similar to: Bug#475553: not fixable with current logcheck

Hi guys, now that violations.d/logcheck is empty, violations.ignore.d/logcheck-* are useless and many messages that were previously elevated and filtered there now turn up as system events. Thus, I went ahead and merged violations.ignore.d/logcheck-* into ignore.d.*/* in the viol-merge branch. http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge Unless I hear

apt-get install svn-buildpackage cat <<_eof >> ~/.svn-buildpackage.conf svn-lintian svn-linda svn-move _eof mkdir logcheck; cd logcheck svn co svn+ssh://svn.debian.org/svn/logcheck/logcheck/trunk cd trunk svn-buildpackage -k<your key ID> -rfakeroot man svn-buildpackage for more. Nice, huh? -- .''`. martin f. krafft <madduck at debian.org> : :' :

also sprach Jamie L. Penman-Smithson <lists at silverdream.org> [2006.07.02.0012 +0200]: > >As far as I can tell, Postfix adds extended status codes, so instead > >of "250", you now get "250 2.0.0". > > Most of the rules have been updated to include these. If you find > any which have not been, file a bug. Are you sure? If I look at e.g.

Hi there, My updated Vietnamese translation is attached. :) -------------- next part -------------- A non-text attachment was scrubbed... Name: vi.po Type: application/octet-stream Size: 6969 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060710/4703d02c/attachment.obj -------------- next part -------------- Regards, Clytie Siddall

Package: logcheck Severity: wishlist I see no reason why /etc/logcheck should have any more permissions than 0750. Please consider removing access rights from 'other'. -- System Information: Debian Release: testing/unstable APT prefers stable APT policy: (700, 'stable'), (600, 'testing'), (98, 'unstable'), (1, 'experimental') Architecture: i386 (i686)

Package: courier-imap-ssl,logcheck-database Severity: wishlist Please move /etc/logcheck/*/courier to the courier packages and out of logcheck-database. -- System Information: Debian Release: testing/unstable APT prefers stable APT policy: (700, 'stable'), (600, 'testing'), (98, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked

Package: logcheck-database Version: 1.2.45 Severity: normal Tags: patch pending confirmed My bad, sorry. --- rulefiles/linux/ignore.d.server/ssh 6 Jul 2006 10:16:41 -0000 1.18 +++ rulefiles/linux/ignore.d.server/ssh 7 Jul 2006 19:35:19 -0000 @@ -10,7 +10,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from [:[:alnum:].]+ \([:[:alnum:].]+\)$ ^\w{3} [ :0-9]{11}

Lately, I've been getting messages of the form dhclient: parse_option_buffer: option unknown-177 (65) larger than buffer. from logcheck. dhclient has not been updated, so this is likely a change in the configuration of my ISP. As the logcheck maintainer, I now wonder what I should do with those. In general, I tend to think that ignoring such warnings is safe because the software caught

I have rules like this on my servers: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[[:digit:].]{7,15}\]\) (- )USER [-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+ \[[[:digit:].]{7,15}\]\ to [[:digit:].]{7,15}:21$ basically, I just don't care about logins as nonexistent users, I get so many of those that I don't even

Hi, I'm quite a fan of logcheck and have been using it since setting up my sites, and I recently saw madduck's call for help on logcheck at debaday.[0] How can I help? [0] http://debaday.debian.net/2009/07/19/logcheck-brilliantly-simple-log-monitoring/ P.S. Please CC me on replies, thanks! -- Zak B. Elep -- 1486 7957 454D E529 E4F1 F75E 5787 B1FD FA53 851D I like the idea of 256

Package: logcheck-database Version: 1.2.44 Severity: minor Tags: patch Please change the following line in violations.ignore.d/logcheck-postfix: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: to=<[^[:space:]]+>, relay=[._[:alnum:]-]+\[[0-9.]{7,15}\], delay=[0-9]+, status=(deferred|bounced) \(host [._[:alnum:]-]+\[[0-9.]{7,15}\] said: [45][0-9][0-9] .* \(in

Package: logcheck-database Version: 1.2.44 Severity: wishlist Tags: patch violations.ignore.d/local-ssh ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Broken pipe$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Write failed: Connection timed out$ ignore.d/local-ssh ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:

Package: logcheck-database Version: 1.2.63 Severity: wishlist Hi, Can you add rule to filter out following messages: System Events =-=-=-=-=-=-= May 15 07:44:48 niko syslog-ng[21911]: Configuration reload request received, reloading configuration; Best regards Andrei Emeltchenko -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'),

Martin F. Krafft (madduck) has been added to the project. P.S. I'd like to get a release out sometime next week. -- Todd Troxell http://rapidpacket.com/~xtat -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url :

Hi, I've got a few logcheck ignore.d rules that I'd like to submit, one example is sqlgrey. /usr/share/doc/logcheck/README.maintainer talks about shipping the rules inside the package itself, so I could file a request with sqlgrey. However, that doesn't work because of course I don't have all the packages I use on my network installed on my loghost. In fact, I believe that

Package: logcheck Version: 1.3.3 Severity: wishlist Tags: patch Ali Saidi submitted rules for amd from the am-utils package to Ubuntu at https://bugs.launchpad.net/ubuntu/+source/logcheck/+bug/91438 The provided rules are located at: http://launchpadlibrarian.net/6728953/amd Please consider including them in the next release. I've asked where to put them, but it should probably the

Package: logcheck Version: 1.3.4 Severity: normal I am running debian/testing and just upgraded to logcheck 1.3.4 and it started reporting the error: mkdir: cannot create directory `/var/lock/logcheck': Permission denied I created the directory and chown'd it to logcheck and it seems fine now. Looking at the changelog, I see something was purposefully changed, so I imagine I

Package: logcheck-database Version: 1.2.54 Severity: normal The included filters for cyrus (/etc/logcheck/ignore.d.server/cyrus) are very minimal. The cyrus-imapd-2.2 has a more extensive ruleset (there's a /etc/logcheck/ignore.d.server/cyrus2_2 file in that package). Please copy over the filters from cyrus-imapd-2.2. I'm running logcheck on a loghost, which doesn't run cyrus

Package: logcheck Version: 1.2.69 Severity: normal logcheck is a "batchy" job, but currently runs at normal I/O priority, and is hard-coded to run with a niceness of 10. As a result logcheck can degrade interactive performance on machines with a lot of log traffic, relatively slow CPU or expensive I/O. It'd be useful if the "ionice" and "schedtool" utilities

I'm not sure if this message ever made it to you, Jamie. I had a reverse DNS problem shortly after it was sent. ----- Forwarded message from Todd Troxell <ttroxell at debian.org> ----- Date: Wed, 1 Jun 2005 01:22:18 -0400 From: Todd Troxell <ttroxell at debian.org> To: "Jamie L. Penman-Smithson" <jamie at silverdream.org> Subject: Re: Logcheck rules from other