Displaying 20 results from an estimated 4000 matches similar to: "Bug#368313: logcheck-database: new postfix violations ignore rule"
2005 Jul 11
3
Bug#317741: logcheck-database: fails to ignore properly some lines from 'rbldnsd'
Package: logcheck-database
Version: 1.2.40
Severity: normal
Tags: patch
There are one line that is not properly ignored. I include in the report
a better version.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (400, 'testing'), (300, 'unstable'), (200, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale:
2006 Jan 07
2
Bug#346350: logcheck-database: dhcp3-server ignores need to include (none ) client host name
Package: logcheck-database
Version: 1.2.39
Severity: normal
I use dhcp3-server and a dhcp client which is Sony HDD video recorder
CoCoon. The client not return client host name.
In this case, dhcpd server assumed the client host name is (none).
Therefor dhcpd output log described below.
> Jan 7 10:49:24 on-o dhcpd: DHCPDISCOVER from 08:00:46:33:55:77 ((none)) via eth0
> Jan 7 10:49:25
2006 May 17
2
Bug#367781: logcheck-database: postfix/smtp read timeout (port 25) regexp wrong
Package: logcheck-database
Version: 1.2.39
Severity: normal
The rule for postfix/smtp read timeout (port 25) doesn't match the
actual log message:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ \[[.0-9]+\]: read timeout \(port 25\)$
A sample log line is:
May 17 17:38:16 dp postfix/smtp[12256]: connect to smtpv1.ihs.gov[198.45.3.65]: read timeout (port
2005 Jun 14
3
Bug#313601: logcheck-database: ignore mount version messages
Package: logcheck-database
Version: 1.2.39
Severity: wishlist
These are the subject of an am-utils FAQ
<URL:http://www.am-utils.org/docs/am-utils/FAQ.txt> and would be
useful in the ignored list. Note that it's either `newer' or `older'.
Jun 14 14:32:25 albion kernel: nfs warning: mount version newer than kernel
Jun 14 14:37:54 dlsy kernel: nfs warning: mount version older
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
2009 Oct 17
1
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
Hi,
I think that this rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-)
(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
is supposed to filter out lines like:
Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root
It is not working because the pattern dos not include the "/dev/" part
and
2005 Aug 31
3
Bug#325801: logcheck: new regex to filter imap "Moved xxx bytes of new mail" messages
Package: logcheck
Version: 1.2.41
Severity: wishlist
Hi folks, thanks for your work maintaining logcheck, it works well.
When my users read their mail using imap (usually via squirrelmail,
not sure about other clients) I get a message like this in the log:
Aug 22 21:03:32 phoenix imapd[6551]: Moved 11323 bytes of new mail to /home/winky/mail/mbox from /var/spool/mail/winky host= localhost
2004 Jul 21
4
Bug#260743: logcheck-database: dhcp rule updates for failover support
Package: logcheck-database
Version: 1.2.23
Severity: minor
Hi,
a couple of minor corrections to the dhcp rule sets:
First of all, the hostname matching parts need to include the "._-"
signs (maybe . is not needed but it might be).
Then when using failover, log lines of type DHCPDISCOVER and DHCPREQUEST
may be entailed by the string ": load balance to peer <somestring>".
2005 Jan 12
3
Bug#290195: violations.d/sudo and violations.ignore.d/logcheck-sudo missing sudo log entries
Package: logcheck
Version: 1.2.32
Severity: normal
It seems when someone runs a sudo command on my system, logcheck misses
it.
The second line of /etc/logcheck/violations.d/sudo matches them, but
the /etc/logcheck/violations.ignore.d/logcheck-sudo kills them.
Furthermore, when users run commands like '$ sudo rm *' in a directory
with lots of files, we reports with lines like:
Jan 13
2004 Oct 13
2
Bug#276317: logcheck-database: Namechange for ISC in /etc/logcheck/ignore.d.server/dhcp
Package: logcheck-database
Version: 1.2.28
Severity: normal
Hi,
the Internet Software Consortium changed the name to Internet Systems Consortium.
For a fix for the logcheck rules see the attachment.
-- System Information:
Debian Release: 3.0
APT prefers testing
APT policy: (600, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel:
2006 May 30
2
Bug#369603: logcheck-database: new rule for dhcpd
Package: logcheck-database
Version: 1.2.44
Severity: minor
Tags: patch
Hi,
This patch changes one rule for dhcpd. It adds support for log lines of the following format:
May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1
Regards,
Robbert
--- /root/dhcp 2006-05-30 21:50:24.000000000 +0200
+++ dhcp 2006-05-30 23:27:06.000000000 +0200
@@ -18,7 +18,7 @@
2005 Aug 23
5
Bug#324615: new rules for imp4
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Package: logcheck-database
Version: 1.2.41
Severity: wishlist
Tags: patch
Hi,
here is one line for the imp4 package and one (I don't have more) line
from the log file. Same as with the horde3 file: I've tested it and CC
this mail to the maintainer.
by, Martin
- --
Powered by Debian GNU / Linux
-----BEGIN PGP SIGNATURE-----
Version: GnuPG
2004 Oct 21
3
Bug#277636: logcheck-database: support for dnsmasq
Package: logcheck-database
Version: 1.2.28
Severity: wishlist
Could you add support for dnsmasq for the server profile?
This is the standard dnsmasq output.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: read /etc/hosts - [[:digit:]]+ addresses$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: reading /etc/resolv.conf$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2007 Oct 03
2
Bug#445072: /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ...
Package: logcheck-database
Version: 1.2.62
Severity: normal
File: /etc/logcheck/violations.ignore.d/logcheck-ssh
Somewhere between etch and now, ssh stopped reporting failed passwords
as "error: PAM: Authentication failure for foo", and switched to "Failed
password for foo", similar to what it already did for unknown users, but
without the "invalid user" part.
2004 Jul 21
1
Bug#260573: logcheck: ignore.d.paranoid/cron and ignore.d.server/cron swapped
Package: logcheck
Version: 1.2.23
Severity: normal
Hello,
I have:
# /bin/cat ignore.d.server/cron
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST \([[:alnum:]-]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) REPLACE \([[:alnum:]-]+\)$
and:
# /bin/cat ignore.d.paranoid/cron
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2004 Jun 21
2
Bug#255560: logcheck-database: More Postfix rules
Package: logcheck-database
Version: 1.2.22a
Severity: normal
Thanks to the upgrade to Postfix 2.1 and deploying a newer logcheck
ruleset on a busier server I've found a bunch more rules for Postfix.
I've attached new rules files and patches are inline.
The following patch is for violations.ignore.d:
--- logcheck-postfix.orig 2004-06-21 20:11:14.000000000 +0100
+++ logcheck-postfix
2004 Sep 04
1
Bug#269959: logcheck-database: courier ignore.d.server contains word from violations.d list
Package: logcheck-database
Version: 1.2.26
Severity: normal
Hi,
the file courier contains the line:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection
shutdown\.$
This triggers the security logcheck section because of the word
"shutdown". Quick fix is to move or duplicate this line to
violations.ignore.d/logcheck-courier.
BTW: It looks like the courier package
2004 Dec 21
3
Bug#286747: logcheck-database: ignore rules for USB headset
Package: logcheck-database
Version: 1.2.32
Severity: wishlist
Ignore rules to supress messages generated from pugging in, and
then removing, a USB headset (one speaker).
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: drivers\/usb\/class\/audio\.c: v1.0.0:USB Audio Class driver$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: usbaudio: assuming that a stereo channel connected directly to a mixer is
2006 Feb 12
1
Bug#338732: logcheck-database: ignore rule for package cvs
tags 338732 pending
thanks
On 12 Nov 2005, at 11:38, Martin Lohmeier wrote:
> here is a rule for the cvs package. The line that should be ignored
> looks like this:
>
> Nov 12 12:02:22 djinn01 cvs-pserver[15917]: connect from
> 212.202.200.77 (212.202.200.77)
> Nov 12 12:31:00 djinn01 cvs-pserver[18386]: connect from
> 80.190.250.190 (80.190.250.190)
>
> I'll
2004 Jun 11
4
Bug#253861: logcheck: Please add support for imapproxy
Package: logcheck
Version: 1.2.22a
Severity: wishlist
There is no support for imapproxy, and it would be a great help if it
was added. Following are two sample lines from the syslog:
Jun 11 09:36:55 MyHost in.imapproxyd[30845]: LOGOUT: '"MyUser"' from
server sd [13]
Jun 11 09:37:02 MyHost in.imapproxyd[30846]: LOGIN: '"MyUser"'
(xxx.xxx.xxx.xx:yyyyy) on
2006 Aug 11
0
Bug#382440: logcheck-database: Postfix rule missing in violations.ignore.d
Package: logcheck-database
Version: 1.2.47
Severity: normal
Tags: patch
Without the following logcheck line in
/etc/logcheck/violations.ignore.d, lines such as the following are
reported:
postfix/smtp[30054]: 824E9A2C1E: to=<nooneisillegal at someplace.net>,
relay=0.0.0.0[0.0.0.0], delay=1, status=sent (250 2.6.0 Ok, id=30274-22,
from MTA: 250 Ok: queued as 15140A2D0A)
This is because