Displaying 20 results from an estimated 2000 matches similar to: "Bug#445072: /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ..."
2007 Oct 03
1
Bug#445074: /etc/logcheck/ignore.d.server/ssh: Nasty PTR record
Package: logcheck-database
Version: 1.2.62
Severity: wishlist
File: /etc/logcheck/ignore.d.server/ssh
openssh issues a friendly warning when the remote IP maps back to a
hostname that looks just like an IP address. (For example, the address
206.251.174.31 currently maps back to the hostname "206.251.174.31".)
Here's a rule that filters out these unimportant messages:
^\w{3} [
2007 Sep 26
1
Bug#444097: /etc/logcheck/ignore.d.server/ddclient: 2 rules to get you started
Package: logcheck
Version: 1.2.62
Severity: wishlist
Here are two rules for ddclient, a client for dynamic IP services such
as DynDNS or DynIP:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: SUCCESS: updating [._[:alnum:]-]+: good: IP address set to [:[:xdigit:].]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: WARNING: forcing update of [._[:alnum:]-]+ from
2008 Mar 15
1
Bug#471072: logcheck-database: Moving most of violations.ignore.d to ignore.d.*
Package: logcheck-database
Version: 1.2.63
Severity: normal
Given that violations.d/logcheck has been emptied by
2394562ab4a13c4510c671f01ffc8f35e97f1cd3, shouldn't most of
violations.ignore.d be moved to one of ignore.d.*? AIUI, all of these
are currently rendered useless.
(I'll gladly lend a hand; I just want to make sure this is the right
thing to do.)
-- System Information:
Debian
2007 Sep 24
3
Bug#443886: /etc/logcheck/ignore.d.server/proftpd: [proftpd] Refused user $USER for service $FOO
Package: logcheck-database
Version: 1.2.61
Severity: wishlist
File: /etc/logcheck/ignore.d.server/proftpd
Two weeks ago, I got a rush of these:
Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd
(Apparently, fail2ban managed to miss those.)
This is triggered by pam_listfile, which is used by proftpd (and other
FTP daemons) to block users listed in
2008 Mar 05
1
Bug#445072: setting package to logcheck-database logtail logcheck, tagging 444097, tagging 445069, tagging 444096 ... ... ... ... ... ... ...
# Automatically generated email from bts, devscripts version 2.10.18.1
#
# logcheck (1.2.64) unstable; urgency=low
#
# * ignore.d.server/bind:
# - moved "[bind] query $FOO denied" rule to violations.ignore.d
# (closes: #443881).
# - added bind's "AXFR ended" rule alongside "AXFR started"
# (closes: #445046).
# - added "adding an
2008 Apr 28
1
Bug#478334: logcheck doesn't know about dkim-filter
Package: logcheck-database
Version: 1.2.63
> Apr 28 17:02:39 naam dkim-filter[15536]: 570BA180CE: bad signature data
> Apr 28 17:03:20 naam dkim-filter[15536]: A08D2180CE: bad signature data
> Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE SSL error:04077068:rsa routines:RSA_verify:bad signature
> Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE: bad signature data
> Apr 28
2007 Oct 06
1
Bug#445537: logcheck: Kein Deutsch in config Dateien bitte
Package: logcheck
Version: 1.2.62
Severity: minor
# Send the results as attachment or not.
# 0=not as attachment; 1=as attachment
# Default ist 0
^^^
MAILASATTACH=0
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.23-rc8+cfs (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8,
2005 Jun 07
2
Bug#312376: /etc/logcheck/logcheck.ignore is no longer read
Package: logcheck
Version: 1.2.39
Severity: normal
Since I've upgraded my servers to sarge, I'm getting mail every hour for
stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns
out that sarge's version no longer reads that file.
If this was a conscious decision, then there should be some warning
about this when upgrading (via debconf of NEWS.Debian). Also, the
2008 Apr 25
1
Bug#477932: logcheck-database: bind with views - messages not filtered
Package: logcheck-database
Version: 1.2.54
Severity: normal
Tags: patch
When views are used in bind, the logcheck filters don't catch the common
informational log messages.
Added regex bits to the filter definitions.
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel:
2008 Feb 09
1
Bug#464896: logcheck-database: ignore Postfix bad address syntax errors from postfix/error
Package: logcheck-database
Version: 1.2.63
Severity: wishlist
Tags: patch
The bad address syntax bounce message was previously logged by
postfix/qmgr, but in the current version of Postfix in lenny is
(at least sometimes) logged by postfix/error instead.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1,
2008 Apr 06
1
Bug#474606: logcheck: add a filter for r300 microcode
Package: logcheck
Version: 1.2.63
Severity: normal
Hi,
I have just installed logcheck and it works out of the box! thx for
that!
I just notice that in the /etc/logcheck/ignore.d.workstation/kernel
file there is a filter for "[drm] Loading r200 Microcode". COuld you
add please the same for the r300. The log message is the same :
Apr 6 19:21:14 debian kernel: [drm] Loading R300
2007 Oct 29
1
Bug#448510: logcheck-database: revised pattern for spamd
Package: logcheck-database
Version: 1.2.63
Severity: normal
Tags: patch
spamassassin is now reporting Unix domain sockets in the rport field.
I'm not exactly sure what changed to cause this to happen; it started
after an upgrade whose only remotely relevant package was razor.
I think the following pattern in ignore.d.server/spamd will work
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2009 Aug 18
2
Bug#542265: sendmail-base and logcheck-database: error when trying to install together
Package: logcheck-database,sendmail-base
Version: logcheck-database/1.2.69
Version: sendmail-base/8.14.3-9
Severity: serious
User: treinen at debian.org
Usertags: edos-file-overwrite
Date: 2009-08-18
Architecture: amd64
Distribution: sid
Hi,
automatic installation tests of packages that share a file and at the
same time do not conflict by their package dependency relationships has
detected the
2010 Jan 21
1
Bug#566107: logcheck-database: with violations.d/logcheck empty most rules in violations.ignore.d look useless
Package: logcheck-database
Version: 1.3.5
Severity: normal
Hi,
I was having a look at logcheck and why I received a "verification failed:
Temporary failure in name resolution" as a _system_ message.
Turns out that since violations.d/logcheck is empty now, most of the rules in
violations.ignore.d look quite useless, can you confirm?
I suspect that a big part of those rules should be
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
2009 Oct 17
1
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
Hi,
I think that this rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-)
(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
is supposed to filter out lines like:
Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root
It is not working because the pattern dos not include the "/dev/" part
and
2008 Mar 14
5
Bug#470929: dhcp: interface names can have dash in them
Package: logcheck-database
Version: 1.2.54
Severity: normal
I recently created a bridge with the name xen-local. The DHCP server gets requests
via this bridge.
I got spammed with logcheck messages about DHCPREQUESTS and the lot because the name
of the interface in the logcheck-database does not match on names with a dash in it.
-- System Information:
Debian Release: 4.0
APT prefers stable
2008 Jul 21
1
merging violations.ignore.d/logcheck-* into ignore.d.*/*
Hi guys, now that violations.d/logcheck is empty,
violations.ignore.d/logcheck-* are useless and many messages that
were previously elevated and filtered there now turn up as system
events. Thus, I went ahead and merged violations.ignore.d/logcheck-*
into ignore.d.*/* in the viol-merge branch.
http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge
Unless I hear
2006 May 21
2
Bug#368313: logcheck-database: new postfix violations ignore rule
Package: logcheck-database
Version: 1.2.39
Severity: wishlist
Hi,
I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix :
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:
2009 Apr 07
1
Bug#515156: Same bug after removal + reinstall
I ran into the same problem after somebody uninstalled logcheck and I
re-installed it.
It turned out that the ownership of /var/lock/logcheck where root:root -
sudo chown logcheck:logcheck /var/lock/logcheck solved it.
I see that there already is a check for the permissions in the postinst
which (as far as I can see) *should* have fixed the permissions and
ownership there.
When re-installing
2008 Dec 27
2
Bug#509885: does not cleanly update from logtail2
Package: logtail
Version: 1.2.68
Severity: normal
Hi,
logtail does not cleanly update from logtail2:
$ sudo dpkg --install /var/cache/apt/archives/logtail_1.2.68_all.deb
(Reading database ... 26564 files and directories currently installed.)
Unpacking logtail (from .../logtail_1.2.68_all.deb) ...
dpkg: error processing /var/cache/apt/archives/logtail_1.2.68_all.deb (--install):
trying to