similar to: Bug#444097: /etc/logcheck/ignore.d.server/ddclient: 2 rules to get you started

Package: logcheck-database Version: 1.2.62 Severity: wishlist File: /etc/logcheck/ignore.d.server/ssh openssh issues a friendly warning when the remote IP maps back to a hostname that looks just like an IP address. (For example, the address 206.251.174.31 currently maps back to the hostname "206.251.174.31".) Here's a rule that filters out these unimportant messages: ^\w{3} [

Package: logcheck-database Version: 1.2.62 Severity: normal File: /etc/logcheck/violations.ignore.d/logcheck-ssh Somewhere between etch and now, ssh stopped reporting failed passwords as "error: PAM: Authentication failure for foo", and switched to "Failed password for foo", similar to what it already did for unknown users, but without the "invalid user" part.

# Automatically generated email from bts, devscripts version 2.10.18.1 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/bind: # - moved "[bind] query $FOO denied" rule to violations.ignore.d # (closes: #443881). # - added bind's "AXFR ended" rule alongside "AXFR started" # (closes: #445046). # - added "adding an

Hi all, I use logcheck and ddclient, and I think that it would be usefull to add an ignore pattern for ddclient: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient[[0-9]+]: SUCCESS: updating [._[:alnum:]-]+: good: IP address set to [.#[:digit:]]+ The original messages are like this: Jan 18 10:26:40 casaserv ddclient[4397]: SUCCESS: updating myserver.mine.nu: good: IP address set to 12.345.67.89

Package: logcheck-database Version: 1.2.61 Severity: wishlist File: /etc/logcheck/ignore.d.server/proftpd Two weeks ago, I got a rush of these: Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd (Apparently, fail2ban managed to miss those.) This is triggered by pam_listfile, which is used by proftpd (and other FTP daemons) to block users listed in

Package: logcheck-database Version: 1.3.8 Severity: normal After double checking that I had the most up to date logcheck-database :-) I am seeing these lines reported. May 17 15:29:33 localhost named[1765]: error (network unreachable) resolving 'software.majix.org/A/IN': 2001:503:ba3e::2:30#53 I believe that this line was intended to match it. ^\w{3} [ :[:digit:]]{11}

Package: logcheck Version: 1.2.39 Severity: normal Since I've upgraded my servers to sarge, I'm getting mail every hour for stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns out that sarge's version no longer reads that file. If this was a conscious decision, then there should be some warning about this when upgrading (via debconf of NEWS.Debian). Also, the

when I ran "sudo yum update" on my CentOS-7.2.1511 today, ddclient was updated to ddclient-3.8.3-1.el7.noarch (from 3.7.3), and ddclient.conf was moved to ddclient.conf.rpmsave . When I move it back, "sudo systemctl restart ddclient" fails with the error (in "sudo journalctl -xe | grep ddclient") Apr 21 13:05:39 alfred.gayleard.eu.localdomain touch[8590]:

Package: logcheck-database Version: 1.2.63 Severity: normal Tags: patch spamassassin is now reporting Unix domain sockets in the rport field. I'm not exactly sure what changed to cause this to happen; it started after an upgrade whose only remotely relevant package was razor. I think the following pattern in ignore.d.server/spamd will work ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck Version: 1.2.62 Severity: minor # Send the results as attachment or not. # 0=not as attachment; 1=as attachment # Default ist 0 ^^^ MAILASATTACH=0 -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.23-rc8+cfs (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8,

Package: logcheck-database Version: 1.3.8 11 hex digits, and "no" diff -ur logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter --- logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter 2008-05-22 04:20:58.000000000 -0400 +++ logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter 2010-05-04

Package: logcheck-database Version: 1.2.63 Severity: normal Given that violations.d/logcheck has been emptied by 2394562ab4a13c4510c671f01ffc8f35e97f1cd3, shouldn't most of violations.ignore.d be moved to one of ignore.d.*? AIUI, all of these are currently rendered useless. (I'll gladly lend a hand; I just want to make sure this is the right thing to do.) -- System Information: Debian

Package: logcheck-database Version: 1.2.63 Severity: normal --- Please enter the report below this line. --- Added the following patterns to allow for removal of dynamically allocated addresses from the DNS server by dhcp: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: if [._[:alnum:]-]+ IN TXT .[[:alnum:]]+. rrset exists and [._[:alnum:]-]+ IN A [.0-9]+ rrset exists delete [._[:alnum:]-]+ IN A

Package: logcheck-database,sendmail-base Version: logcheck-database/1.2.69 Version: sendmail-base/8.14.3-9 Severity: serious User: treinen at debian.org Usertags: edos-file-overwrite Date: 2009-08-18 Architecture: amd64 Distribution: sid Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the

I see that this openvpn rule has been modified to no longer attach the ":port" part to "[undef]" -- probably to reflect a recent change in openvpn. Unfortunately, the rule no longer matches in etch, thus breaking the backport. Here's a patch to match both versions. Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net> --- rulefiles/linux/ignore.d.server/openvpn

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch When views are used in bind, the logcheck filters don't catch the common informational log messages. Added regex bits to the filter definitions. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel:

Package: logcheck-database Version: 1.2.63 Severity: wishlist Tags: patch The bad address syntax bounce message was previously logged by postfix/qmgr, but in the current version of Postfix in lenny is (at least sometimes) logged by postfix/error instead. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1,

Package: logcheck-database Version: 1.2.63 > Apr 28 17:02:39 naam dkim-filter[15536]: 570BA180CE: bad signature data > Apr 28 17:03:20 naam dkim-filter[15536]: A08D2180CE: bad signature data > Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE SSL error:04077068:rsa routines:RSA_verify:bad signature > Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE: bad signature data > Apr 28

Package: logcheck Version: 1.2.63 Severity: normal Hi, I have just installed logcheck and it works out of the box! thx for that! I just notice that in the /etc/logcheck/ignore.d.workstation/kernel file there is a filter for "[drm] Loading r200 Microcode". COuld you add please the same for the r300. The log message is the same : Apr 6 19:21:14 debian kernel: [drm] Loading R300

Package: logcheck-database Version: 1.2.68 Severity: normal I'm using ldap to authenticate users. And thus pam_unix is sufficient, but allowed to fail. It has now started to spam the logs with lots of Jan 2 09:22:57 sisko sshd[28511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host92-22-static.38-79-b.business.telecomitalia.it user=root And on