009 Oct 17
1
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
Hi,
I think that this rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-)
(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
is supposed to filter out lines like:
Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root
It is not working because the pattern dos not include the "/dev/" part
and
2008 Jul 21
1
merging violations.ignore.d/logcheck-* into ignore.d.*/*
Hi guys, now that violations.d/logcheck is empty,
violations.ignore.d/logcheck-* are useless and many messages that
were previously elevated and filtered there now turn up as system
events. Thus, I went ahead and merged violations.ignore.d/logcheck-*
into ignore.d.*/* in the viol-merge branch.
http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge
Unless I hear
2006 May 21
2
Bug#368313: logcheck-database: new postfix violations ignore rule
Package: logcheck-database
Version: 1.2.39
Severity: wishlist
Hi,
I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix :
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:
2005 Feb 16
3
Bug#295560: logcheck: Please include filename when reporting "invalid regular expression"
Package: logcheck
Version: 1.2.34
Severity: wishlist
I have a couple of home-made logcheck ignore files, and happened to
have one unescaped (and unmatched) `(' in one of the filter
lines. Because of this, cron sent a mail with the body "grep: Invalid
regular expression" - the subject is the command in the "2 * * * *"
line in /etc/cron.d/logcheck, of course.
It would be
2007 Oct 03
2
Bug#445072: /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ...
Package: logcheck-database
Version: 1.2.62
Severity: normal
File: /etc/logcheck/violations.ignore.d/logcheck-ssh
Somewhere between etch and now, ssh stopped reporting failed passwords
as "error: PAM: Authentication failure for foo", and switched to "Failed
password for foo", similar to what it already did for unknown users, but
without the "invalid user" part.
2008 Mar 15
1
Bug#471072: logcheck-database: Moving most of violations.ignore.d to ignore.d.*
Package: logcheck-database
Version: 1.2.63
Severity: normal
Given that violations.d/logcheck has been emptied by
2394562ab4a13c4510c671f01ffc8f35e97f1cd3, shouldn't most of
violations.ignore.d be moved to one of ignore.d.*? AIUI, all of these
are currently rendered useless.
(I'll gladly lend a hand; I just want to make sure this is the right
thing to do.)
-- System Information:
Debian
2004 Sep 04
1
Bug#269959: logcheck-database: courier ignore.d.server contains word from violations.d list
Package: logcheck-database
Version: 1.2.26
Severity: normal
Hi,
the file courier contains the line:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection
shutdown\.$
This triggers the security logcheck section because of the word
"shutdown". Quick fix is to move or duplicate this line to
violations.ignore.d/logcheck-courier.
BTW: It looks like the courier package
2006 Feb 06
1
Bug#351669: logcheck: [manual] the sudo(1) is missing from EXAMPLES
Package: logcheck
Version: 1.2.35
Severity: minor
Current manual reads:
EXAMPLES
logcheck can be invoked directly thanks to su(8) or sudo(8), which
change the user ID:
logcheck -o -t Check the logfiles without updating the offset. Print
everything to STDOUT
I believe this shuold be formatted as:
EXAMPLES
logcheck can be invoked directly thanks
2005 Feb 20
1
Rename violations.ignore.d/logcheck-pureftp
<nitpickyness>
To avoid possible confusion, shouldn't this be named logcheck-pureftpd,
or logcheck-pure-ftpd (instead of logcheck-pureftp)?
Or is there a reason (that I've missed) it's this way?
</nitpickyness>
-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This
2005 Mar 06
3
Bug#298291: logcheck-database: Printer out-of-paper reported
Package: logcheck-database
Version: 1.2.34
Severity: minor
I have parallel port attached printer and kernel reports whenever
printer is out of paper:
Mar 6 12:38:50 host kernel: lp0 out of paper
However, this is not a situation that should be reported by default
(IMHO) by logcheck sending report email. Thus I propose adding
following line to ignore.d.workstation/logcheck (possibly to .server
2012 May 03
1
GlusterFS 3.3 beta on Debian
Hi,
I'm attempting to install the 3.3 beta3 on Debian.
The files are located in a directory that looks like they were built for
Debian Lenny, here:
http://download.gluster.org/pub/gluster/glusterfs/qa-releases/3.3.0beta3/Debian/5.0.3/
Note the 5.0.3 at the end of the path..
However, when attempting to install the .deb file, it gives an error
about package libssl1.0.0 being missing.
That
2004 Nov 21
2
Bug#282378: logcheck-database: messages from USB joystick use
Package: logcheck-database
Version: 1.2.31
Severity: wishlist
The following is reported by logcheck when inserting a USB joystick for
the first time (workstation), none of which (I assume) I need to be
informed of.
Nov 21 17:50:08 localhost kernel: ohci_hcd 0000:00:01.2: wakeup
Nov 21 17:50:08 localhost kernel: usb 1-1: new low speed USB device using address 2
Nov 21 17:50:10 localhost kernel:
2004 Dec 25
2
Bug#287184: logcheck overwriting ownership/permissions of /etc/logcheck/* on upgrades
Package: logcheck
Version: 1.2.32
Severity: important
In postinst logcheck "fixes" permissions of /etc/logcheck/* to 750.
In my (and others on #d-d) opinion ownership and permissions should be
preserved upon package upgrades. Logcheck must not screw with my
decision to make them world readable every time it configures.
--
Peter