similar to: Bug#445074: /etc/logcheck/ignore.d.server/ssh: Nasty PTR record

Package: logcheck Version: 1.2.62 Severity: wishlist Here are two rules for ddclient, a client for dynamic IP services such as DynDNS or DynIP: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: SUCCESS: updating [._[:alnum:]-]+: good: IP address set to [:[:xdigit:].]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: WARNING: forcing update of [._[:alnum:]-]+ from

Package: logcheck-database Version: 1.2.62 Severity: normal File: /etc/logcheck/violations.ignore.d/logcheck-ssh Somewhere between etch and now, ssh stopped reporting failed passwords as "error: PAM: Authentication failure for foo", and switched to "Failed password for foo", similar to what it already did for unknown users, but without the "invalid user" part.

Package: logcheck-database Version: 1.2.61 Severity: wishlist File: /etc/logcheck/ignore.d.server/proftpd Two weeks ago, I got a rush of these: Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd (Apparently, fail2ban managed to miss those.) This is triggered by pam_listfile, which is used by proftpd (and other FTP daemons) to block users listed in

Package: logcheck-database Version: 1.2.63 Severity: normal Given that violations.d/logcheck has been emptied by 2394562ab4a13c4510c671f01ffc8f35e97f1cd3, shouldn't most of violations.ignore.d be moved to one of ignore.d.*? AIUI, all of these are currently rendered useless. (I'll gladly lend a hand; I just want to make sure this is the right thing to do.) -- System Information: Debian

Package: logcheck Version: 1.2.62 Severity: minor # Send the results as attachment or not. # 0=not as attachment; 1=as attachment # Default ist 0 ^^^ MAILASATTACH=0 -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.23-rc8+cfs (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8,

Package: logcheck Version: 1.2.39 Severity: normal Since I've upgraded my servers to sarge, I'm getting mail every hour for stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns out that sarge's version no longer reads that file. If this was a conscious decision, then there should be some warning about this when upgrading (via debconf of NEWS.Debian). Also, the

# Automatically generated email from bts, devscripts version 2.10.18.1 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/bind: # - moved "[bind] query $FOO denied" rule to violations.ignore.d # (closes: #443881). # - added bind's "AXFR ended" rule alongside "AXFR started" # (closes: #445046). # - added "adding an

Package: logcheck-database Version: 1.3.8 Severity: normal After double checking that I had the most up to date logcheck-database :-) I am seeing these lines reported. May 17 15:29:33 localhost named[1765]: error (network unreachable) resolving 'software.majix.org/A/IN': 2001:503:ba3e::2:30#53 I believe that this line was intended to match it. ^\w{3} [ :[:digit:]]{11}

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch When views are used in bind, the logcheck filters don't catch the common informational log messages. Added regex bits to the filter definitions. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel:

Package: logcheck-database Version: 1.2.63 Severity: wishlist Tags: patch The bad address syntax bounce message was previously logged by postfix/qmgr, but in the current version of Postfix in lenny is (at least sometimes) logged by postfix/error instead. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1,

Package: logcheck-database Version: 1.2.63 > Apr 28 17:02:39 naam dkim-filter[15536]: 570BA180CE: bad signature data > Apr 28 17:03:20 naam dkim-filter[15536]: A08D2180CE: bad signature data > Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE SSL error:04077068:rsa routines:RSA_verify:bad signature > Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE: bad signature data > Apr 28

Package: logcheck Version: 1.2.63 Severity: normal Hi, I have just installed logcheck and it works out of the box! thx for that! I just notice that in the /etc/logcheck/ignore.d.workstation/kernel file there is a filter for "[drm] Loading r200 Microcode". COuld you add please the same for the r300. The log message is the same : Apr 6 19:21:14 debian kernel: [drm] Loading R300

Package: logcheck-database Version: 1.2.63 Severity: normal Tags: patch spamassassin is now reporting Unix domain sockets in the rport field. I'm not exactly sure what changed to cause this to happen; it started after an upgrade whose only remotely relevant package was razor. I think the following pattern in ignore.d.server/spamd will work ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck-database,sendmail-base Version: logcheck-database/1.2.69 Version: sendmail-base/8.14.3-9 Severity: serious User: treinen at debian.org Usertags: edos-file-overwrite Date: 2009-08-18 Architecture: amd64 Distribution: sid Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the

--- rulefiles/linux/ignore.d.server/ssh | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) -------------- next part -------------- A non-text attachment was scrubbed... Name: 31e8a3f16090172b7d6659a0b370536fcfcaab85.diff Type: text/x-patch Size: 763 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20080203/2ea1485c/attachment.bin

Package: logcheck-database Version: 1.3.8 11 hex digits, and "no" diff -ur logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter --- logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter 2008-05-22 04:20:58.000000000 -0400 +++ logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter 2010-05-04

Package: logtail Version: 1.2.68 Severity: normal Hi, logtail does not cleanly update from logtail2: $ sudo dpkg --install /var/cache/apt/archives/logtail_1.2.68_all.deb (Reading database ... 26564 files and directories currently installed.) Unpacking logtail (from .../logtail_1.2.68_all.deb) ... dpkg: error processing /var/cache/apt/archives/logtail_1.2.68_all.deb (--install): trying to

Package: logcheck-database Version: 1.2.54 Severity: normal I recently created a bridge with the name xen-local. The DHCP server gets requests via this bridge. I got spammed with logcheck messages about DHCPREQUESTS and the lot because the name of the interface in the logcheck-database does not match on names with a dash in it. -- System Information: Debian Release: 4.0 APT prefers stable

I ran into the same problem after somebody uninstalled logcheck and I re-installed it. It turned out that the ownership of /var/lock/logcheck where root:root - sudo chown logcheck:logcheck /var/lock/logcheck solved it. I see that there already is a check for the permissions in the postinst which (as far as I can see) *should* have fixed the permissions and ownership there. When re-installing

# Automatically generated email from bts, devscripts version 2.10.27 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/dhcp # - Adding dhcp rules for DNS updates by ddns_remove_a() # (closes: #459875, #472368) # - Added dhcp "removed reverse map" rule, which occurs on DHCPRELEASE. # * ignore.d.server/spamd # - deal with socket connections by e.g. evolution