similar to: dhclient: parse_option_buffer: option ... larger than buffer

Hi guys, now that violations.d/logcheck is empty, violations.ignore.d/logcheck-* are useless and many messages that were previously elevated and filtered there now turn up as system events. Thus, I went ahead and merged violations.ignore.d/logcheck-* into ignore.d.*/* in the viol-merge branch. http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge Unless I hear

apt-get install svn-buildpackage cat <<_eof >> ~/.svn-buildpackage.conf svn-lintian svn-linda svn-move _eof mkdir logcheck; cd logcheck svn co svn+ssh://svn.debian.org/svn/logcheck/logcheck/trunk cd trunk svn-buildpackage -k<your key ID> -rfakeroot man svn-buildpackage for more. Nice, huh? -- .''`. martin f. krafft <madduck at debian.org> : :' :

tags 475553 wontfix thanks While I completely agree that this /should/ be fixed in logcheck, it can't be, since the logcheck rulefile format *sucks*, meaning /every/ rule would have to be extended to support both styles. I am sorry, but I have to mark this wontfix. I hope that one day, someone will get up and write logfilter, which I've started to draft on the wiki.logcheck.org page.

Package: logcheck Severity: wishlist I see no reason why /etc/logcheck should have any more permissions than 0750. Please consider removing access rights from 'other'. -- System Information: Debian Release: testing/unstable APT prefers stable APT policy: (700, 'stable'), (600, 'testing'), (98, 'unstable'), (1, 'experimental') Architecture: i386 (i686)

I have rules like this on my servers: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[[:digit:].]{7,15}\]\) (- )USER [-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+ \[[[:digit:].]{7,15}\]\ to [[:digit:].]{7,15}:21$ basically, I just don't care about logins as nonexistent users, I get so many of those that I don't even

Package: courier-imap-ssl,logcheck-database Severity: wishlist Please move /etc/logcheck/*/courier to the courier packages and out of logcheck-database. -- System Information: Debian Release: testing/unstable APT prefers stable APT policy: (700, 'stable'), (600, 'testing'), (98, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked

also sprach Jamie L. Penman-Smithson <lists at silverdream.org> [2006.07.02.0012 +0200]: > >As far as I can tell, Postfix adds extended status codes, so instead > >of "250", you now get "250 2.0.0". > > Most of the rules have been updated to include these. If you find > any which have not been, file a bug. Are you sure? If I look at e.g.

Hi there, My updated Vietnamese translation is attached. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: vi.po Type: application/octet-stream Size: 6969 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060710/4703d02c/attachment.obj -------------- next part -------------- Regards, Clytie Siddall

Package: logcheck-database Version: 1.2.44 Severity: minor Tags: patch Please change the following line in violations.ignore.d/logcheck-postfix: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: to=<[^[:space:]]+>, relay=[._[:alnum:]-]+\[[0-9.]{7,15}\], delay=[0-9]+, status=(deferred|bounced) \(host [._[:alnum:]-]+\[[0-9.]{7,15}\] said: [45][0-9][0-9] .* \(in

Package: logcheck-database Version: 1.2.44 Severity: wishlist Tags: patch violations.ignore.d/local-ssh ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection timed out$ ignore.d/local-ssh ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:

Package: logcheck-database Version: 1.2.45 Severity: normal Tags: patch pending confirmed My bad, sorry. --- rulefiles/linux/ignore.d.server/ssh 6 Jul 2006 10:16:41 -0000 1.18 +++ rulefiles/linux/ignore.d.server/ssh 7 Jul 2006 19:35:19 -0000 @@ -10,7 +10,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from [:[:alnum:].]+ \([:[:alnum:].]+\)$ ^\w{3} [ :0-9]{11}

Hi, I'm quite a fan of logcheck and have been using it since setting up my sites, and I recently saw madduck's call for help on logcheck at debaday.[0] How can I help? [0] http://debaday.debian.net/2009/07/19/logcheck-brilliantly-simple-log-monitoring/ P.S. Please CC me on replies, thanks! -- Zak B. Elep -- 1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D I like the idea of 256

Package: xen-utils-3.2-1 Version: 3.2.0-5 Severity: important $vifnum is undefined when this is called. Starting XEN control daemon: xend/etc/xen/scripts/network-route: line 27: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory /etc/xen/scripts/network-route: line 27: /proc/sys/net/ipv4/conf/eth/proxy_arp: No such file or directory /etc/xen/scripts/network-route: line 27:

On Mon, 4 Feb 2008 08:15:24 +1300, martin f krafft wrote: > logcheck has the policy not to ignore restart messages. Thanks for > the patch, please understand that I won't be including it. Quote from README.logcheck-database: "Unfortunately, we don't have the time to add and update rules for everything, therefore the following exceptions apply: * Debug messages * Messages

Martin F. Krafft (madduck) has been added to the project. P.S. I'd like to get a release out sometime next week. -- Todd Troxell http://rapidpacket.com/~xtat -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url :

Hi, I think #385934 and #385574 and probably be merged, even though they apply to different architectures. I asked the contributors of the former bug to check whether the -unstable-1-XXX package fixes their problem, as it did for me, but I did not feel like invading more on your space, so I'll leave the merging to you. -- .''`. martin f. krafft <madduck@debian.org> :

Package: logcheck Version: 1.3.3 Severity: normal Tags: patch User: ubuntu-devel at lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch As reported in https://launchpad.net/bugs/307847: recent dhclient includes the ip address it is releasing and renewing. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(NAK|ACK|OFFER) from [.0-9]{7,15}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck Version: 1.3.3 Severity: wishlist Tags: patch Ali Saidi submitted rules for amd from the am-utils package to Ubuntu at https://bugs.launchpad.net/ubuntu/+source/logcheck/+bug/91438 The provided rules are located at: http://launchpadlibrarian.net/6728953/amd Please consider including them in the next release. I've asked where to put them, but it should probably the

Package: logcheck Version: 1.3.4 Severity: normal I am running debian/testing and just upgraded to logcheck 1.3.4 and it started reporting the error: mkdir: cannot create directory `/var/lock/logcheck': Permission denied I created the directory and chown'd it to logcheck and it seems fine now. Looking at the changelog, I see something was purposefully changed, so I imagine I

hello logcheck team, is there a reason why no dhclient patterns are provided in ignore.d.workstation? in ignore.d.server there are all necessery pattern for dhclient, but a workstation typicaly uses dhcp an those messages reported by logcheck are annoying. are there any good reasons not to include dhclient patterns in ignore.d.workstation or are they simply missed? thank you for any feedback!