Displaying 20 results from an estimated 3000 matches similar to: "Shell Expansion in logcheck.logfiles"
2005 Jul 20
0
(fwd) Bug#319169: logcheck: chokes on log files whose names contain spaces
i did some cleanup first, but now i'm choking on a much earlier stage
than i first thought.
-- logcheck
for file in $(egrep --text -v "(^#|^[[:space:]]*$)" $LOGFILES_LIST); do
logoutput "$file"
done
--
that falls apart if you insert in /etc/logcheck/logcheck.logfiles
a line like
/var/log/auth .log
even if you escape it with "", which is a valid
2011 Mar 02
1
Bug#616103: logcheck: (re)enable globbing of logfile names
Package: logcheck
Version: 1.3.13
Severity: minor
Tags: patch
In Lenny it was possible to use wildcards in logcheck.logfiles. For
example, I used: /var/log/HOSTS/*/*.log
root at durer:~# su -s /bin/bash -c "bash -x /usr/sbin/logcheck" logcheck
<cut>
+ read file
+ logoutput '/var/log/HOSTS/*/*.log'
+ file='/var/log/HOSTS/*/*.log'
+ debug 'logoutput called
2004 May 15
2
Re: [Logcheck-commits] CVS logcheck/src
hey todd,
looked again at that return value check merge:
@@ -557,7 +584,8 @@
# the same lines) and reduce CPU and memory usage afterwards.
debug "Sorting logs"
$SORT -m $TMPDIR/logoutput/* | uniq | sed -e 's/ *$//' \
- > $TMPDIR/logoutput-sorted
+ > $TMPDIR/logoutput-sorted \
+ ||error "Could not output to $TMPDIR/logoutput-sorted Disk Full?"
i guess
2005 Oct 29
1
Bug#336265: logrotate detection, possible attack not checked by logcheck
Package: logcheck
Version: 1.2.41
Problem: Logcheck try to detect if log file have been rotate or not by file size way.
Possible attack:
- current log file (sizeA)
- run logcheck, (logcheck/logtail put inode in offsetfile), offset=sizeA
- [attacker run attack 1]
- run logrotate
- [attacker run attack 2]
- run logcheck may don't detect the rotation and don't check the log for attack 1
2005 May 20
0
logcheck error, logtail output
Hello,
I'm having this error:
Warning: If you are seeing this message, your log files may not have
been
checked!
Details:
Could not run logtail or save output
Check temporary directory: /tmp/logcheck.EIX3jp
declare -x HOME="/var/lib/logcheck"
declare -x LANG="en_US"
declare -x LANGUAGE="en_US:en_GB:en"
declare -x LOGNAME="logcheck"
declare -x
2008 May 15
2
Bug#481353: Please add support for logcheck.logfiles.d
Package: logcheck
Version: 1.2.63
Severity: wishlist
Please add support for logcheck.logfiles.d so packages can put files
there and add new logfiles for reviewing.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.24-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8,
2008 Sep 17
2
Bug#499323: logcheck-database: Logcheck fails to ignore certain OpenVPN messages
Package: logcheck-database
Version: 1.2.54
Severity: normal
Tags: patch
Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch
fixes several regular expressions:
* OpenVPN does not print the full path to ifconfig or route (at least here)
* The interface name can also contain dots and does not always start with "tun"
* The startup messages now gets suppressed
2006 Aug 11
0
Bug#382440: logcheck-database: Postfix rule missing in violations.ignore.d
Package: logcheck-database
Version: 1.2.47
Severity: normal
Tags: patch
Without the following logcheck line in
/etc/logcheck/violations.ignore.d, lines such as the following are
reported:
postfix/smtp[30054]: 824E9A2C1E: to=<nooneisillegal at someplace.net>,
relay=0.0.0.0[0.0.0.0], delay=1, status=sent (250 2.6.0 Ok, id=30274-22,
from MTA: 250 Ok: queued as 15140A2D0A)
This is because
2004 Jul 09
1
Bug#258427: logcheck/logtail didn't detect tampering logfile
Package: logcheck
wanted to work on #195935,
but found a less than funny issue, easy to reproduce:
* remove some lines in front of your logfile
* invoke logcheck
you'll get a big email with all not matching lines from that log.
not setting that to high priority because you are getting also the
newer loglines. don't know if i find time that weekend.
wanted to document it anyways.
a++
2007 Jun 26
0
Bug#429384: logcheck: Logcheck depends on mktemp
Package: logcheck
Version: 1.2.56
Followup-For: Bug #429384
I get the following message in my e-mail from cron: Cron <logcheck at entercom>
if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
/usr/sbin/logcheck: line 645: mktemp: command not found
/usr/sbin/logcheck: line 646: mktemp: command not found
rm: too few arguments
Try `rm --help' for more information.
2004 Nov 10
1
logtail ignoring information in rotated logs
Hi gang,
While writing a script that uses logtail, I noticed that logtail assumes
nothing interesting happened between its last invocation and the
rotation, which means that exciting bits of data could be lost.
This seems a bit dodgy (correct me if I'm wrong about how it works!) so
I made a dodgy patch to logtail that checks for the existence of
$logfile.0, which on Debian seems to always be
2010 Nov 05
0
Bug#602494: logcheck runs filters for packages not installed
Package: logcheck
Version: 1.3.13
Severity: normal
Hi, at present my logcheck is into 33 minutes of cpu time for
running the ignore/innd rule, when the innd package is not installed.
If running logcheck against only locally created logfiles, there should
be a configuration option to only run logcheck against installed (or
non-purged) packages.
-- System Information:
Debian Release: squeeze/sid
2012 Jan 27
1
Bug#657641: /usr/sbin/logcheck: line 100: kill: (31667) - No such process
Package: logcheck
Version: 1.3.14
Severity: normal
Tags: patch
I keep getting these messages logged, when under high load.
This patch should clean that up.
commit 72661acccafa519fcb48a6a756e5c35d96e7511d
Author: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>
Date: Fri Jan 27 16:08:33 2012 +0100
Workaround for error:
/usr/sbin/logcheck: line 100: kill: (31667)
2008 May 26
0
problem to run logcheck
Hello
I try to execute logcheck from a php page. So I have create a php page with a
button which allow to run logcheck like this : /usr/sbin/logcheck -o >
/var/log/logcheck
(I want to put the result in a file logcheck, that's why I use the option -o)
I have put www-data in the groupe adm : "adduser www-data adm"
And after if I run logcheck like this for exemple:
2006 Jul 04
0
Processed: setting package to logcheck logcheck-database logtail, tagging 354820, tagging 355085, tagging 356681 ... ... ... ... ... ... ...
Processing commands for control at bugs.debian.org:
> # Automatically generated email from bts, devscripts version 2.9.20
> package logcheck logcheck-database logtail
Ignoring bugs not assigned to: logcheck-database logtail logcheck
> tags 354820 + pending
Bug#354820: rules to filter out entries caused by ssh scanners
Tags were: patch
Tags added: pending
> tags 355085 + pending
2005 Jan 08
1
Re: [Logcheck-commits] CVS logcheck/debian
On Wed, 05 Jan 2005, CVS User ttroxell wrote:
> @@ -70,6 +70,10 @@
> chown logcheck /var/lock/logcheck > /dev/null 2>&1 || true
> fi
>
> + # fix for #284788
> + # update timestamp on cron
> + touch /etc/cron.d/logcheck || true
> +
> ;;
>
> abort-upgrade|abort-remove|abort-deconfigure)
on a box with a broken coreutils install
2006 Jan 09
0
Re: Logcheck-users Digest, Vol 5, Issue 1
The entry is probably not igored because of
the word deny in your path .
You might better set your rule in violation.ignore.d/ directory.
At 13:00 09/01/2006, you wrote:
>Send Logcheck-users mailing list submissions to
> logcheck-users@lists.alioth.debian.org
>
>To subscribe or unsubscribe via the World Wide Web, visit
>
2011 Mar 07
0
Bug#617232: logcheck: ignore regexes match ipv4 addresses only, causing false positives with ipv6 addresses.
Package: logcheck
Version: 1.3.13
Severity: normal
Various files under ignore.d.* use "[0-9.]{7,15}" to match an IPv4
address, e.g., a connection to rsyncd. However, this does not match
IPv6 addresses, causing spurious reports.
A better regexp might be something like: ([0-9.]{7,15}|[0-9a-f:]{2,39})
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (990,
2012 Mar 02
1
Bug#661912: logcheck: files with period in ignore rule dirs ignored
Package: logcheck
Version: 1.3.14
Severity: normal
I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run.
Renaming it to local-rules got the file used during the next run.
Fix: periods should be allowed in filenames, or the fact that they are forbidden expressly documented inteh logcheck README.
Thanks
Nils
-- System Information:
Debian
2008 Jul 21
1
merging violations.ignore.d/logcheck-* into ignore.d.*/*
Hi guys, now that violations.d/logcheck is empty,
violations.ignore.d/logcheck-* are useless and many messages that
were previously elevated and filtered there now turn up as system
events. Thus, I went ahead and merged violations.ignore.d/logcheck-*
into ignore.d.*/* in the viol-merge branch.
http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge
Unless I hear