similar to: Bug#290195: violations.d/sudo and violations.ignore.d/logcheck-sudo missing sudo log entries

Package: logcheck Version: 1.2.32 Severity: minor "Ghandi" should be "Gandhi" in README.how.to.interpret, assuming that you mean the Indian freedom fighter M.K. Gandhi a.k.a. Mahatma Gandhi. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.7 Locale: LANG=C, LC_CTYPE=C

Package: logcheck Version: 1.2.32 Severity: wishlist /etc/cron.daily/sysklogd restarts syslogd at the end of the script. This causes a daily log message, currently missed by logcheck: Jan 14 06:55:22 pyloric syslogd 1.4.1#16: restart (remote reception). I'm currently using this regex in ignore.server.d/local-syslogd: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd 1\.4\.1#16: restart \(remote

Package: logcheck-database Version: 1.2.33 Severity: normal I just installed 1.2.33, and it made my rules dirs setuid, not setgid... - Marc -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (900, 'testing'), (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-k7 Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) Versions of

Package: logtail Version: 1.2.33 Severity: normal Hi... Logtail should not output error messages to standard output, since this violates the principle of least surprise. In particular, my application was broken by the semantics of logtail changing in version 1.2.21 (when you added switches for the default arguments to logtail). I think this was a bad move -- you broke an interface used by

Package: logcheck-database Version: 1.2.36 Severity: wishlist Hello, I recently blew away my old logcheck-databse and lost a number of changes that i had made to postfix entries. The default database for postfix reports the following errors that do not seem to be important... Apr 2 13:00:19 terminus postfix/local[29516]: 574B9B3B9F: to=<doug at localhost>, relay=local, delay=13,

Package: logcheck-database Version: 1.3.5 Severity: normal Hi, I was having a look at logcheck and why I received a "verification failed: Temporary failure in name resolution" as a _system_ message. Turns out that since violations.d/logcheck is empty now, most of the rules in violations.ignore.d look quite useless, can you confirm? I suspect that a big part of those rules should be

Package: logcheck Version: 1.2.34 Severity: normal the ignore.d.server pattern for courier 'imaplogin: DISCONNECTED' does not match the following line: Feb 12 16:19:47 backup imaplogin: DISCONNECTED, user=example at example.com, ip=[::ffff:111.111.111.111], headers=14013, body=0, time=1 This line should be ignored like the other DISCONNECTED messages. Or am I wrong? -- System

Package: logcheck-database Version: 1.2.69 Severity: normal Tags: patch Hi, I think that this rule: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$ is supposed to filter out lines like: Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root It is not working because the pattern dos not include the "/dev/" part and

Hi guys, now that violations.d/logcheck is empty, violations.ignore.d/logcheck-* are useless and many messages that were previously elevated and filtered there now turn up as system events. Thus, I went ahead and merged violations.ignore.d/logcheck-* into ignore.d.*/* in the viol-merge branch. http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge Unless I hear

Package: logcheck-database Version: 1.2.39 Severity: wishlist Hi, I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix : ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:

Package: logcheck Version: 1.2.34 Severity: wishlist I have a couple of home-made logcheck ignore files, and happened to have one unescaped (and unmatched) `(' in one of the filter lines. Because of this, cron sent a mail with the body "grep: Invalid regular expression" - the subject is the command in the "2 * * * *" line in /etc/cron.d/logcheck, of course. It would be

Package: logcheck-database Version: 1.2.62 Severity: normal File: /etc/logcheck/violations.ignore.d/logcheck-ssh Somewhere between etch and now, ssh stopped reporting failed passwords as "error: PAM: Authentication failure for foo", and switched to "Failed password for foo", similar to what it already did for unknown users, but without the "invalid user" part.

Package: logcheck-database Version: 1.2.63 Severity: normal Given that violations.d/logcheck has been emptied by 2394562ab4a13c4510c671f01ffc8f35e97f1cd3, shouldn't most of violations.ignore.d be moved to one of ignore.d.*? AIUI, all of these are currently rendered useless. (I'll gladly lend a hand; I just want to make sure this is the right thing to do.) -- System Information: Debian

Package: logcheck-database Version: 1.2.26 Severity: normal Hi, the file courier contains the line: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection shutdown\.$ This triggers the security logcheck section because of the word "shutdown". Quick fix is to move or duplicate this line to violations.ignore.d/logcheck-courier. BTW: It looks like the courier package

Package: logcheck Version: 1.2.35 Severity: minor Current manual reads: EXAMPLES logcheck can be invoked directly thanks to su(8) or sudo(8), which change the user ID: logcheck -o -t Check the logfiles without updating the offset. Print everything to STDOUT I believe this shuold be formatted as: EXAMPLES logcheck can be invoked directly thanks

<nitpickyness> To avoid possible confusion, shouldn't this be named logcheck-pureftpd, or logcheck-pure-ftpd (instead of logcheck-pureftp)? Or is there a reason (that I've missed) it's this way? </nitpickyness> -j -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This

Package: logcheck-database Version: 1.2.34 Severity: minor I have parallel port attached printer and kernel reports whenever printer is out of paper: Mar 6 12:38:50 host kernel: lp0 out of paper However, this is not a situation that should be reported by default (IMHO) by logcheck sending report email. Thus I propose adding following line to ignore.d.workstation/logcheck (possibly to .server

Hi, I'm attempting to install the 3.3 beta3 on Debian. The files are located in a directory that looks like they were built for Debian Lenny, here: http://download.gluster.org/pub/gluster/glusterfs/qa-releases/3.3.0beta3/Debian/5.0.3/ Note the 5.0.3 at the end of the path.. However, when attempting to install the .deb file, it gives an error about package libssl1.0.0 being missing. That

Package: logcheck-database Version: 1.2.31 Severity: wishlist The following is reported by logcheck when inserting a USB joystick for the first time (workstation), none of which (I assume) I need to be informed of. Nov 21 17:50:08 localhost kernel: ohci_hcd 0000:00:01.2: wakeup Nov 21 17:50:08 localhost kernel: usb 1-1: new low speed USB device using address 2 Nov 21 17:50:10 localhost kernel:

Package: logcheck Version: 1.2.32 Severity: important In postinst logcheck "fixes" permissions of /etc/logcheck/* to 750. In my (and others on #d-d) opinion ownership and permissions should be preserved upon package upgrades. Logcheck must not screw with my decision to make them world readable every time it configures. -- Peter