similar to: Bug#412201: [PATCH] Squashed commit of the following:

Package: logcheck-database Version: 1.3.13 Severity: normal The rule for SSH ignoring "Bad protocol version identification" assumes there are no single quotes inside the version string ('[^']'). I am however getting mails including those lines: Mar 25 22:57:04 Debian-60-squeeze-64-minimal sshd[12144]: Bad protocol version identification

Package: logcheck-database Version: 1.3.8 Severity: wishlist HI, can you please create a rule/some rules for amavis(d-new). I get for every mail this mesage: May 25 19:55:40 data amavis[9603]: (09603-15) Passed CLEAN, [::1] [213.165.64.22] <xxx at yyy.zz> -> \ <aaa at localhost>, Message-ID: <20100525175015.29677page1 at mx002.bbb.ccc>, mail_id: MM7upJv6se1Z, \ Hits:

Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch After upgrading to debian squeeze I get several messages a day in the form of: Jul 2 15:05:15 hostname spamd[21286]: spamd: handled cleanup of child pid [28609] due to SIGCHLD: exit 0 This is due to an update in spamd, that makes the message more detailed (includes exit code)[1]. Therefore messages including exit code 0

Package: logcheck Version: 1.3.13 Severity: normal Hi, at present my logcheck is into 33 minutes of cpu time for running the ignore/innd rule, when the innd package is not installed. If running logcheck against only locally created logfiles, there should be a configuration option to only run logcheck against installed (or non-purged) packages. -- System Information: Debian Release: squeeze/sid

Package: logcheck Version: 1.3.14 Severity: normal Tags: patch I keep getting these messages logged, when under high load. This patch should clean that up. commit 72661acccafa519fcb48a6a756e5c35d96e7511d Author: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> Date: Fri Jan 27 16:08:33 2012 +0100 Workaround for error: /usr/sbin/logcheck: line 100: kill: (31667)

Hello I try to execute logcheck from a php page. So I have create a php page with a button which allow to run logcheck like this : /usr/sbin/logcheck -o > /var/log/logcheck (I want to put the result in a file logcheck, that's why I use the option -o) I have put www-data in the groupe adm : "adduser www-data adm" And after if I run logcheck like this for exemple:

Hello, I'm having this error: Warning: If you are seeing this message, your log files may not have been checked! Details: Could not run logtail or save output Check temporary directory: /tmp/logcheck.EIX3jp declare -x HOME="/var/lib/logcheck" declare -x LANG="en_US" declare -x LANGUAGE="en_US:en_GB:en" declare -x LOGNAME="logcheck" declare -x

Package: logcheck Version: 1.3.14 Severity: normal I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run. Renaming it to local-rules got the file used during the next run. Fix: periods should be allowed in filenames, or the fact that they are forbidden expressly documented inteh logcheck README. Thanks Nils -- System Information: Debian

The entry is probably not igored because of the word deny in your path . You might better set your rule in violation.ignore.d/ directory. At 13:00 09/01/2006, you wrote: >Send Logcheck-users mailing list submissions to > logcheck-users@lists.alioth.debian.org > >To subscribe or unsubscribe via the World Wide Web, visit >

Package: logcheck Version: 1.1.1-13.1woody1 Severity: important logcheck line 56 uses "TMPDIR=$(mktemp -d -p ..." but mktemp from woody doesn't accept -p option Cheers, Chris -- System Information Debian Release: 3.0 Kernel Version: Linux ethlife-a 2.4.26-vs1.27 #4 SMP Mit Apr 28 15:20:15 MEST 2004 i686 unknown Versions of the packages logcheck depends on: ii cron

Package: logcheck Version: 1.3.13 Severity: normal Various files under ignore.d.* use "[0-9.]{7,15}" to match an IPv4 address, e.g., a connection to rsyncd. However, this does not match IPv6 addresses, causing spurious reports. A better regexp might be something like: ([0-9.]{7,15}|[0-9a-f:]{2,39}) -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (990,

hello russel, On Mon, 10 Jun 2002, russell at coker.com.au wrote: .. > I would like to be able to have different parts of the report sent to > different people. For example if I install a new daemon on a server > I want the messages for that daemon going only to me (not the entire > admin team) until I get it working properly. Otherwise excessive > spurious messages lead

Package: logcheck Version: 1.2.56 Followup-For: Bug #429384 I get the following message in my e-mail from cron: Cron <logcheck at entercom> if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi /usr/sbin/logcheck: line 645: mktemp: command not found /usr/sbin/logcheck: line 646: mktemp: command not found rm: too few arguments Try `rm --help' for more information.

Hi guys, now that violations.d/logcheck is empty, violations.ignore.d/logcheck-* are useless and many messages that were previously elevated and filtered there now turn up as system events. Thus, I went ahead and merged violations.ignore.d/logcheck-* into ignore.d.*/* in the viol-merge branch. http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge Unless I hear

Package: logcheck Version: 1.2.35 Severity: normal I'm getting the following on two different Unstable boxen: ------------------------------------------------------------------------------ Subject: Cron <logcheck at bandit-hall> if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi

Package: logcheck-database Version: 1.2.39 Severity: wishlist Hi, I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix : ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:

Package: logcheck Version: 1.3.6 Severity: normal Since logcheck 1.3.6, the report send by mail doesn't support unicode characters : Before : To: logcheck at executor.fruit Subject: Executor.FRUIT 2010-02-01 20:02 ?v?nements li?s ? la s?curit? Auto-Submitted: auto-generated From: logcheck system account <logcheck at executor.fruit> ?v?nements li?s ? la s?curit?

Package: logcheck-database Version: 1.2.54 Severity: normal The included filters for cyrus (/etc/logcheck/ignore.d.server/cyrus) are very minimal. The cyrus-imapd-2.2 has a more extensive ruleset (there's a /etc/logcheck/ignore.d.server/cyrus2_2 file in that package). Please copy over the filters from cyrus-imapd-2.2. I'm running logcheck on a loghost, which doesn't run cyrus

I ran into the same problem after somebody uninstalled logcheck and I re-installed it. It turned out that the ownership of /var/lock/logcheck where root:root - sudo chown logcheck:logcheck /var/lock/logcheck solved it. I see that there already is a check for the permissions in the postinst which (as far as I can see) *should* have fixed the permissions and ownership there. When re-installing

Package: logcheck Version: 1.2.35 Severity: minor Current manual reads: EXAMPLES logcheck can be invoked directly thanks to su(8) or sudo(8), which change the user ID: logcheck -o -t Check the logfiles without updating the offset. Print everything to STDOUT I believe this shuold be formatted as: EXAMPLES logcheck can be invoked directly thanks