Displaying 20 results from an estimated 1000 matches similar to: "Why no dhclient in ignore.d.workstation?"
2004 May 15
1
Re: [Logcheck-commits] CVS logcheck/src
On Sat, 15 May 2004, CVS User ttroxell wrote:
> if [ -f /etc/logcheck/header.txt ] ; then
> - $CAT /etc/logcheck/header.txt >> $TMPDIR/report
> + $CAT /etc/logcheck/header.txt >> $TMPDIR/report \
> + || error "Could not append header to $TMPDIR/report Disk full?"
> fi
> }
>
> @@ -152,7 +157,8 @@
> # Add a footer
2006 Jul 04
1
no such user
I have rules like this on my servers:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:
[._[:alnum:]-]+ \([._[:alnum:]-]+\[[[:digit:].]{7,15}\]\) (- )USER
[-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+
\[[[:digit:].]{7,15}\]\ to [[:digit:].]{7,15}:21$
basically, I just don't care about logins as nonexistent users,
I get so many of those that I don't even
2005 Dec 23
4
Bug#344553: logcheck: Fails silently to read config file
Package: logcheck
Version: 1.2.42
Severity: minor
Tags: patch
Logcheck does not report any error if the config file is not readable
or does not exists. This may easily happen, as logcheck is run as
logcheck user and while one is testing a new configuration on live
system with running configuration intact.
Following fragment may help:
# Now source the config file - before things that should
2004 Aug 28
1
Bug#268277: logcheck documentation bug
/usr/share/doc/logcheck-database/README.logcheck-database.gz
Do you think that this file is insufficient, or did you just not see it?
If the latter is the case, perhaps I should add a pointer to it in
logcheck.8.
Cheers,
--
[ Todd J. Troxell ,''`.
Student, Debian GNU/Linux Developer, SysAdmin, Geek : :' :
http://debian.org ||
2006 Jul 03
1
New logcheck committer
Martin F. Krafft (madduck) has been added to the project.
P.S. I'd like to get a release out sometime next week.
--
Todd Troxell
http://rapidpacket.com/~xtat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url :
2005 Feb 12
3
Bug#294950: logcheck: ignore.d.server courier imaplogin: DISCONNECTED not matching
Package: logcheck
Version: 1.2.34
Severity: normal
the ignore.d.server pattern for courier 'imaplogin: DISCONNECTED' does
not match the following line:
Feb 12 16:19:47 backup imaplogin: DISCONNECTED,
user=example at example.com, ip=[::ffff:111.111.111.111],
headers=14013, body=0, time=1
This line should be ignored like the other DISCONNECTED messages. Or am
I wrong?
-- System
2004 Jun 13
1
intermittent access this week
Hey team,
I'll be at sea on and off this week, and as such my Internet access will
depend on wifi availability while in port. 22a seems stable, but if any
critical problems arise, feel free to prepare a release and bug Alfie
to upload it.
On the brighter side, I expect to be extremely bored while offline so I'll
probably get some logcheck work done. <:
Cheers,
--
[ Todd J.
2004 Jun 04
2
Bug#252597: logcheck: user logchecks mails should be delivered to root
Package: logcheck
Version: 1.2.20a
Severity: important
Since logcheck changed to run as user logcheck, the error mails of the cron
daemon end up in /var/mail/logcheck where nobody reads them. Mails for
logcheck should be aliased to root like all the other mails of system
accounts.
I was searching for a long time what was wrong with my logcheck not
delivering any mails. The lock directory was
2004 May 21
2
Bug#247360: logcheck: Where's NEWS.Debian?
Package: logcheck
Version: 1.2.20a
Severity: normal
Followup-For: Bug #247360
I can't find NEWS.Debian in the package.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.5
Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R
Versions of packages logcheck depends on:
ii adduser
2005 Jan 23
2
logcheck-database -- volatile?
A new archive was announced for packages that have need for frequent changes
[see below]. In theory, we should not have to update logcheck rules in
Sarge, because we know that it's packages, with the exception of security
updates will remain constant.
This does not change the fact that we may wish to update the database on
sarge <:
Any thoughts?
-Todd
----- Forwarded message from
2005 Feb 16
3
Bug#295560: logcheck: Please include filename when reporting "invalid regular expression"
Package: logcheck
Version: 1.2.34
Severity: wishlist
I have a couple of home-made logcheck ignore files, and happened to
have one unescaped (and unmatched) `(' in one of the filter
lines. Because of this, cron sent a mail with the body "grep: Invalid
regular expression" - the subject is the command in the "2 * * * *"
line in /etc/cron.d/logcheck, of course.
It would be
2005 Jan 08
1
Re: [Logcheck-commits] CVS logcheck/debian
On Wed, 05 Jan 2005, CVS User ttroxell wrote:
> @@ -70,6 +70,10 @@
> chown logcheck /var/lock/logcheck > /dev/null 2>&1 || true
> fi
>
> + # fix for #284788
> + # update timestamp on cron
> + touch /etc/cron.d/logcheck || true
> +
> ;;
>
> abort-upgrade|abort-remove|abort-deconfigure)
on a box with a broken coreutils install
2004 Jun 03
1
4 important bugs again <;
hello everyone,
thanks to todd 1.2.21 is out :)
every release getting better, i would like to get
consensus on these "important" bugs:
#252078 logtail: should depend on perl >= 5.8
sarge as any other modern linux distro use perl 5.8.x,
it's even inside of its base.
backports are under the peril of its author
if no one voices up, i'll close that bug in the next days.
2006 Jul 08
2
building the logcheck package from SVN
apt-get install svn-buildpackage
cat <<_eof >> ~/.svn-buildpackage.conf
svn-lintian
svn-linda
svn-move
_eof
mkdir logcheck; cd logcheck
svn co svn+ssh://svn.debian.org/svn/logcheck/logcheck/trunk
cd trunk
svn-buildpackage -k<your key ID> -rfakeroot
man svn-buildpackage for more. Nice, huh?
--
.''`. martin f. krafft <madduck at debian.org>
: :' :
2005 Oct 29
1
Bug#336265: logrotate detection, possible attack not checked by logcheck
Package: logcheck
Version: 1.2.41
Problem: Logcheck try to detect if log file have been rotate or not by file size way.
Possible attack:
- current log file (sizeA)
- run logcheck, (logcheck/logtail put inode in offsetfile), offset=sizeA
- [attacker run attack 1]
- run logrotate
- [attacker run attack 2]
- run logcheck may don't detect the rotation and don't check the log for attack 1
2005 Dec 24
1
Bug#344620: ignore.server.d/postfix: 'address not listed for hostname' rule
Package: logcheck-database
Version: 1.2.42
Severity: normal
Tags: patch
Index: postfix
===================================================================
--- postfix (revision 1097)
+++ postfix (working copy)
@@ -44,7 +44,7 @@
# Postfix < 2.1
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: server dropped connection without sending the initial greeting
2006 Apr 28
1
Bug#365121: logcheck: Fails to ignore certain pattern
Package: logcheck
Version: 1.2.43a
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have messages like these in my logs:
Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 58 to 57
Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 58 to 57
2004 Aug 10
1
one = sign to much?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I think I found a mistake in the postfix file
in /etc/logcheck/ignore.d.server. There is one equal sign to much in this
line:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+:
client=[^[:space:]]+, sasl_method=[[:alnum:]]+,
sasl_username==[-_.@[:alnum:]]+$
I think it should be:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2005 Mar 24
3
Bug#301175: logcheck-databas: SSH rules for debug level
Package: logcheck-database
Version: 1.2.35
Severity: wishlist
If it were possible, please add rules to ignore SSH debug level messages
like these:
Mar 22 18:59:29 cante sshd[5673]: debug2: channel 4: rcvd adjust 66020
Mar 22 18:59:34 cante sshd[5673]: debug2: channel 4: window 32736 sent adjust 32800
Sometimes the SSH need to be run with DEBUG in order to pinpoint
connection troubles and
2005 Jan 20
2
Bug#291395: logcheck-database: Rules dirs are setuid, they should be setgid
Package: logcheck-database
Version: 1.2.33
Severity: normal
I just installed 1.2.33, and it made my rules dirs setuid, not setgid...
- Marc
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (900, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-k7
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)
Versions of