Displaying 20 results from an estimated 30000 matches similar to: "Bug#445215: 445215 and 450649 are related"
2006 Oct 06
0
Bug#391458: logcheck: Please provide a way to configure niceness of log scanning process
Package: logcheck
Version: 1.2.47
Severity: wishlist
I'm running logcheck with an extended set of regular expressions on a
desktop system. The CPU load of this system is normally very low, around
3%-5%. When logcheck starts scanning the logs, the CPU usage increases
to 100% for several minutes and working on the system becomes difficult.
I would therefore be very happy about if a
2007 Mar 04
0
Bug#413364: logcheck ignores cron rules for "session closed" and "session opened"
Package: logcheck
Version: 1.2.54
Severity: normal
In the file ignore.d.paranoid/cron there are the rules
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
to ignore lines like
10:17:01 at 04-03-2007 tooar
2009 Sep 16
1
Bug#546908: logcheck: Since upgrade to latest, some patterns are no longer filtered
Package: logcheck
Version: 1.3.3
Severity: normal
After upgrading to the latest logcheck, I've noticed that some local
rules I have written no longer filter out the logs properly.
I've been able to correlate the non-matching to the presence of the
'/' (slash) character or '[' (left bracket) in the string that the
".*" pattern ought to match.
For instance, I
2009 Apr 05
1
logcheck doesn't ignore messages matched by egrep -f
Hello,
I have this message in syslog that I'd like to ignore:
===
Apr 5 15:31:37 server77 upnpd[11728]: TimerThreadRemove failed!
===
I use these rules to ignore it in a file located in ignore.d.server
(which contains some other rules which work):
===
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ upnpd\[[0-9]+\]:
TimerThreadRemove failed!$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2006 Apr 28
1
Bug#365121: logcheck: Fails to ignore certain pattern
Package: logcheck
Version: 1.2.43a
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have messages like these in my logs:
Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 58 to 57
Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 58 to 57
2005 Mar 16
1
Bug#299810: logcheck: grep errors after latest update
Package: logcheck
Version: 1.2.35
Severity: normal
I'm getting the following on two different Unstable boxen:
------------------------------------------------------------------------------
Subject: Cron <logcheck at bandit-hall> if [ -x /usr/sbin/logcheck ]; then
nice -n10 /usr/sbin/logcheck; fi
2006 Nov 06
1
rule seems to be matching all but last occurrence
Every hour I get a mail from logcheck with a line like
Nov 6 12:08:34 wheat fetchnews[13617]: clamping maxage for comp.os.linux.admin to global expire 50
The strange thing is that syslog is filled with similar lines, but
this is the only one I get in the report. It is the last such line in
each group:
# many similar lines deleted
Nov 6 12:08:32 wheat fetchnews[13617]: comp.std.c++: considering
2008 Mar 16
1
Problem with rules being 'ignored'
Hey there, sorry to bug you,
I've ran into a little problem conscerning a logcheck-rule I just wrote.
I use logcheck and logcheck-database on Debian Etch. When logcheck
reports me something I don't want it to, I normally write a rule to
match that logentry and put it in a file called my_rules in
/etc/logcheck/ignore.d.server/ ... that worked perfectly fine. Until
that rule:
Logcheck
2007 Jun 26
0
Bug#429384: logcheck: Logcheck depends on mktemp
Package: logcheck
Version: 1.2.56
Followup-For: Bug #429384
I get the following message in my e-mail from cron: Cron <logcheck at entercom>
if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
/usr/sbin/logcheck: line 645: mktemp: command not found
/usr/sbin/logcheck: line 646: mktemp: command not found
rm: too few arguments
Try `rm --help' for more information.
2007 Feb 28
0
Bug#330220: Permissions of /var/lock/logcheck not conducive to logcheck user writing to it
Package: logcheck
Version: 1.2.54
Followup-For: Bug #330220
root at ns2:/# ls -l /var/lock/
total 4
drwxr-xr-x 2 root root 4096 2007-01-30 15:40 logcheck
I think chmod 775 on that file would fix this problem...
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked
2008 Jan 30
0
Shell Expansion in logcheck.logfiles
I'm running logcheck on a machine hosting a bunch of virtual machines using
vserver, so I'd like to expand shell wildcards in the "logcheck.logfiles"
file. So instead of entering
/var/lib/vservers/v1/var/log/syslog
/var/lib/vservers/v2/var/log/syslog
/var/lib/vservers/v2/var/log/syslog
I can enter
/var/lib/vservers/*/var/log/syslog
which gets expanded to the same thing as
2009 Apr 03
1
ssh failed login rule problem
Hi there,
I know this is the classic RTFM list question but... I've really tried
hard on this and no result!
This is what I'm receving from logcheck:
System Events
=-=-=-=-=-=-=
Apr 3 06:55:13 bsg sshd[32246]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.245.226
user=root
Apr 3 06:55:19 bsg sshd[32248]: pam_unix(sshd:auth):
2007 Jun 17
0
Bug#429384: logcheck should depend on mktemp package
Package: logcheck
Version: 1.2.56
Severity: important
logcheck requires mktemp to operate (it will abort with a
fine, descriptive error message and email), but doesn't
actually depend on it.
-- grok.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (998, 'testing'), (501, 'stable'), (99, 'unstable')
Architecture: i386 (i686)
2006 Mar 07
0
Bug#355649: logcheck: ntp 'adjusting local clock' only matches positive corrections
Package: logcheck
Version: 1.2.43a
Severity: minor
/etc/logcheck/ignore.d.server/ntp contains:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: adjusting local clock by [.0-9]+s$
However, this will not match negative corrections such as:
System Events
=-=-=-=-=-=-=
Mar 5 01:44:55 billchase ntpd[6171]: adjusting local clock by -0.190112s
Mar 5 01:55:20 billchase ntpd[6171]: adjusting local
2005 Jul 20
0
(fwd) Bug#319169: logcheck: chokes on log files whose names contain spaces
i did some cleanup first, but now i'm choking on a much earlier stage
than i first thought.
-- logcheck
for file in $(egrep --text -v "(^#|^[[:space:]]*$)" $LOGFILES_LIST); do
logoutput "$file"
done
--
that falls apart if you insert in /etc/logcheck/logcheck.logfiles
a line like
/var/log/auth .log
even if you escape it with "", which is a valid
2006 Mar 29
2
Bug#359878: logcheck: extend exim rules to cope with multiple recipients
Package: logcheck
Version: 1.2.43a
Severity: normal
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (900, 'testing'), (800, 'unstable')
Architecture: i386 (i586)
Kernel: Linux 2.6.10
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8
Versions of packages logcheck depends on:
ii adduser 3.77 Add and remove
2007 Jun 11
0
Bug#428428: patch for cron ignore rule
Package: logcheck
Version: 1.2.54
Severity: normal
Tags: patch
On my system, this ignore rule needs /usr/bin/ in front of the cron command, or the rule fails to match.
hostname:/etc/logcheck/ignore.d.server# diff cron cron.old
1c1
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/bin/)?crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST \([[:alnum:]-]+\)$
---
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2007 Aug 23
0
Bug#439207: postgrey: multiple recipients generates slightly different whitelisted message
Package: logcheck
Version: 1.2.57
Severity: normal
Tags: patch
In ignore.d.server/postgrey,
change:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgrey(\[[0-9]+\])?: action=.+, reason=.+, (delay=.+, )?client_name=.+,
client_address=.+, sender=.*, recipient=.+
to:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgrey(\[[0-9]+\])?: ([0-9A-F]+: )?action=.+, reason=.+, (delay=.+, )?client_name=.+,
2005 Nov 08
1
It's not filtering this one specific line...
I keep seeing...
"Nov 7 23:08:09 ns1 amavis[24086]: (24086-06) WARN: all primary
virus scanners failed, considering backups"
And no matter what I try to make a rule filter for it, it won't go
away! I've tested my rules by doing `cat /var/log/mail.log | egrep
"$my_rule"` and it would work and scroll out all the matched output.
Here is one of the rules I tried...
2006 Feb 21
2
Bug#353815: logcheck: Ignore Pocket PC/synce/USB messages, please
Package: logcheck
Version: 1.2.42
Severity: wishlist
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Here are some more messages that can be safely ignored:
localhost kernel: drivers/usb/serial/usb-serial.c: USB Serial Driver core
localhost kernel: drivers/usb/serial/usb-serial.c: USB Serial support registered for PocketPC PDA
localhost kernel: drivers/usb/serial/ipaq.c: USB PocketPC PDA driver