Displaying 20 results from an estimated 1000 matches similar to: "Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match"
2009 May 04
1
Bug#526911: logcheck: Please set rsyslog as default system log daemon
Package: logcheck
Version: 1.2.69
Severity: wishlist
User: biebl at debian.org
Usertags: goal-rsyslog
Hi,
since lenny, the default syslog daemon is rsyslog. Please update
logcheck to depend on
rsyslog | system-log-daemon
so the correct default syslog daemon is installed.
(btw, the optional | syslog-ng dependency is not required, as syslog-ng
does provide system-log-daemon)
Cheers,
Michael
--
2004 Jul 11
2
Bug#254681: logcheck-database: su from cron job not necessarily to "nobody"
Package: logcheck-database
Version: 1.2.23
Followup-For: Bug #254681
Please generalize "nobody" to "[_[:alnum:]-]+", as some cron jobs
su to other users:
Jul 11 06:51:16 tux su[10385]: + ??? root:hinfo
Jul 11 06:57:25 tux su[29801]: + ??? root:www-data
Thanks.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500,
2009 Aug 18
2
Bug#542265: sendmail-base and logcheck-database: error when trying to install together
Package: logcheck-database,sendmail-base
Version: logcheck-database/1.2.69
Version: sendmail-base/8.14.3-9
Severity: serious
User: treinen at debian.org
Usertags: edos-file-overwrite
Date: 2009-08-18
Architecture: amd64
Distribution: sid
Hi,
automatic installation tests of packages that share a file and at the
same time do not conflict by their package dependency relationships has
detected the
2006 May 21
2
Bug#368313: logcheck-database: new postfix violations ignore rule
Package: logcheck-database
Version: 1.2.39
Severity: wishlist
Hi,
I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix :
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:
2007 Oct 03
2
Bug#445072: /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ...
Package: logcheck-database
Version: 1.2.62
Severity: normal
File: /etc/logcheck/violations.ignore.d/logcheck-ssh
Somewhere between etch and now, ssh stopped reporting failed passwords
as "error: PAM: Authentication failure for foo", and switched to "Failed
password for foo", similar to what it already did for unknown users, but
without the "invalid user" part.
2010 Jul 28
1
Bug#590679: [logcheck-database] rules for ntpd
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
some rules for ntpd as i couldn't find any:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset
[+-]*[0-9]{1,2}\.[0-9]{6} s$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation
lost$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers
reachable$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2006 May 30
2
Bug#369603: logcheck-database: new rule for dhcpd
Package: logcheck-database
Version: 1.2.44
Severity: minor
Tags: patch
Hi,
This patch changes one rule for dhcpd. It adds support for log lines of the following format:
May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1
Regards,
Robbert
--- /root/dhcp 2006-05-30 21:50:24.000000000 +0200
+++ dhcp 2006-05-30 23:27:06.000000000 +0200
@@ -18,7 +18,7 @@
2004 Oct 13
2
Bug#276317: logcheck-database: Namechange for ISC in /etc/logcheck/ignore.d.server/dhcp
Package: logcheck-database
Version: 1.2.28
Severity: normal
Hi,
the Internet Software Consortium changed the name to Internet Systems Consortium.
For a fix for the logcheck rules see the attachment.
-- System Information:
Debian Release: 3.0
APT prefers testing
APT policy: (600, 'testing'), (100, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel:
2004 Sep 04
1
Bug#269959: logcheck-database: courier ignore.d.server contains word from violations.d list
Package: logcheck-database
Version: 1.2.26
Severity: normal
Hi,
the file courier contains the line:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection
shutdown\.$
This triggers the security logcheck section because of the word
"shutdown". Quick fix is to move or duplicate this line to
violations.ignore.d/logcheck-courier.
BTW: It looks like the courier package
2009 Oct 24
1
Bug#552222: logcheck: dhclient regexes need updating
Package: logcheck
Version: 1.3.3
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
As reported in https://launchpad.net/bugs/307847:
recent dhclient includes the ip address it is releasing and renewing.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(NAK|ACK|OFFER) from [.0-9]{7,15}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2004 Jul 21
4
Bug#260743: logcheck-database: dhcp rule updates for failover support
Package: logcheck-database
Version: 1.2.23
Severity: minor
Hi,
a couple of minor corrections to the dhcp rule sets:
First of all, the hostname matching parts need to include the "._-"
signs (maybe . is not needed but it might be).
Then when using failover, log lines of type DHCPDISCOVER and DHCPREQUEST
may be entailed by the string ": load balance to peer <somestring>".
2007 Oct 29
1
Bug#448510: logcheck-database: revised pattern for spamd
Package: logcheck-database
Version: 1.2.63
Severity: normal
Tags: patch
spamassassin is now reporting Unix domain sockets in the rport field.
I'm not exactly sure what changed to cause this to happen; it started
after an upgrade whose only remotely relevant package was razor.
I think the following pattern in ignore.d.server/spamd will work
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2005 Jan 12
3
Bug#290195: violations.d/sudo and violations.ignore.d/logcheck-sudo missing sudo log entries
Package: logcheck
Version: 1.2.32
Severity: normal
It seems when someone runs a sudo command on my system, logcheck misses
it.
The second line of /etc/logcheck/violations.d/sudo matches them, but
the /etc/logcheck/violations.ignore.d/logcheck-sudo kills them.
Furthermore, when users run commands like '$ sudo rm *' in a directory
with lots of files, we reports with lines like:
Jan 13
2010 Feb 07
2
Bug#568815: Redundant messages from dhcpd in logcheck output in "server" mode.
Package: logcheck
Version: 1.2.69
Severity: normal
Tags: patch
Logcheck's reports contains many messages like:
Feb 7 19:03:57 srv dhcpd: DHCPREQUEST for 172.21.0.126 from 00:19:7e:9f:cc:32 (Hostname
Unsuitable for Printing) via eth0
Feb 7 19:03:57 srv dhcpd: DHCPACK on 172.21.0.126 to 00:19:7e:9f:cc:32 (Hostname
Unsuitable for Printing) via eth0
I create file
2010 Feb 17
1
Bug#570207: logcheck wu-ftpd rules do'nt match
Package: logcheck
Version: 1.2.69
Severity: normal
In the file /etc/logcheck/ignore.d.server/wu-ftpd
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$
should be
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd\[[0-9]{4}\]: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$
There is a number after "wu-ftpd"
-- System
2004 Jul 21
1
Bug#260573: logcheck: ignore.d.paranoid/cron and ignore.d.server/cron swapped
Package: logcheck
Version: 1.2.23
Severity: normal
Hello,
I have:
# /bin/cat ignore.d.server/cron
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST \([[:alnum:]-]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) REPLACE \([[:alnum:]-]+\)$
and:
# /bin/cat ignore.d.paranoid/cron
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2010 Feb 14
3
Bug#569843: logcheck-database: acpid filter misses trailing white space
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
The syslog messages for acpid when a window client connects
or disconnect all have a trailing single space at each line.
Therefore the existing two patterns in
/etc/logcheck/ignore.d.server/acpid
fail to filter out the events. Furthermore, the disconnect
message includes a PID-numbered client, which is not present
in the
2010 Jul 22
1
Bug#589981: logcheck-database: add sender delay rules for bounce
Package: logcheck-database
Version: 1.2.69
Severity: wishlist
Please add the rule
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/bounce\[[[:digit:]]+\]: [:alnum:]+: sender delay notification: [:alnum:]+$
-- System Information:
Debian Release: 5.0.5
APT prefers stable
APT policy: (700, 'stable'), (650, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP
2007 Sep 26
1
Bug#444097: /etc/logcheck/ignore.d.server/ddclient: 2 rules to get you started
Package: logcheck
Version: 1.2.62
Severity: wishlist
Here are two rules for ddclient, a client for dynamic IP services such
as DynDNS or DynIP:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: SUCCESS: updating [._[:alnum:]-]+: good: IP address set to [:[:xdigit:].]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: WARNING: forcing update of [._[:alnum:]-]+ from
2004 Oct 11
1
Bug#275946: Acknowledgement (newline not recognized when logcheck sends emails)
I upgraded to 1.2.28, same results.
Here are the rules I added.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: [^[:space:]]+ \[NOTICE\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: [^[:space:]]+ \[INFO\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ exact\[[0-9]+\]:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ slapd\[[0-9]+\]:
^\w{3} [ :0-9]{11}