similar to: Bug#398257: logcheck-database: lots of "session opened" and "session closed" information

Package: logcheck-database Version: 1.2.49 Severity: normal Tags: patch Hi, with "UseReverseDNS off" in /etc/proftpd/proftpd.conf the IP is used instead of the hostname: ... (::ffff:aaa.bbb.ccc.ddd[::ffff:aaa.bbb.ccc.ddd]) ... The rules in /etc/logcheck/ignore.d.server/proftpd do not support colons in the hostname. The attached patch fixes this. Greetings, Gregor -- System

Package: logcheck Version: 1.1.1-13.1woody1 Severity: important logcheck line 56 uses "TMPDIR=$(mktemp -d -p ..." but mktemp from woody doesn't accept -p option Cheers, Chris -- System Information Debian Release: 3.0 Kernel Version: Linux ethlife-a 2.4.26-vs1.27 #4 SMP Mit Apr 28 15:20:15 MEST 2004 i686 unknown Versions of the packages logcheck depends on: ii cron

Package: logcheck Version: 1.2.42 Severity: minor Tags: patch Logcheck does not report any error if the config file is not readable or does not exists. This may easily happen, as logcheck is run as logcheck user and while one is testing a new configuration on live system with running configuration intact. Following fragment may help: # Now source the config file - before things that should

Package: logcheck-database Version: 1.2.39 Severity: wishlist Hi, I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix : ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:

Package: logcheck-database Version: 1.2.54 Severity: normal The included filters for cyrus (/etc/logcheck/ignore.d.server/cyrus) are very minimal. The cyrus-imapd-2.2 has a more extensive ruleset (there's a /etc/logcheck/ignore.d.server/cyrus2_2 file in that package). Please copy over the filters from cyrus-imapd-2.2. I'm running logcheck on a loghost, which doesn't run cyrus

Package: logcheck-database Version: 1.2.54 Severity: normal Hello, it seems crontab reports it's whole path in syslog : May 6 16:00:03 eckmul /usr/bin/crontab[9722]: (root) LIST (nobody) I don't have other messages from it in my logs, so I can't comment on the other lines in /etc/logcheck/ignore.d.server/cron , but I had to modify the LIST one with /usr/bin/crontab Thanks, --

Package: logcheck-database Version: 1.2.51 Severity: normal Messages such as these are no longer being filtered by logcheck ('hostname' used to replace actual hostname; 'hostname.com' used to replace actual domain): Dec 23 12:02:58 hostname postfix/lmtp[5047]: 38BE4C21ED: to=<root at hostname.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.1, delays=2/0.16/0.05/1.8,

Package: logcheck-database Version: 1.2.47 Severity: normal Tags: patch Without the following logcheck line in /etc/logcheck/violations.ignore.d, lines such as the following are reported: postfix/smtp[30054]: 824E9A2C1E: to=<nooneisillegal at someplace.net>, relay=0.0.0.0[0.0.0.0], delay=1, status=sent (250 2.6.0 Ok, id=30274-22, from MTA: 250 Ok: queued as 15140A2D0A) This is because

Package: logcheck-database Version: 1.2.63 Severity: wishlist Tags: patch The bad address syntax bounce message was previously logged by postfix/qmgr, but in the current version of Postfix in lenny is (at least sometimes) logged by postfix/error instead. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1,

Package: logcheck-database Version: 1.2.43a Severity: normal Tags: patch Hi, Given the following popa3d log messages: popa3d[15636]: 0 messages (0 bytes) loaded popa3d[15993]: 1 message (3837 bytes) loaded popa3d[15856]: 3 messages (18116 bytes) loaded The current logcheck ruleset does not take into account that sometimes there might be multiple message_S_ to be loaded. The following patch

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch When views are used in bind, the logcheck filters don't catch the common informational log messages. Added regex bits to the filter definitions. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel:

Package: logcheck-database Version: 1.2.39 Severity: normal The rule for postfix/smtp read timeout (port 25) doesn't match the actual log message: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ \[[.0-9]+\]: read timeout \(port 25\)$ A sample log line is: May 17 17:38:16 dp postfix/smtp[12256]: connect to smtpv1.ihs.gov[198.45.3.65]: read timeout (port

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch fixes several regular expressions: * OpenVPN does not print the full path to ifconfig or route (at least here) * The interface name can also contain dots and does not always start with "tun" * The startup messages now gets suppressed

Package: logcheck-database Version: 1.2.51 Severity: wishlist I'm backup my ldap with slapcat (from package slapd) and get a entry in syslog. Can you add to /etc/logcheck/ignore.d.server/slpad: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ slapcat: bdb_db_init: Initializing BDB database$ -- System Information: Debian Release: 3.1 APT prefers experimental APT policy: (1, 'experimental')

Package: logcheck-database Version: 1.2.44 Severity: minor Tags: patch Hi, This patch changes one rule for dhcpd. It adds support for log lines of the following format: May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1 Regards, Robbert --- /root/dhcp 2006-05-30 21:50:24.000000000 +0200 +++ dhcp 2006-05-30 23:27:06.000000000 +0200 @@ -18,7 +18,7 @@

Package: logcheck-database Version: 1.2.23 Followup-For: Bug #254681 Please generalize "nobody" to "[_[:alnum:]-]+", as some cron jobs su to other users: Jul 11 06:51:16 tux su[10385]: + ??? root:hinfo Jul 11 06:57:25 tux su[29801]: + ??? root:www-data Thanks. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500,

Package: logcheck Version: 1.2.54 Severity: normal In the file ignore.d.paranoid/cron there are the rules ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$ to ignore lines like 10:17:01 at 04-03-2007 tooar

Package: logcheck Severity: wishlist Currently syslog-summary is only enabled if it is installed and if it is enabled in logcheck's conffile. I think enabling it by default if syslog-summary is installed would be more sane. A new option -U "Disable syslog-summary" should be added in the assumedly rare case people want to disable it on the commandline although they installed

Package: logcheck-database Version: 1.2.69 Severity: normal File: /etc/logcheck/ignore.d.server/dnsmasq A dnsmasq log about DHCP events has the interface name in it. Interface names are allowed to have a dash (-) in them, but the logcheck filter does not have the dash in it. Please add the dash. -- System Information: Debian Release: 5.0.7 APT prefers stable APT policy: (500,

Package: logcheck-database Version: 1.2.68 Severity: normal I'm using ldap to authenticate users. And thus pam_unix is sufficient, but allowed to fail. It has now started to spam the logs with lots of Jan 2 09:22:57 sisko sshd[28511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host92-22-static.38-79-b.business.telecomitalia.it user=root And on