similar to: Bug#509734: postfix: "submission" stats are not filtered out

Package: logcheck Version: 1.2.54 When Postfix is configured to listen on port tcp/587 by uncommenting the "submission" line in the postfix master.cf, logcheck does not ignore the anvil statistics log entries - attached is a patch from the current SVN trunk. -------------- next part -------------- A non-text attachment was scrubbed... Name: logcheck_1531.diff Type: text/x-patch Size:

Package: logcheck-database Version: 1.3.8 11 hex digits, and "no" diff -ur logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter --- logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter 2008-05-22 04:20:58.000000000 -0400 +++ logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter 2010-05-04

Package: logcheck Version: 1.2.62 Severity: wishlist Here are two rules for ddclient, a client for dynamic IP services such as DynDNS or DynIP: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: SUCCESS: updating [._[:alnum:]-]+: good: IP address set to [:[:xdigit:].]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: WARNING: forcing update of [._[:alnum:]-]+ from

Package: logcheck-database Version: 1.2.62 Severity: wishlist File: /etc/logcheck/ignore.d.server/ssh openssh issues a friendly warning when the remote IP maps back to a hostname that looks just like an IP address. (For example, the address 206.251.174.31 currently maps back to the hostname "206.251.174.31".) Here's a rule that filters out these unimportant messages: ^\w{3} [

Package: logcheck-database Version: 1.3.8 Severity: normal After double checking that I had the most up to date logcheck-database :-) I am seeing these lines reported. May 17 15:29:33 localhost named[1765]: error (network unreachable) resolving 'software.majix.org/A/IN': 2001:503:ba3e::2:30#53 I believe that this line was intended to match it. ^\w{3} [ :[:digit:]]{11}

Package: logcheck-database Version: 1.2.45 Severity: normal Tags: patch pending confirmed My bad, sorry. --- rulefiles/linux/ignore.d.server/ssh 6 Jul 2006 10:16:41 -0000 1.18 +++ rulefiles/linux/ignore.d.server/ssh 7 Jul 2006 19:35:19 -0000 @@ -10,7 +10,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from [:[:alnum:].]+ \([:[:alnum:].]+\)$ ^\w{3} [ :0-9]{11}

Package: logcheck-database Version: 1.2.62 Severity: normal File: /etc/logcheck/violations.ignore.d/logcheck-ssh Somewhere between etch and now, ssh stopped reporting failed passwords as "error: PAM: Authentication failure for foo", and switched to "Failed password for foo", similar to what it already did for unknown users, but without the "invalid user" part.

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch When views are used in bind, the logcheck filters don't catch the common informational log messages. Added regex bits to the filter definitions. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel:

I see that this openvpn rule has been modified to no longer attach the ":port" part to "[undef]" -- probably to reflect a recent change in openvpn. Unfortunately, the rule no longer matches in etch, thus breaking the backport. Here's a patch to match both versions. Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net> --- rulefiles/linux/ignore.d.server/openvpn

Package: logcheck Version: 1.2.54 Severity: normal In the file ignore.d.paranoid/cron there are the rules ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$ to ignore lines like 10:17:01 at 04-03-2007 tooar

Package: logcheck Version: 1.2.54 Followup-For: Bug #330220 root at ns2:/# ls -l /var/lock/ total 4 drwxr-xr-x 2 root root 4096 2007-01-30 15:40 logcheck I think chmod 775 on that file would fix this problem... -- System Information: Debian Release: 4.0 APT prefers testing APT policy: (500, 'testing'), (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked

Package: logcheck Version: 1.2.54 Severity: normal Tags: patch On my system, this ignore rule needs /usr/bin/ in front of the cron command, or the rule fails to match. hostname:/etc/logcheck/ignore.d.server# diff cron cron.old 1c1 < ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/bin/)?crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST \([[:alnum:]-]+\)$ --- > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

package hylafax-server reassign 425035 logcheck-database 1.2.56 thanks I am reassigning this bug report since the hylafax logcheck rule is distributed in package logcheck-database. Bye, Giuseppe

At least the policyd-weight in lenny seems to generate quite different patterns. For example the 'rate' is output multiple times in some situations, the 'check from' is omited sometimes and somehow those log messages have a trailing blank. With those patterns logcheck stays silent again. Signed-off-by: Mathias Krause <minipli at googlemail.com> ---

Package: logcheck-database Version: 1.2.54 Severity: normal The included filters for cyrus (/etc/logcheck/ignore.d.server/cyrus) are very minimal. The cyrus-imapd-2.2 has a more extensive ruleset (there's a /etc/logcheck/ignore.d.server/cyrus2_2 file in that package). Please copy over the filters from cyrus-imapd-2.2. I'm running logcheck on a loghost, which doesn't run cyrus

Package: Logcheck Version: 1.2.54 Distro: Debian Etch (stable) Kernel: 2.6.18-5-686 #1 SMP I'm trying to force logcheck (reportlevel=server) to ignore smbd_audit logs. smbd_audit is a vfs module of samba. It writes logs into /var/log/syslog file. Typical log looks like this: Oct 24 08:36:14 server4 smbd_audit: Documents|Johnson|192.168.50.19|unlink ok|Projects/doc1.pdf I've added the

Package: logcheck-database Version: 1.2.54 Severity: normal Hello, it seems crontab reports it's whole path in syslog : May 6 16:00:03 eckmul /usr/bin/crontab[9722]: (root) LIST (nobody) I don't have other messages from it in my logs, so I can't comment on the other lines in /etc/logcheck/ignore.d.server/cron , but I had to modify the LIST one with /usr/bin/crontab Thanks, --

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch fixes several regular expressions: * OpenVPN does not print the full path to ifconfig or route (at least here) * The interface name can also contain dots and does not always start with "tun" * The startup messages now gets suppressed

- ignore messages "acpid: client has disconnected" Signed-off-by: Hanspeter Kunz <hp at edelkunz.ch> --- rulefiles/linux/ignore.d.server/acpid | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/rulefiles/linux/ignore.d.server/acpid b/rulefiles/linux/ignore.d.server/acpid index 034ddf1..faebe1e 100644 --- a/rulefiles/linux/ignore.d.server/acpid +++

Package: logcheck-database Version: 1.2.54 Severity: minor -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.2-dp0 Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15) Versions of packages logcheck-database depends