similar to: Re: postfix logcheck

Package: logcheck Severity: wishlist I see no reason why /etc/logcheck should have any more permissions than 0750. Please consider removing access rights from 'other'. -- System Information: Debian Release: testing/unstable APT prefers stable APT policy: (700, 'stable'), (600, 'testing'), (98, 'unstable'), (1, 'experimental') Architecture: i386 (i686)

Package: courier-imap-ssl,logcheck-database Severity: wishlist Please move /etc/logcheck/*/courier to the courier packages and out of logcheck-database. -- System Information: Debian Release: testing/unstable APT prefers stable APT policy: (700, 'stable'), (600, 'testing'), (98, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked

I'm not sure if this message ever made it to you, Jamie. I had a reverse DNS problem shortly after it was sent. ----- Forwarded message from Todd Troxell <ttroxell at debian.org> ----- Date: Wed, 1 Jun 2005 01:22:18 -0400 From: Todd Troxell <ttroxell at debian.org> To: "Jamie L. Penman-Smithson" <jamie at silverdream.org> Subject: Re: Logcheck rules from other

tags 338732 pending thanks On 12 Nov 2005, at 11:38, Martin Lohmeier wrote: > here is a rule for the cvs package. The line that should be ignored > looks like this: > > Nov 12 12:02:22 djinn01 cvs-pserver[15917]: connect from > 212.202.200.77 (212.202.200.77) > Nov 12 12:31:00 djinn01 cvs-pserver[18386]: connect from > 80.190.250.190 (80.190.250.190) > > I'll

Hi guys, now that violations.d/logcheck is empty, violations.ignore.d/logcheck-* are useless and many messages that were previously elevated and filtered there now turn up as system events. Thus, I went ahead and merged violations.ignore.d/logcheck-* into ignore.d.*/* in the viol-merge branch. http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge Unless I hear

package logcheck-database tags 125794 pending tags 191637 pending thanks I've been running the latest version of qpopper from unstable for a few days and I've added the following rules to CVS: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: connect from [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \(v[.[:digit:]]+\) POP login by user

package: logcheck-database version: 1.2.23 severity: wishlist The current regexp's for postfix/lmtp.. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [0-9A-F]: to=<[^[:space:]]+>, orig_to=<[^[:space:]]+>, relay=[^[:space:]]+\], delay=[0-9]+ status=sent \(250 2\.1\.5 Ok\)$ ..doesn't catch these messages: Jul 15 17:15:16 lorien postfix/lmtp[17151]: C1170480008B:

apt-get install svn-buildpackage cat <<_eof >> ~/.svn-buildpackage.conf svn-lintian svn-linda svn-move _eof mkdir logcheck; cd logcheck svn co svn+ssh://svn.debian.org/svn/logcheck/logcheck/trunk cd trunk svn-buildpackage -k<your key ID> -rfakeroot man svn-buildpackage for more. Nice, huh? -- .''`. martin f. krafft <madduck at debian.org> : :' :

On Wed, 2005-04-27 at 22:10 -0400, Steve Gran wrote: > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: EXTERNAL COMMAND: PROCESS_SERVICE_CHECK_RESULT > > (although that may be too broad) Can you provide the log messages that this matches? Thanks, -- -jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org w: http://www.silverdream.org | p: sms at silverdream.org pgp

tags 475553 wontfix thanks While I completely agree that this /should/ be fixed in logcheck, it can't be, since the logcheck rulefile format *sucks*, meaning /every/ rule would have to be extended to support both styles. I am sorry, but I have to mark this wontfix. I hope that one day, someone will get up and write logfilter, which I've started to draft on the wiki.logcheck.org page.

Processing commands for control at bugs.debian.org: > reassign 352043 logcheck Bug#352043: please integrate dovecot logcheck rule in the dovecot-common package Bug reassigned from package `dovecot-common' to `logcheck'. > retitle 352043 Please provide a backport of logcheck Bug#352043: please integrate dovecot logcheck rule in the dovecot-common package Changed Bug title. >

Hi there, My updated Vietnamese translation is attached. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: vi.po Type: application/octet-stream Size: 6969 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060710/4703d02c/attachment.obj -------------- next part -------------- Regards, Clytie Siddall

Package: logcheck-database Version: 1.2.35 Severity: minor logcheck-database contain postgrey ignore file, but postgrey first attempt is listed in logcheck report $ dpkg -l postgrey ii postgrey 1.18-1 -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.29-C3EZRA Locale: LANG=it_IT,

Package: logcheck Version: 1.2.39 Followup-For: Bug #303661 Attached is another entry that suppresses the adjustment messages -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.11.7-grsec Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages logcheck depends on: ii

Package: logcheck-database Version: 1.2.40 Severity: wishlist Hi, Please duplicate the imap-login related lines and change them to filter out the equivalent messages emitted by pop3-login. regards Andrew -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel:

Package: logcheck Version: 1.2.34 Severity: wishlist I have a couple of home-made logcheck ignore files, and happened to have one unescaped (and unmatched) `(' in one of the filter lines. Because of this, cron sent a mail with the body "grep: Invalid regular expression" - the subject is the command in the "2 * * * *" line in /etc/cron.d/logcheck, of course. It would be

Package: logcheck Version: 1.2.35 Severity: minor Current manual reads: EXAMPLES logcheck can be invoked directly thanks to su(8) or sudo(8), which change the user ID: logcheck -o -t Check the logfiles without updating the offset. Print everything to STDOUT I believe this shuold be formatted as: EXAMPLES logcheck can be invoked directly thanks

Lately, I've been getting messages of the form dhclient: parse_option_buffer: option unknown-177 (65) larger than buffer. from logcheck. dhclient has not been updated, so this is likely a change in the configuration of my ISP. As the logcheck maintainer, I now wonder what I should do with those. In general, I tend to think that ignoring such warnings is safe because the software caught

Package: logcheck-database Version: 1.2.43a Severity: minor Since last weekend's upgrade of logcheck-database from 1.2.42 to 1.2.43a, logcheck stopped ignoring routine SpamAssassin messages of the form Feb 20 21:36:16 tux64 spamd[4665]: spamd: checking message <20060220190721.0E0B41C5207 at llwb563.servidoresdns.net> for amu:7286 Could you please edit the second pattern in

I have rules like this on my servers: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[[:digit:].]{7,15}\]\) (- )USER [-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+ \[[[:digit:].]{7,15}\]\ to [[:digit:].]{7,15}:21$ basically, I just don't care about logins as nonexistent users, I get so many of those that I don't even