similar to: Shell Expansion in logcheck.logfiles

i did some cleanup first, but now i'm choking on a much earlier stage than i first thought. -- logcheck for file in $(egrep --text -v "(^#|^[[:space:]]*$)" $LOGFILES_LIST); do logoutput "$file" done -- that falls apart if you insert in /etc/logcheck/logcheck.logfiles a line like /var/log/auth .log even if you escape it with "", which is a valid

Package: logcheck Version: 1.3.13 Severity: minor Tags: patch In Lenny it was possible to use wildcards in logcheck.logfiles. For example, I used: /var/log/HOSTS/*/*.log root at durer:~# su -s /bin/bash -c "bash -x /usr/sbin/logcheck" logcheck <cut> + read file + logoutput '/var/log/HOSTS/*/*.log' + file='/var/log/HOSTS/*/*.log' + debug 'logoutput called

hey todd, looked again at that return value check merge: @@ -557,7 +584,8 @@ # the same lines) and reduce CPU and memory usage afterwards. debug "Sorting logs" $SORT -m $TMPDIR/logoutput/* | uniq | sed -e 's/ *$//' \ - > $TMPDIR/logoutput-sorted + > $TMPDIR/logoutput-sorted \ + ||error "Could not output to $TMPDIR/logoutput-sorted Disk Full?" i guess

Package: logcheck Version: 1.2.41 Problem: Logcheck try to detect if log file have been rotate or not by file size way. Possible attack: - current log file (sizeA) - run logcheck, (logcheck/logtail put inode in offsetfile), offset=sizeA - [attacker run attack 1] - run logrotate - [attacker run attack 2] - run logcheck may don't detect the rotation and don't check the log for attack 1

Hello, I'm having this error: Warning: If you are seeing this message, your log files may not have been checked! Details: Could not run logtail or save output Check temporary directory: /tmp/logcheck.EIX3jp declare -x HOME="/var/lib/logcheck" declare -x LANG="en_US" declare -x LANGUAGE="en_US:en_GB:en" declare -x LOGNAME="logcheck" declare -x

Package: logcheck Version: 1.2.63 Severity: wishlist Please add support for logcheck.logfiles.d so packages can put files there and add new logfiles for reviewing. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8,

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch fixes several regular expressions: * OpenVPN does not print the full path to ifconfig or route (at least here) * The interface name can also contain dots and does not always start with "tun" * The startup messages now gets suppressed

Package: logcheck-database Version: 1.2.47 Severity: normal Tags: patch Without the following logcheck line in /etc/logcheck/violations.ignore.d, lines such as the following are reported: postfix/smtp[30054]: 824E9A2C1E: to=<nooneisillegal at someplace.net>, relay=0.0.0.0[0.0.0.0], delay=1, status=sent (250 2.6.0 Ok, id=30274-22, from MTA: 250 Ok: queued as 15140A2D0A) This is because

Package: logcheck wanted to work on #195935, but found a less than funny issue, easy to reproduce: * remove some lines in front of your logfile * invoke logcheck you'll get a big email with all not matching lines from that log. not setting that to high priority because you are getting also the newer loglines. don't know if i find time that weekend. wanted to document it anyways. a++

Package: logcheck Version: 1.2.56 Followup-For: Bug #429384 I get the following message in my e-mail from cron: Cron <logcheck at entercom> if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi /usr/sbin/logcheck: line 645: mktemp: command not found /usr/sbin/logcheck: line 646: mktemp: command not found rm: too few arguments Try `rm --help' for more information.

Hi gang, While writing a script that uses logtail, I noticed that logtail assumes nothing interesting happened between its last invocation and the rotation, which means that exciting bits of data could be lost. This seems a bit dodgy (correct me if I'm wrong about how it works!) so I made a dodgy patch to logtail that checks for the existence of $logfile.0, which on Debian seems to always be

Package: logcheck Version: 1.3.13 Severity: normal Hi, at present my logcheck is into 33 minutes of cpu time for running the ignore/innd rule, when the innd package is not installed. If running logcheck against only locally created logfiles, there should be a configuration option to only run logcheck against installed (or non-purged) packages. -- System Information: Debian Release: squeeze/sid

Package: logcheck Version: 1.3.14 Severity: normal Tags: patch I keep getting these messages logged, when under high load. This patch should clean that up. commit 72661acccafa519fcb48a6a756e5c35d96e7511d Author: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> Date: Fri Jan 27 16:08:33 2012 +0100 Workaround for error: /usr/sbin/logcheck: line 100: kill: (31667)

Hello I try to execute logcheck from a php page. So I have create a php page with a button which allow to run logcheck like this : /usr/sbin/logcheck -o > /var/log/logcheck (I want to put the result in a file logcheck, that's why I use the option -o) I have put www-data in the groupe adm : "adduser www-data adm" And after if I run logcheck like this for exemple:

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.20 > package logcheck logcheck-database logtail Ignoring bugs not assigned to: logcheck-database logtail logcheck > tags 354820 + pending Bug#354820: rules to filter out entries caused by ssh scanners Tags were: patch Tags added: pending > tags 355085 + pending

On Wed, 05 Jan 2005, CVS User ttroxell wrote: > @@ -70,6 +70,10 @@ > chown logcheck /var/lock/logcheck > /dev/null 2>&1 || true > fi > > + # fix for #284788 > + # update timestamp on cron > + touch /etc/cron.d/logcheck || true > + > ;; > > abort-upgrade|abort-remove|abort-deconfigure) on a box with a broken coreutils install

The entry is probably not igored because of the word deny in your path . You might better set your rule in violation.ignore.d/ directory. At 13:00 09/01/2006, you wrote: >Send Logcheck-users mailing list submissions to > logcheck-users@lists.alioth.debian.org > >To subscribe or unsubscribe via the World Wide Web, visit >

Package: logcheck Version: 1.3.13 Severity: normal Various files under ignore.d.* use "[0-9.]{7,15}" to match an IPv4 address, e.g., a connection to rsyncd. However, this does not match IPv6 addresses, causing spurious reports. A better regexp might be something like: ([0-9.]{7,15}|[0-9a-f:]{2,39}) -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (990,

Package: logcheck Version: 1.3.14 Severity: normal I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run. Renaming it to local-rules got the file used during the next run. Fix: periods should be allowed in filenames, or the fact that they are forbidden expressly documented inteh logcheck README. Thanks Nils -- System Information: Debian

Hi guys, now that violations.d/logcheck is empty, violations.ignore.d/logcheck-* are useless and many messages that were previously elevated and filtered there now turn up as system events. Thus, I went ahead and merged violations.ignore.d/logcheck-* into ignore.d.*/* in the viol-merge branch. http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge Unless I hear