similar to: Bug#477932: logcheck-database: bind with views - messages not filtered

Package: logcheck-database Version: 1.2.63 Severity: wishlist Tags: patch The bad address syntax bounce message was previously logged by postfix/qmgr, but in the current version of Postfix in lenny is (at least sometimes) logged by postfix/error instead. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1,

Package: logcheck Version: 1.2.62 Severity: minor # Send the results as attachment or not. # 0=not as attachment; 1=as attachment # Default ist 0 ^^^ MAILASATTACH=0 -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 2.6.23-rc8+cfs (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8,

Package: logcheck Version: 1.2.63 Severity: normal Hi, I have just installed logcheck and it works out of the box! thx for that! I just notice that in the /etc/logcheck/ignore.d.workstation/kernel file there is a filter for "[drm] Loading r200 Microcode". COuld you add please the same for the r300. The log message is the same : Apr 6 19:21:14 debian kernel: [drm] Loading R300

Package: logcheck-database Version: 1.2.62 Severity: normal File: /etc/logcheck/violations.ignore.d/logcheck-ssh Somewhere between etch and now, ssh stopped reporting failed passwords as "error: PAM: Authentication failure for foo", and switched to "Failed password for foo", similar to what it already did for unknown users, but without the "invalid user" part.

Package: logcheck-database Version: 1.2.63 Severity: normal Tags: patch spamassassin is now reporting Unix domain sockets in the rport field. I'm not exactly sure what changed to cause this to happen; it started after an upgrade whose only remotely relevant package was razor. I think the following pattern in ignore.d.server/spamd will work ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck-database Version: 1.2.62 Severity: wishlist File: /etc/logcheck/ignore.d.server/ssh openssh issues a friendly warning when the remote IP maps back to a hostname that looks just like an IP address. (For example, the address 206.251.174.31 currently maps back to the hostname "206.251.174.31".) Here's a rule that filters out these unimportant messages: ^\w{3} [

Package: logcheck-database Version: 1.2.63 > Apr 28 17:02:39 naam dkim-filter[15536]: 570BA180CE: bad signature data > Apr 28 17:03:20 naam dkim-filter[15536]: A08D2180CE: bad signature data > Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE SSL error:04077068:rsa routines:RSA_verify:bad signature > Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE: bad signature data > Apr 28

Package: logcheck Version: 1.2.62 Severity: wishlist Here are two rules for ddclient, a client for dynamic IP services such as DynDNS or DynIP: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: SUCCESS: updating [._[:alnum:]-]+: good: IP address set to [:[:xdigit:].]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: WARNING: forcing update of [._[:alnum:]-]+ from

Package: logcheck-database Version: 1.2.63 Severity: normal --- Please enter the report below this line. --- Added the following patterns to allow for removal of dynamically allocated addresses from the DNS server by dhcp: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: if [._[:alnum:]-]+ IN TXT .[[:alnum:]]+. rrset exists and [._[:alnum:]-]+ IN A [.0-9]+ rrset exists delete [._[:alnum:]-]+ IN A

# Automatically generated email from bts, devscripts version 2.10.27 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/dhcp # - Adding dhcp rules for DNS updates by ddns_remove_a() # (closes: #459875, #472368) # - Added dhcp "removed reverse map" rule, which occurs on DHCPRELEASE. # * ignore.d.server/spamd # - deal with socket connections by e.g. evolution

# Automatically generated email from bts, devscripts version 2.10.18.1 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/bind: # - moved "[bind] query $FOO denied" rule to violations.ignore.d # (closes: #443881). # - added bind's "AXFR ended" rule alongside "AXFR started" # (closes: #445046). # - added "adding an

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch fixes several regular expressions: * OpenVPN does not print the full path to ifconfig or route (at least here) * The interface name can also contain dots and does not always start with "tun" * The startup messages now gets suppressed

Package: logcheck-database Version: 1.2.54 Severity: normal The included filters for cyrus (/etc/logcheck/ignore.d.server/cyrus) are very minimal. The cyrus-imapd-2.2 has a more extensive ruleset (there's a /etc/logcheck/ignore.d.server/cyrus2_2 file in that package). Please copy over the filters from cyrus-imapd-2.2. I'm running logcheck on a loghost, which doesn't run cyrus

Package: Logcheck Version: 1.2.54 Distro: Debian Etch (stable) Kernel: 2.6.18-5-686 #1 SMP I'm trying to force logcheck (reportlevel=server) to ignore smbd_audit logs. smbd_audit is a vfs module of samba. It writes logs into /var/log/syslog file. Typical log looks like this: Oct 24 08:36:14 server4 smbd_audit: Documents|Johnson|192.168.50.19|unlink ok|Projects/doc1.pdf I've added the

Package: logcheck Version: 1.2.54 Severity: wishlist Please add the header "Auto-Submitted: auto-generated" to mails generated by logcheck. This header should be supported by many email autoresponders and should prevent the need to set up logcheck specific rules for "vacation"-type autoresponders. Headers can be added in mail using the -a switch, e.g. mail -a

Package: logcheck Version: 1.3.3 Severity: normal After upgrading to the latest logcheck, I've noticed that some local rules I have written no longer filter out the logs properly. I've been able to correlate the non-matching to the presence of the '/' (slash) character or '[' (left bracket) in the string that the ".*" pattern ought to match. For instance, I

Package: logcheck-database Version: 1.2.54 Severity: normal I recently created a bridge with the name xen-local. The DHCP server gets requests via this bridge. I got spammed with logcheck messages about DHCPREQUESTS and the lot because the name of the interface in the logcheck-database does not match on names with a dash in it. -- System Information: Debian Release: 4.0 APT prefers stable

Package: logcheck-database Version: 1.2.68 Severity: normal I'm using ldap to authenticate users. And thus pam_unix is sufficient, but allowed to fail. It has now started to spam the logs with lots of Jan 2 09:22:57 sisko sshd[28511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host92-22-static.38-79-b.business.telecomitalia.it user=root And on

Package: logcheck Version: 1.2.54 Followup-For: Bug #330220 root at ns2:/# ls -l /var/lock/ total 4 drwxr-xr-x 2 root root 4096 2007-01-30 15:40 logcheck I think chmod 775 on that file would fix this problem... -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked

Package: logcheck Version: 1.2.54 Severity: normal In the file ignore.d.paranoid/cron there are the rules ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$ to ignore lines like 10:17:01 at 04-03-2007 tooar