similar to: Bug#552222: logcheck: dhclient regexes need updating

Package: logcheck Version: 1.3.3 Severity: wishlist Tags: patch Ali Saidi submitted rules for amd from the am-utils package to Ubuntu at https://bugs.launchpad.net/ubuntu/+source/logcheck/+bug/91438 The provided rules are located at: http://launchpadlibrarian.net/6728953/amd Please consider including them in the next release. I've asked where to put them, but it should probably the

Package: logcheck-database Version: 1.3.5 Severity: normal Hi, I was having a look at logcheck and why I received a "verification failed: Temporary failure in name resolution" as a _system_ message. Turns out that since violations.d/logcheck is empty now, most of the rules in violations.ignore.d look quite useless, can you confirm? I suspect that a big part of those rules should be

Package: logcheck Version: 1.3.5 Severity: minor Hi, reading logcheck source it seems that it requires nail for MAILATTACH to work, however it is not suggested/recommended. (JFTR it is debatable if nail is appropriate or something else should be used) thanks, filippo -- System Information: Debian Release: squeeze/sid APT prefers unstable APT policy: (990, 'unstable'), (500,

Package: logcheck Severity: wishlist I'm attaching rules suggestions for dhcpcd as a git patch, and also a sample from my logs. Please review the patch (I can fix any issues with it) and include in logcheck if you like it. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: 0001-Added-rules-for-dhcpcd.patch URL:

Package: logcheck-database Version: 1.2.69 Severity: wishlist Hello, when newgrp (part of the package login) is used, I see messages like this in my syslog: Aug 27 23:36:16 debian64 newgrp[1975]: user `root' (login `root' on tty1) switched to group `backup' Aug 27 19:28:15 srv1 newgrp[10082]: user `root' (login `mazur' on pts/1) switched to group `backup' Aug 27

Package: logcheck-database Version: 1.2.44 Severity: minor Tags: patch Hi, This patch changes one rule for dhcpd. It adds support for log lines of the following format: May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1 Regards, Robbert --- /root/dhcp 2006-05-30 21:50:24.000000000 +0200 +++ dhcp 2006-05-30 23:27:06.000000000 +0200 @@ -18,7 +18,7 @@

Package: logcheck Version: 1.3.13 Severity: normal Various files under ignore.d.* use "[0-9.]{7,15}" to match an IPv4 address, e.g., a connection to rsyncd. However, this does not match IPv6 addresses, causing spurious reports. A better regexp might be something like: ([0-9.]{7,15}|[0-9a-f:]{2,39}) -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (990,

# Automatically generated email from bts, devscripts version 2.10.30 # via tagpending # # logcheck (1.2.65) unstable; urgency=low # # * ignore.d.server/postfix: # - ignore connection messages for anonymous TLS connections; thanks to # Justin Larue (closes: #486440). # - ignore hostname verification due to DNS name not found; thanks to # Justin Larue (closes: #486440). # *

https://bugzilla.samba.org/show_bug.cgi?id=7876 Summary: please implement o_direct Product: rsync Version: 3.1.0 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P3 Component: core AssignedTo: wayned at samba.org ReportedBy: costinel at gmail.com QAContact:

Package: logcheck-database Severity: wishlist Tags: patch Hi, some rules for ntpd as i couldn't find any: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset [+-]*[0-9]{1,2}\.[0-9]{6} s$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation lost$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers reachable$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck Version: 1.2.69 Severity: normal Tags: patch Logcheck's reports contains many messages like: Feb 7 19:03:57 srv dhcpd: DHCPREQUEST for 172.21.0.126 from 00:19:7e:9f:cc:32 (Hostname Unsuitable for Printing) via eth0 Feb 7 19:03:57 srv dhcpd: DHCPACK on 172.21.0.126 to 00:19:7e:9f:cc:32 (Hostname Unsuitable for Printing) via eth0 I create file

Package: logcheck-database Version: 1.2.22a Severity: normal Thanks to the upgrade to Postfix 2.1 and deploying a newer logcheck ruleset on a busier server I've found a bunch more rules for Postfix. I've attached new rules files and patches are inline. The following patch is for violations.ignore.d: --- logcheck-postfix.orig 2004-06-21 20:11:14.000000000 +0100 +++ logcheck-postfix

I have rules like this on my servers: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[[:digit:].]{7,15}\]\) (- )USER [-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+ \[[[:digit:].]{7,15}\]\ to [[:digit:].]{7,15}:21$ basically, I just don't care about logins as nonexistent users, I get so many of those that I don't even

From: Simon Deziel <simon.deziel at gmail.com> Fixes LP: #806537 Signed-off-by: Simon Deziel <simon.deziel at gmail.com> --- rulefiles/linux/ignore.d.server/openvpn | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn index 2b4bfd6..d80f42f 100644 ---

Hi there, I know this is the classic RTFM list question but... I've really tried hard on this and no result! This is what I'm receving from logcheck: System Events =-=-=-=-=-=-= Apr 3 06:55:13 bsg sshd[32246]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.245.226 user=root Apr 3 06:55:19 bsg sshd[32248]: pam_unix(sshd:auth):

Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net> --- rulefiles/linux/ignore.d.server/openvpn | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn index 68ebf8f..c57e3cb 100644 --- a/rulefiles/linux/ignore.d.server/openvpn +++ b/rulefiles/linux/ignore.d.server/openvpn @@ -13,7 +13,7

I see that this openvpn rule has been modified to no longer attach the ":port" part to "[undef]" -- probably to reflect a recent change in openvpn. Unfortunately, the rule no longer matches in etch, thus breaking the backport. Here's a patch to match both versions. Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net> --- rulefiles/linux/ignore.d.server/openvpn

Package: logcheck-database Version: 1.2.44 Severity: minor Tags: patch Please change the following line in violations.ignore.d/logcheck-postfix: -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:upper:]0-9]+: to=<[^[:space:]]+>, relay=[._[:alnum:]-]+\[[0-9.]{7,15}\], delay=[0-9]+, status=(deferred|bounced) \(host [._[:alnum:]-]+\[[0-9.]{7,15}\] said: [45][0-9][0-9] .* \(in

Package: logcheck-database Version: 1.2.40 Severity: normal Tags: patch There are one line that is not properly ignored. I include in the report a better version. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (400, 'testing'), (300, 'unstable'), (200, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-k7 Locale:

Package: logcheck-database Version: 1.2.39 Severity: normal I use dhcp3-server and a dhcp client which is Sony HDD video recorder CoCoon. The client not return client host name. In this case, dhcpd server assumed the client host name is (none). Therefor dhcpd output log described below. > Jan 7 10:49:24 on-o dhcpd: DHCPDISCOVER from 08:00:46:33:55:77 ((none)) via eth0 > Jan 7 10:49:25