Displaying 20 results from an estimated 3000 matches similar to: "Bug#477932: logcheck-database: bind with views - messages not filtered"
2008 Feb 09
1
Bug#464896: logcheck-database: ignore Postfix bad address syntax errors from postfix/error
Package: logcheck-database
Version: 1.2.63
Severity: wishlist
Tags: patch
The bad address syntax bounce message was previously logged by
postfix/qmgr, but in the current version of Postfix in lenny is
(at least sometimes) logged by postfix/error instead.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1,
2007 Oct 06
1
Bug#445537: logcheck: Kein Deutsch in config Dateien bitte
Package: logcheck
Version: 1.2.62
Severity: minor
# Send the results as attachment or not.
# 0=not as attachment; 1=as attachment
# Default ist 0
^^^
MAILASATTACH=0
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.23-rc8+cfs (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8,
2008 Apr 06
1
Bug#474606: logcheck: add a filter for r300 microcode
Package: logcheck
Version: 1.2.63
Severity: normal
Hi,
I have just installed logcheck and it works out of the box! thx for
that!
I just notice that in the /etc/logcheck/ignore.d.workstation/kernel
file there is a filter for "[drm] Loading r200 Microcode". COuld you
add please the same for the r300. The log message is the same :
Apr 6 19:21:14 debian kernel: [drm] Loading R300
2007 Oct 03
2
Bug#445072: /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ...
Package: logcheck-database
Version: 1.2.62
Severity: normal
File: /etc/logcheck/violations.ignore.d/logcheck-ssh
Somewhere between etch and now, ssh stopped reporting failed passwords
as "error: PAM: Authentication failure for foo", and switched to "Failed
password for foo", similar to what it already did for unknown users, but
without the "invalid user" part.
2007 Oct 29
1
Bug#448510: logcheck-database: revised pattern for spamd
Package: logcheck-database
Version: 1.2.63
Severity: normal
Tags: patch
spamassassin is now reporting Unix domain sockets in the rport field.
I'm not exactly sure what changed to cause this to happen; it started
after an upgrade whose only remotely relevant package was razor.
I think the following pattern in ignore.d.server/spamd will work
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2007 Oct 03
1
Bug#445074: /etc/logcheck/ignore.d.server/ssh: Nasty PTR record
Package: logcheck-database
Version: 1.2.62
Severity: wishlist
File: /etc/logcheck/ignore.d.server/ssh
openssh issues a friendly warning when the remote IP maps back to a
hostname that looks just like an IP address. (For example, the address
206.251.174.31 currently maps back to the hostname "206.251.174.31".)
Here's a rule that filters out these unimportant messages:
^\w{3} [
2008 Apr 28
1
Bug#478334: logcheck doesn't know about dkim-filter
Package: logcheck-database
Version: 1.2.63
> Apr 28 17:02:39 naam dkim-filter[15536]: 570BA180CE: bad signature data
> Apr 28 17:03:20 naam dkim-filter[15536]: A08D2180CE: bad signature data
> Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE SSL error:04077068:rsa routines:RSA_verify:bad signature
> Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE: bad signature data
> Apr 28
2007 Sep 26
1
Bug#444097: /etc/logcheck/ignore.d.server/ddclient: 2 rules to get you started
Package: logcheck
Version: 1.2.62
Severity: wishlist
Here are two rules for ddclient, a client for dynamic IP services such
as DynDNS or DynIP:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: SUCCESS: updating [._[:alnum:]-]+: good: IP address set to [:[:xdigit:].]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: WARNING: forcing update of [._[:alnum:]-]+ from
2008 Mar 23
1
Bug#472368: Expansion to dyndns support section of dhcp
Package: logcheck-database
Version: 1.2.63
Severity: normal
--- Please enter the report below this line. ---
Added the following patterns to allow for removal of dynamically
allocated addresses from the DNS server by dhcp:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: if [._[:alnum:]-]+ IN TXT .[[:alnum:]]+. rrset exists and [._[:alnum:]-]+ IN A [.0-9]+ rrset exists delete [._[:alnum:]-]+ IN A
2008 May 15
1
Bug#471936: setting package to logcheck-database logtail logcheck, tagging 473619, tagging 478334, tagging 472368 ...
# Automatically generated email from bts, devscripts version 2.10.27
#
# logcheck (1.2.64) unstable; urgency=low
#
# * ignore.d.server/dhcp
# - Adding dhcp rules for DNS updates by ddns_remove_a()
# (closes: #459875, #472368)
# - Added dhcp "removed reverse map" rule, which occurs on DHCPRELEASE.
# * ignore.d.server/spamd
# - deal with socket connections by e.g. evolution
2008 Mar 05
1
Bug#445072: setting package to logcheck-database logtail logcheck, tagging 444097, tagging 445069, tagging 444096 ... ... ... ... ... ... ...
# Automatically generated email from bts, devscripts version 2.10.18.1
#
# logcheck (1.2.64) unstable; urgency=low
#
# * ignore.d.server/bind:
# - moved "[bind] query $FOO denied" rule to violations.ignore.d
# (closes: #443881).
# - added bind's "AXFR ended" rule alongside "AXFR started"
# (closes: #445046).
# - added "adding an
2008 Sep 17
2
Bug#499323: logcheck-database: Logcheck fails to ignore certain OpenVPN messages
Package: logcheck-database
Version: 1.2.54
Severity: normal
Tags: patch
Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch
fixes several regular expressions:
* OpenVPN does not print the full path to ifconfig or route (at least here)
* The interface name can also contain dots and does not always start with "tun"
* The startup messages now gets suppressed
2007 Sep 14
2
Bug#442244: logcheck-database: should include the filters from cyrus-imapd-2.2
Package: logcheck-database
Version: 1.2.54
Severity: normal
The included filters for cyrus (/etc/logcheck/ignore.d.server/cyrus) are very minimal. The cyrus-imapd-2.2 has a more
extensive ruleset (there's a /etc/logcheck/ignore.d.server/cyrus2_2 file in that package).
Please copy over the filters from cyrus-imapd-2.2. I'm running logcheck on a loghost, which doesn't run cyrus
2007 Nov 25
1
Bug#452879: Logcheck doesn't ignore smbd_audit logs
Package: Logcheck
Version: 1.2.54
Distro: Debian Etch (stable)
Kernel: 2.6.18-5-686 #1 SMP
I'm trying to force logcheck (reportlevel=server) to ignore smbd_audit logs.
smbd_audit is a vfs module of samba. It writes logs into /var/log/syslog file.
Typical log looks like this:
Oct 24 08:36:14 server4 smbd_audit: Documents|Johnson|192.168.50.19|unlink
ok|Projects/doc1.pdf
I've added the
2008 Jul 03
2
Bug#489172: logcheck: please add Auto-Submitted header field to mailouts
Package: logcheck
Version: 1.2.54
Severity: wishlist
Please add the header "Auto-Submitted: auto-generated" to mails
generated by logcheck. This header should be supported by many email
autoresponders and should prevent the need to set up logcheck specific
rules for "vacation"-type autoresponders.
Headers can be added in mail using the -a switch, e.g.
mail -a
2009 Sep 16
1
Bug#546908: logcheck: Since upgrade to latest, some patterns are no longer filtered
Package: logcheck
Version: 1.3.3
Severity: normal
After upgrading to the latest logcheck, I've noticed that some local
rules I have written no longer filter out the logs properly.
I've been able to correlate the non-matching to the presence of the
'/' (slash) character or '[' (left bracket) in the string that the
".*" pattern ought to match.
For instance, I
2008 Mar 14
5
Bug#470929: dhcp: interface names can have dash in them
Package: logcheck-database
Version: 1.2.54
Severity: normal
I recently created a bridge with the name xen-local. The DHCP server gets requests
via this bridge.
I got spammed with logcheck messages about DHCPREQUESTS and the lot because the name
of the interface in the logcheck-database does not match on names with a dash in it.
-- System Information:
Debian Release: 4.0
APT prefers stable
2009 Jan 02
1
Bug#510472: logcheck-database: pam_unix messages could be ignored.
Package: logcheck-database
Version: 1.2.68
Severity: normal
I'm using ldap to authenticate users. And thus pam_unix is sufficient, but allowed to fail. It has now started to spam the logs with lots of
Jan 2 09:22:57 sisko sshd[28511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host92-22-static.38-79-b.business.telecomitalia.it user=root
And on
2007 Feb 28
0
Bug#330220: Permissions of /var/lock/logcheck not conducive to logcheck user writing to it
Package: logcheck
Version: 1.2.54
Followup-For: Bug #330220
root at ns2:/# ls -l /var/lock/
total 4
drwxr-xr-x 2 root root 4096 2007-01-30 15:40 logcheck
I think chmod 775 on that file would fix this problem...
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked
2007 Mar 04
0
Bug#413364: logcheck ignores cron rules for "session closed" and "session opened"
Package: logcheck
Version: 1.2.54
Severity: normal
In the file ignore.d.paranoid/cron there are the rules
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
to ignore lines like
10:17:01 at 04-03-2007 tooar