similar to: Bug#445215: 445215 and 450649 are related

Package: logcheck Version: 1.2.47 Severity: wishlist I'm running logcheck with an extended set of regular expressions on a desktop system. The CPU load of this system is normally very low, around 3%-5%. When logcheck starts scanning the logs, the CPU usage increases to 100% for several minutes and working on the system becomes difficult. I would therefore be very happy about if a

Package: logcheck Version: 1.2.54 Severity: normal In the file ignore.d.paranoid/cron there are the rules ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$ to ignore lines like 10:17:01 at 04-03-2007 tooar

Package: logcheck Version: 1.3.3 Severity: normal After upgrading to the latest logcheck, I've noticed that some local rules I have written no longer filter out the logs properly. I've been able to correlate the non-matching to the presence of the '/' (slash) character or '[' (left bracket) in the string that the ".*" pattern ought to match. For instance, I

Hello, I have this message in syslog that I'd like to ignore: === Apr 5 15:31:37 server77 upnpd[11728]: TimerThreadRemove failed! === I use these rules to ignore it in a file located in ignore.d.server (which contains some other rules which work): === ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ upnpd\[[0-9]+\]: TimerThreadRemove failed!$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck Version: 1.2.43a Severity: normal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have messages like these in my logs: Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 58 to 57 Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 58 to 57

Package: logcheck Version: 1.2.35 Severity: normal I'm getting the following on two different Unstable boxen: ------------------------------------------------------------------------------ Subject: Cron <logcheck at bandit-hall> if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi

Every hour I get a mail from logcheck with a line like Nov 6 12:08:34 wheat fetchnews[13617]: clamping maxage for comp.os.linux.admin to global expire 50 The strange thing is that syslog is filled with similar lines, but this is the only one I get in the report. It is the last such line in each group: # many similar lines deleted Nov 6 12:08:32 wheat fetchnews[13617]: comp.std.c++: considering

Hey there, sorry to bug you, I've ran into a little problem conscerning a logcheck-rule I just wrote. I use logcheck and logcheck-database on Debian Etch. When logcheck reports me something I don't want it to, I normally write a rule to match that logentry and put it in a file called my_rules in /etc/logcheck/ignore.d.server/ ... that worked perfectly fine. Until that rule: Logcheck

Package: logcheck Version: 1.2.56 Followup-For: Bug #429384 I get the following message in my e-mail from cron: Cron <logcheck at entercom> if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi /usr/sbin/logcheck: line 645: mktemp: command not found /usr/sbin/logcheck: line 646: mktemp: command not found rm: too few arguments Try `rm --help' for more information.

Package: logcheck Version: 1.2.54 Followup-For: Bug #330220 root at ns2:/# ls -l /var/lock/ total 4 drwxr-xr-x 2 root root 4096 2007-01-30 15:40 logcheck I think chmod 775 on that file would fix this problem... -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked

I'm running logcheck on a machine hosting a bunch of virtual machines using vserver, so I'd like to expand shell wildcards in the "logcheck.logfiles" file. So instead of entering /var/lib/vservers/v1/var/log/syslog /var/lib/vservers/v2/var/log/syslog /var/lib/vservers/v2/var/log/syslog I can enter /var/lib/vservers/*/var/log/syslog which gets expanded to the same thing as

Hi there, I know this is the classic RTFM list question but... I've really tried hard on this and no result! This is what I'm receving from logcheck: System Events =-=-=-=-=-=-= Apr 3 06:55:13 bsg sshd[32246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.245.226 user=root Apr 3 06:55:19 bsg sshd[32248]: pam_unix(sshd:auth):

Package: logcheck Version: 1.2.56 Severity: important logcheck requires mktemp to operate (it will abort with a fine, descriptive error message and email), but doesn't actually depend on it. -- grok. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (998, 'testing'), (501, 'stable'), (99, 'unstable') Architecture: i386 (i686)

Package: logcheck Version: 1.2.43a Severity: minor /etc/logcheck/ignore.d.server/ntp contains: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: adjusting local clock by [.0-9]+s$ However, this will not match negative corrections such as: System Events =-=-=-=-=-=-= Mar 5 01:44:55 billchase ntpd[6171]: adjusting local clock by -0.190112s Mar 5 01:55:20 billchase ntpd[6171]: adjusting local

i did some cleanup first, but now i'm choking on a much earlier stage than i first thought. -- logcheck for file in $(egrep --text -v "(^#|^[[:space:]]*$)" $LOGFILES_LIST); do logoutput "$file" done -- that falls apart if you insert in /etc/logcheck/logcheck.logfiles a line like /var/log/auth .log even if you escape it with "", which is a valid

Package: logcheck Version: 1.2.43a Severity: normal -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (900, 'testing'), (800, 'unstable') Architecture: i386 (i586) Kernel: Linux 2.6.10 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 Versions of packages logcheck depends on: ii adduser 3.77 Add and remove

Package: logcheck Version: 1.2.54 Severity: normal Tags: patch On my system, this ignore rule needs /usr/bin/ in front of the cron command, or the rule fails to match. hostname:/etc/logcheck/ignore.d.server# diff cron cron.old 1c1 < ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/bin/)?crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST \([[:alnum:]-]+\)$ --- > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck Version: 1.2.57 Severity: normal Tags: patch In ignore.d.server/postgrey, change: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgrey(\[[0-9]+\])?: action=.+, reason=.+, (delay=.+, )?client_name=.+, client_address=.+, sender=.*, recipient=.+ to: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgrey(\[[0-9]+\])?: ([0-9A-F]+: )?action=.+, reason=.+, (delay=.+, )?client_name=.+,

I keep seeing... "Nov 7 23:08:09 ns1 amavis[24086]: (24086-06) WARN: all primary virus scanners failed, considering backups" And no matter what I try to make a rule filter for it, it won't go away! I've tested my rules by doing `cat /var/log/mail.log | egrep "$my_rule"` and it would work and scroll out all the matched output. Here is one of the rules I tried...

Package: logcheck Version: 1.2.42 Severity: wishlist -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are some more messages that can be safely ignored: localhost kernel: drivers/usb/serial/usb-serial.c: USB Serial Driver core localhost kernel: drivers/usb/serial/usb-serial.c: USB Serial support registered for PocketPC PDA localhost kernel: drivers/usb/serial/ipaq.c: USB PocketPC PDA driver