Displaying 20 results from an estimated 2000 matches similar to: "Bug#444097: /etc/logcheck/ignore.d.server/ddclient: 2 rules to get you started"
2007 Oct 03
1
Bug#445074: /etc/logcheck/ignore.d.server/ssh: Nasty PTR record
Package: logcheck-database
Version: 1.2.62
Severity: wishlist
File: /etc/logcheck/ignore.d.server/ssh
openssh issues a friendly warning when the remote IP maps back to a
hostname that looks just like an IP address. (For example, the address
206.251.174.31 currently maps back to the hostname "206.251.174.31".)
Here's a rule that filters out these unimportant messages:
^\w{3} [
2007 Oct 03
2
Bug#445072: /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ...
Package: logcheck-database
Version: 1.2.62
Severity: normal
File: /etc/logcheck/violations.ignore.d/logcheck-ssh
Somewhere between etch and now, ssh stopped reporting failed passwords
as "error: PAM: Authentication failure for foo", and switched to "Failed
password for foo", similar to what it already did for unknown users, but
without the "invalid user" part.
2008 Mar 05
1
Bug#445072: setting package to logcheck-database logtail logcheck, tagging 444097, tagging 445069, tagging 444096 ... ... ... ... ... ... ...
# Automatically generated email from bts, devscripts version 2.10.18.1
#
# logcheck (1.2.64) unstable; urgency=low
#
# * ignore.d.server/bind:
# - moved "[bind] query $FOO denied" rule to violations.ignore.d
# (closes: #443881).
# - added bind's "AXFR ended" rule alongside "AXFR started"
# (closes: #445046).
# - added "adding an
2006 Jan 18
2
ignore pattern for ddclient
Hi all,
I use logcheck and ddclient, and I think that it would be usefull to
add an ignore pattern for ddclient:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient[[0-9]+]:
SUCCESS: updating [._[:alnum:]-]+: good: IP address set to [.#[:digit:]]+
The original messages are like this:
Jan 18 10:26:40 casaserv ddclient[4397]: SUCCESS: updating
myserver.mine.nu: good: IP address set to 12.345.67.89
2007 Sep 24
3
Bug#443886: /etc/logcheck/ignore.d.server/proftpd: [proftpd] Refused user $USER for service $FOO
Package: logcheck-database
Version: 1.2.61
Severity: wishlist
File: /etc/logcheck/ignore.d.server/proftpd
Two weeks ago, I got a rush of these:
Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd
(Apparently, fail2ban managed to miss those.)
This is triggered by pam_listfile, which is used by proftpd (and other
FTP daemons) to block users listed in
2010 May 17
1
Bug#582060: logcheck-database: bind network unreachable errors
Package: logcheck-database
Version: 1.3.8
Severity: normal
After double checking that I had the most up to date logcheck-database
:-) I am seeing these lines reported.
May 17 15:29:33 localhost named[1765]: error (network unreachable) resolving 'software.majix.org/A/IN': 2001:503:ba3e::2:30#53
I believe that this line was intended to match it.
^\w{3} [ :[:digit:]]{11}
2005 Jun 07
2
Bug#312376: /etc/logcheck/logcheck.ignore is no longer read
Package: logcheck
Version: 1.2.39
Severity: normal
Since I've upgraded my servers to sarge, I'm getting mail every hour for
stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns
out that sarge's version no longer reads that file.
If this was a conscious decision, then there should be some warning
about this when upgrading (via debconf of NEWS.Debian). Also, the
2016 Apr 21
1
Problem updating ddclient
when I ran "sudo yum update" on my CentOS-7.2.1511 today,
ddclient was updated to ddclient-3.8.3-1.el7.noarch (from 3.7.3),
and ddclient.conf was moved to ddclient.conf.rpmsave .
When I move it back, "sudo systemctl restart ddclient"
fails with the error (in "sudo journalctl -xe | grep ddclient")
Apr 21 13:05:39 alfred.gayleard.eu.localdomain touch[8590]:
2007 Oct 29
1
Bug#448510: logcheck-database: revised pattern for spamd
Package: logcheck-database
Version: 1.2.63
Severity: normal
Tags: patch
spamassassin is now reporting Unix domain sockets in the rport field.
I'm not exactly sure what changed to cause this to happen; it started
after an upgrade whose only remotely relevant package was razor.
I think the following pattern in ignore.d.server/spamd will work
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2007 Oct 06
1
Bug#445537: logcheck: Kein Deutsch in config Dateien bitte
Package: logcheck
Version: 1.2.62
Severity: minor
# Send the results as attachment or not.
# 0=not as attachment; 1=as attachment
# Default ist 0
^^^
MAILASATTACH=0
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.23-rc8+cfs (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8,
2010 May 04
1
Bug#580260: logcheck-database: dkim-filter needs tweak
Package: logcheck-database
Version: 1.3.8
11 hex digits, and "no"
diff -ur logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter
--- logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter 2008-05-22 04:20:58.000000000 -0400
+++ logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter 2010-05-04
2008 Mar 15
1
Bug#471072: logcheck-database: Moving most of violations.ignore.d to ignore.d.*
Package: logcheck-database
Version: 1.2.63
Severity: normal
Given that violations.d/logcheck has been emptied by
2394562ab4a13c4510c671f01ffc8f35e97f1cd3, shouldn't most of
violations.ignore.d be moved to one of ignore.d.*? AIUI, all of these
are currently rendered useless.
(I'll gladly lend a hand; I just want to make sure this is the right
thing to do.)
-- System Information:
Debian
2008 Mar 23
1
Bug#472368: Expansion to dyndns support section of dhcp
Package: logcheck-database
Version: 1.2.63
Severity: normal
--- Please enter the report below this line. ---
Added the following patterns to allow for removal of dynamically
allocated addresses from the DNS server by dhcp:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: if [._[:alnum:]-]+ IN TXT .[[:alnum:]]+. rrset exists and [._[:alnum:]-]+ IN A [.0-9]+ rrset exists delete [._[:alnum:]-]+ IN A
2009 Aug 18
2
Bug#542265: sendmail-base and logcheck-database: error when trying to install together
Package: logcheck-database,sendmail-base
Version: logcheck-database/1.2.69
Version: sendmail-base/8.14.3-9
Severity: serious
User: treinen at debian.org
Usertags: edos-file-overwrite
Date: 2009-08-18
Architecture: amd64
Distribution: sid
Hi,
automatic installation tests of packages that share a file and at the
same time do not conflict by their package dependency relationships has
detected the
2008 Jan 24
0
[PATCH] Re-enabled :port portion of "UDPv4 link" openvpn rule
I see that this openvpn rule has been modified to no longer attach the
":port" part to "[undef]" -- probably to reflect a recent change in
openvpn. Unfortunately, the rule no longer matches in etch, thus
breaking the backport.
Here's a patch to match both versions.
Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net>
---
rulefiles/linux/ignore.d.server/openvpn
2008 Apr 25
1
Bug#477932: logcheck-database: bind with views - messages not filtered
Package: logcheck-database
Version: 1.2.54
Severity: normal
Tags: patch
When views are used in bind, the logcheck filters don't catch the common
informational log messages.
Added regex bits to the filter definitions.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel:
2008 Feb 09
1
Bug#464896: logcheck-database: ignore Postfix bad address syntax errors from postfix/error
Package: logcheck-database
Version: 1.2.63
Severity: wishlist
Tags: patch
The bad address syntax bounce message was previously logged by
postfix/qmgr, but in the current version of Postfix in lenny is
(at least sometimes) logged by postfix/error instead.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1,
2008 Apr 28
1
Bug#478334: logcheck doesn't know about dkim-filter
Package: logcheck-database
Version: 1.2.63
> Apr 28 17:02:39 naam dkim-filter[15536]: 570BA180CE: bad signature data
> Apr 28 17:03:20 naam dkim-filter[15536]: A08D2180CE: bad signature data
> Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE SSL error:04077068:rsa routines:RSA_verify:bad signature
> Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE: bad signature data
> Apr 28
2008 Apr 06
1
Bug#474606: logcheck: add a filter for r300 microcode
Package: logcheck
Version: 1.2.63
Severity: normal
Hi,
I have just installed logcheck and it works out of the box! thx for
that!
I just notice that in the /etc/logcheck/ignore.d.workstation/kernel
file there is a filter for "[drm] Loading r200 Microcode". COuld you
add please the same for the r300. The log message is the same :
Apr 6 19:21:14 debian kernel: [drm] Loading R300
2009 Jan 02
1
Bug#510472: logcheck-database: pam_unix messages could be ignored.
Package: logcheck-database
Version: 1.2.68
Severity: normal
I'm using ldap to authenticate users. And thus pam_unix is sufficient, but allowed to fail. It has now started to spam the logs with lots of
Jan 2 09:22:57 sisko sshd[28511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host92-22-static.38-79-b.business.telecomitalia.it user=root
And on