Displaying 20 results from an estimated 3000 matches similar to: "Bug#425967: logcheck-database: The patterns for courier-imap-ssl do not match imap, only imap-ssl"
2007 Mar 04
0
Bug#413364: logcheck ignores cron rules for "session closed" and "session opened"
Package: logcheck
Version: 1.2.54
Severity: normal
In the file ignore.d.paranoid/cron there are the rules
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
to ignore lines like
10:17:01 at 04-03-2007 tooar
2009 Jan 02
1
Bug#510472: logcheck-database: pam_unix messages could be ignored.
Package: logcheck-database
Version: 1.2.68
Severity: normal
I'm using ldap to authenticate users. And thus pam_unix is sufficient, but allowed to fail. It has now started to spam the logs with lots of
Jan 2 09:22:57 sisko sshd[28511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host92-22-static.38-79-b.business.telecomitalia.it user=root
And on
2004 Oct 11
1
Bug#275946: Acknowledgement (newline not recognized when logcheck sends emails)
I upgraded to 1.2.28, same results.
Here are the rules I added.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: [^[:space:]]+ \[NOTICE\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: [^[:space:]]+ \[INFO\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ exact\[[0-9]+\]:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ slapd\[[0-9]+\]:
^\w{3} [ :0-9]{11}
2006 May 30
2
Bug#369603: logcheck-database: new rule for dhcpd
Package: logcheck-database
Version: 1.2.44
Severity: minor
Tags: patch
Hi,
This patch changes one rule for dhcpd. It adds support for log lines of the following format:
May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1
Regards,
Robbert
--- /root/dhcp 2006-05-30 21:50:24.000000000 +0200
+++ dhcp 2006-05-30 23:27:06.000000000 +0200
@@ -18,7 +18,7 @@
2006 Dec 19
0
Bug#403758: Logcheck rules for Snort
Package: logcheck-database
Hey,
I created a logcheck ignore file for Snort with stuff I don't
particularly want to see every day. The one line with the warning in it is
questionable, so leave it in or out at your discretion. Also, my regex
skills are not as good as they could be, so there are probably mistakes, or
things that could be simplified more. Rules are below:
^\w{3} [
2007 Jun 11
0
Bug#428428: patch for cron ignore rule
Package: logcheck
Version: 1.2.54
Severity: normal
Tags: patch
On my system, this ignore rule needs /usr/bin/ in front of the cron command, or the rule fails to match.
hostname:/etc/logcheck/ignore.d.server# diff cron cron.old
1c1
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/bin/)?crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST \([[:alnum:]-]+\)$
---
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2006 Jan 07
2
Bug#346350: logcheck-database: dhcp3-server ignores need to include (none ) client host name
Package: logcheck-database
Version: 1.2.39
Severity: normal
I use dhcp3-server and a dhcp client which is Sony HDD video recorder
CoCoon. The client not return client host name.
In this case, dhcpd server assumed the client host name is (none).
Therefor dhcpd output log described below.
> Jan 7 10:49:24 on-o dhcpd: DHCPDISCOVER from 08:00:46:33:55:77 ((none)) via eth0
> Jan 7 10:49:25
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
2009 Oct 17
1
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
Hi,
I think that this rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-)
(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
is supposed to filter out lines like:
Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root
It is not working because the pattern dos not include the "/dev/" part
and
2010 Jul 28
1
Bug#590679: [logcheck-database] rules for ntpd
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
some rules for ntpd as i couldn't find any:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset
[+-]*[0-9]{1,2}\.[0-9]{6} s$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation
lost$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers
reachable$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2004 Oct 13
2
Bug#276317: logcheck-database: Namechange for ISC in /etc/logcheck/ignore.d.server/dhcp
Package: logcheck-database
Version: 1.2.28
Severity: normal
Hi,
the Internet Software Consortium changed the name to Internet Systems Consortium.
For a fix for the logcheck rules see the attachment.
-- System Information:
Debian Release: 3.0
APT prefers testing
APT policy: (600, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel:
2013 Feb 18
0
Bug#700851: logcheck-database: postfix ignore.d.server now logs on the same line sasl_method, sasl_username AND sasl_sender, rule must be updated
Package: logcheck-database
Severity: normal
postfix has changed log formats, now it includes sasl_sender in log lines.
The rule at ./ignore.d.server/postfix:109
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
[[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+,
sasl_username=[-_.@[:alnum:]]+$
must be updated with:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
2004 Jul 21
1
Bug#260573: logcheck: ignore.d.paranoid/cron and ignore.d.server/cron swapped
Package: logcheck
Version: 1.2.23
Severity: normal
Hello,
I have:
# /bin/cat ignore.d.server/cron
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST \([[:alnum:]-]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) REPLACE \([[:alnum:]-]+\)$
and:
# /bin/cat ignore.d.paranoid/cron
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2009 Oct 24
1
Bug#552222: logcheck: dhclient regexes need updating
Package: logcheck
Version: 1.3.3
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
As reported in https://launchpad.net/bugs/307847:
recent dhclient includes the ip address it is releasing and renewing.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(NAK|ACK|OFFER) from [.0-9]{7,15}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2006 Jun 05
0
Dovecot + Logcheck Regex
I'm using logcheck for log reporting on Debian Etch, and am currently
getting a lot of log entries from Syslog falling through the standard
logcheck regex filters. I'm running Dovecot 1.0beta8. The filters
follow:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|pop3)-login: Login:
[.[:alnum:]@-]+ \[(::ffff:)?[:0-9a-f.]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (dovecot: )?(imap|pop3)-login:
2004 Jul 21
4
Bug#260743: logcheck-database: dhcp rule updates for failover support
Package: logcheck-database
Version: 1.2.23
Severity: minor
Hi,
a couple of minor corrections to the dhcp rule sets:
First of all, the hostname matching parts need to include the "._-"
signs (maybe . is not needed but it might be).
Then when using failover, log lines of type DHCPDISCOVER and DHCPREQUEST
may be entailed by the string ": load balance to peer <somestring>".
2004 Sep 04
1
Bug#269959: logcheck-database: courier ignore.d.server contains word from violations.d list
Package: logcheck-database
Version: 1.2.26
Severity: normal
Hi,
the file courier contains the line:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection
shutdown\.$
This triggers the security logcheck section because of the word
"shutdown". Quick fix is to move or duplicate this line to
violations.ignore.d/logcheck-courier.
BTW: It looks like the courier package
2006 Apr 18
0
Bug#363336: logcheck-database: incomplete regexp for popa3d log message
Package: logcheck-database
Version: 1.2.43a
Severity: normal
Tags: patch
Hi,
Given the following popa3d log messages:
popa3d[15636]: 0 messages (0 bytes) loaded
popa3d[15993]: 1 message (3837 bytes) loaded
popa3d[15856]: 3 messages (18116 bytes) loaded
The current logcheck ruleset does not take into account that sometimes there might be multiple message_S_ to be loaded. The following patch
2010 Feb 07
2
Bug#568815: Redundant messages from dhcpd in logcheck output in "server" mode.
Package: logcheck
Version: 1.2.69
Severity: normal
Tags: patch
Logcheck's reports contains many messages like:
Feb 7 19:03:57 srv dhcpd: DHCPREQUEST for 172.21.0.126 from 00:19:7e:9f:cc:32 (Hostname
Unsuitable for Printing) via eth0
Feb 7 19:03:57 srv dhcpd: DHCPACK on 172.21.0.126 to 00:19:7e:9f:cc:32 (Hostname
Unsuitable for Printing) via eth0
I create file
2007 Oct 29
1
Bug#448510: logcheck-database: revised pattern for spamd
Package: logcheck-database
Version: 1.2.63
Severity: normal
Tags: patch
spamassassin is now reporting Unix domain sockets in the rport field.
I'm not exactly sure what changed to cause this to happen; it started
after an upgrade whose only remotely relevant package was razor.
I think the following pattern in ignore.d.server/spamd will work
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2007 Jan 16
0
Bug#407087: Logcheck rule update.
Package: logcheck-database
Version: 1.2.52
Severity: Minor
Tags: Patch
I've got a suggested rule update for the kernel file in the
/etc/logcheck/ignore.d.workstation directory.
The file already contains this rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: input: Logitech USB Mouse as /class/input/input[[:digit:]]+$
However my system was reporting the following two similar events: