similar to: Bug#372286: logcheck-database: new rule for courier

# Automatically generated email from bts, devscripts version 2.10.30 # via tagpending # # logcheck (1.2.65) unstable; urgency=low # # * ignore.d.server/postfix: # - ignore connection messages for anonymous TLS connections; thanks to # Justin Larue (closes: #486440). # - ignore hostname verification due to DNS name not found; thanks to # Justin Larue (closes: #486440). # *

Package: logcheck-database Version: 1.2.54 Severity: minor -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.2-dp0 Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15) Versions of packages logcheck-database depends

Hi I am finishing my mail server config and just trying to get the mysql login working - it fails to connect and thorws the following error Mar 21 21:58:21 mail0 authdaemond: failed to connect to mysql server (server=localhost, userid=courier): Can't connect to local MySQL server through socket '/tmp/mysql.sock.' (2) Mar 21 21:58:21 mail0 couriertcpd: LOGIN FAILED, user=tom at

Hi, I'd like to suggest one change in the postfix rules originally submitted: The last line should read ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)? relay=[^[:space:]]+\[[^[:space:]]+\], delay=[0-9]+, status=sent \(250 2\.6\.0 Ok, id=[-0-9]+, from MTA: 250 Ok: queued as [0-9A-F]+\)$ instead of ^\w{3} [

Package: courier-imap-ssl,logcheck-database Severity: wishlist Please move /etc/logcheck/*/courier to the courier packages and out of logcheck-database. -- System Information: Debian Release: testing/unstable APT prefers stable APT policy: (700, 'stable'), (600, 'testing'), (98, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked

Package: logcheck-database Version: 1.2.26 Severity: normal Hi, the file courier contains the line: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection shutdown\.$ This triggers the security logcheck section because of the word "shutdown". Quick fix is to move or duplicate this line to violations.ignore.d/logcheck-courier. BTW: It looks like the courier package

Package: logcheck Version: 1.2.34 Severity: normal the ignore.d.server pattern for courier 'imaplogin: DISCONNECTED' does not match the following line: Feb 12 16:19:47 backup imaplogin: DISCONNECTED, user=example at example.com, ip=[::ffff:111.111.111.111], headers=14013, body=0, time=1 This line should be ignored like the other DISCONNECTED messages. Or am I wrong? -- System

Package: logcheck-database Severity: wishlist Hi, the following two lines should be added either to ignore.d.server/dhcp or ignore.d.server/udhcp to ignore messages from udhcpd (other lines may be necessary) # udhcpd support ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending OFFER of [.0-9]+ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending ACK to [.0-9]+ filippo

Package: logcheck-database Version: 1.2.69 Severity: normal Tags: patch Hi, I think that this rule: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$ is supposed to filter out lines like: Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root It is not working because the pattern dos not include the "/dev/" part and

Processing commands for control at bugs.debian.org: > # Commit 037fed5fc268088bad1f17c885d9153ee800ec40 > tag 444470 pending Bug#444470: /etc/logcheck/violations.ignore.d/logcheck-ssh: Updated "authentication failure" rule There were no tags set. Tags added: pending > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system

In article <20080120021013.GA2871__36835.8155632906$1200797204$gmane$org at nexus.elho.net> you wrote: > Looking at those two lines, they could just be different versions of > the same thing, here are the commented differences: Take my word: you'll live longer if you don't try to make sense of ssh log messages. (I *swear* I once got different messages by doing the same thing

Package: logcheck-database Version: 1.2.39 Severity: wishlist Hi, I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix : ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:

Package: logcheck-database Version: 1.2.44 Severity: minor Tags: patch Hi, This patch changes one rule for dhcpd. It adds support for log lines of the following format: May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1 Regards, Robbert --- /root/dhcp 2006-05-30 21:50:24.000000000 +0200 +++ dhcp 2006-05-30 23:27:06.000000000 +0200 @@ -18,7 +18,7 @@

Package: logcheck-database Version: 1.2.47 Severity: normal Tags: patch Without the following logcheck line in /etc/logcheck/violations.ignore.d, lines such as the following are reported: postfix/smtp[30054]: 824E9A2C1E: to=<nooneisillegal at someplace.net>, relay=0.0.0.0[0.0.0.0], delay=1, status=sent (250 2.6.0 Ok, id=30274-22, from MTA: 250 Ok: queued as 15140A2D0A) This is because

package hylafax-server reassign 425035 logcheck-database 1.2.56 thanks I am reassigning this bug report since the hylafax logcheck rule is distributed in package logcheck-database. Bye, Giuseppe

Package: logcheck Version: 1.3.14 Severity: normal I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run. Renaming it to local-rules got the file used during the next run. Fix: periods should be allowed in filenames, or the fact that they are forbidden expressly documented inteh logcheck README. Thanks Nils -- System Information: Debian

tags 338732 pending thanks On 12 Nov 2005, at 11:38, Martin Lohmeier wrote: > here is a rule for the cvs package. The line that should be ignored > looks like this: > > Nov 12 12:02:22 djinn01 cvs-pserver[15917]: connect from > 212.202.200.77 (212.202.200.77) > Nov 12 12:31:00 djinn01 cvs-pserver[18386]: connect from > 80.190.250.190 (80.190.250.190) > > I'll

Package: logcheck-database Version: 1.2.63 Severity: wishlist Hi, Can you add rule to filter out following messages: System Events =-=-=-=-=-=-= May 15 07:44:48 niko syslog-ng[21911]: Configuration reload request received, reloading configuration; Best regards Andrei Emeltchenko -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'),

Package: logcheck-database Severity: wishlist Tags: patch Please consider applying the attached patch. Logcheck doesn't match lines like the following right now: ---- Jan 26 04:26:29 space-based cracklib: updated dictionary (read/written words: ). ---- /Armin -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'),

Package: logcheck-database Version: 1.2.69 Severity: wishlist Hello, when newgrp (part of the package login) is used, I see messages like this in my syslog: Aug 27 23:36:16 debian64 newgrp[1975]: user `root' (login `root' on tty1) switched to group `backup' Aug 27 19:28:15 srv1 newgrp[10082]: user `root' (login `mazur' on pts/1) switched to group `backup' Aug 27