similar to: Bug#317741: logcheck-database: fails to ignore properly some lines from 'rbldnsd'

Package: logcheck Version: 1.2.35 Severity: minor Manual page reads: SYNOPSIS logcheck [TIONS] Perhaps it was intended to read: SYNOPSIS logcheck [OPTIONS] -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked

Package: logcheck-database Version: 1.2.39 Severity: wishlist These are the subject of an am-utils FAQ <URL:http://www.am-utils.org/docs/am-utils/FAQ.txt> and would be useful in the ignored list. Note that it's either `newer' or `older'. Jun 14 14:32:25 albion kernel: nfs warning: mount version newer than kernel Jun 14 14:37:54 dlsy kernel: nfs warning: mount version older

Package: logcheck-database Version: 1.2.32 Severity: normal Tags: patch The fix for 283331 exposed a bug in the dnsmasq rules. The rule was looking for DHCPINFO, but the actual message is DHCPINFORM. Prior to the 283331 fix, the old rule worked, because the "[()[:alnum:]]+" part of the rule matched the "RM" at the end of DHCPINFORM. -- System Information: Debian Release:

Package: logcheck Version: 1.2.32 Severity: important In postinst logcheck "fixes" permissions of /etc/logcheck/* to 750. In my (and others on #d-d) opinion ownership and permissions should be preserved upon package upgrades. Logcheck must not screw with my decision to make them world readable every time it configures. -- Peter

Package: logcheck-database Version: 1.2.32 Severity: wishlist Ignore rules to supress messages generated from pugging in, and then removing, a USB headset (one speaker). ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: drivers\/usb\/class\/audio\.c: v1.0.0:USB Audio Class driver$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: usbaudio: assuming that a stereo channel connected directly to a mixer is

Package: logcheck Version: 1.2.41 Severity: minor man (8) logcheck says: For hints on how to maintain rules, see README.logcheck-database.gz, but this file is not included in /usr/share/doc/logcheck. micah -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel:

Package: logcheck Version: 1.2.41 Severity: wishlist Hi folks, thanks for your work maintaining logcheck, it works well. When my users read their mail using imap (usually via squirrelmail, not sure about other clients) I get a message like this in the log: Aug 22 21:03:32 phoenix imapd[6551]: Moved 11323 bytes of new mail to /home/winky/mail/mbox from /var/spool/mail/winky host= localhost

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package: logcheck-database Version: 1.2.41 Severity: wishlist Tags: patch Hi, here is one line for the imp4 package and one (I don't have more) line from the log file. Same as with the horde3 file: I've tested it and CC this mail to the maintainer. by, Martin - -- Powered by Debian GNU / Linux -----BEGIN PGP SIGNATURE----- Version: GnuPG

Package: logcheck-database Version: 1.2.40 Severity: wishlist Hi, Please duplicate the imap-login related lines and change them to filter out the equivalent messages emitted by pop3-login. regards Andrew -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel:

Package: logcheck Version: 1.2.39 Severity: normal Since I've upgraded my servers to sarge, I'm getting mail every hour for stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns out that sarge's version no longer reads that file. If this was a conscious decision, then there should be some warning about this when upgrading (via debconf of NEWS.Debian). Also, the

Package: logcheck-database Version: 1.2.33 Severity: normal I just installed 1.2.33, and it made my rules dirs setuid, not setgid... - Marc -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (900, 'testing'), (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-k7 Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) Versions of

Package: logcheck Version: 1.2.26 Severity: wishlist Please add ignore for Spamassasin's "check" messages like: Aug 16 19:27:54 ns spamd[23853]: checking message <20040816150710.86ADA708A8 at smtp-out.hotpop.com> for nobody:65534. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.26.20040601 Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL

Package: logcheck-database Version: 1.2.28 Severity: wishlist Could you add support for dnsmasq for the server profile? This is the standard dnsmasq output. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: read /etc/hosts - [[:digit:]]+ addresses$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: reading /etc/resolv.conf$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck Version: 1.2.32 Severity: minor "Ghandi" should be "Gandhi" in README.how.to.interpret, assuming that you mean the Indian freedom fighter M.K. Gandhi a.k.a. Mahatma Gandhi. -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.7 Locale: LANG=C, LC_CTYPE=C

Package: logcheck-database Version: 1.2.26 Severity: normal Hi, the file courier contains the line: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection shutdown\.$ This triggers the security logcheck section because of the word "shutdown". Quick fix is to move or duplicate this line to violations.ignore.d/logcheck-courier. BTW: It looks like the courier package

Package: logcheck-database Version: 1.2.34 Severity: minor I have parallel port attached printer and kernel reports whenever printer is out of paper: Mar 6 12:38:50 host kernel: lp0 out of paper However, this is not a situation that should be reported by default (IMHO) by logcheck sending report email. Thus I propose adding following line to ignore.d.workstation/logcheck (possibly to .server

Package: logtail Version: 1.2.33 Severity: normal Hi... Logtail should not output error messages to standard output, since this violates the principle of least surprise. In particular, my application was broken by the semantics of logtail changing in version 1.2.21 (when you added switches for the default arguments to logtail). I think this was a bad move -- you broke an interface used by

Package: logcheck-database Version: 1.2.37 Severity: normal Hello again, openntpd gives messages like these failry often: Apr 7 14:25:55 terminus ntpd[673]: peer 204.17.42.202 now invalid Apr 7 14:26:10 terminus ntpd[673]: peer 204.17.42.202 now valid I am not sure if this is something that an admin may find relevant but they happen fairly often and they do not offer a lot of info for me.

Package: logcheck-database Version: 1.2.35 Severity: minor logcheck-database contain postgrey ignore file, but postgrey first attempt is listed in logcheck report $ dpkg -l postgrey ii postgrey 1.18-1 -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.29-C3EZRA Locale: LANG=it_IT,

Package: logcheck wanted to work on #195935, but found a less than funny issue, easy to reproduce: * remove some lines in front of your logfile * invoke logcheck you'll get a big email with all not matching lines from that log. not setting that to high priority because you are getting also the newer loglines. don't know if i find time that weekend. wanted to document it anyways. a++