similar to: logcheck 1.3.4 MIGRATED to testing

Package: logcheck Version: 1.2.69 Severity: normal Tags: patch -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.30.4-vs2.3.0.36.14-pre4 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages logcheck depends

Package: logcheck Version: 1.2.69 Severity: normal In the file /etc/logcheck/ignore.d.server/wu-ftpd ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$ should be ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd\[[0-9]{4}\]: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$ There is a number after "wu-ftpd" -- System

Package: logcheck Version: 1.2.69 Severity: wishlist User: biebl at debian.org Usertags: goal-rsyslog Hi, since lenny, the default syslog daemon is rsyslog. Please update logcheck to depend on rsyslog | system-log-daemon so the correct default syslog daemon is installed. (btw, the optional | syslog-ng dependency is not required, as syslog-ng does provide system-log-daemon) Cheers, Michael --

Package: logcheck Version: 1.2.69 Severity: normal logcheck is a "batchy" job, but currently runs at normal I/O priority, and is hard-coded to run with a niceness of 10. As a result logcheck can degrade interactive performance on machines with a lot of log traffic, relatively slow CPU or expensive I/O. It'd be useful if the "ionice" and "schedtool" utilities

Package: logcheck Version: 1.2.69 Severity: normal Tags: patch Logcheck's reports contains many messages like: Feb 7 19:03:57 srv dhcpd: DHCPREQUEST for 172.21.0.126 from 00:19:7e:9f:cc:32 (Hostname Unsuitable for Printing) via eth0 Feb 7 19:03:57 srv dhcpd: DHCPACK on 172.21.0.126 to 00:19:7e:9f:cc:32 (Hostname Unsuitable for Printing) via eth0 I create file

Package: logcheck-database Version: 1.2.69 Severity: normal Tags: patch Hi, I think that this rule: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$ is supposed to filter out lines like: Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root It is not working because the pattern dos not include the "/dev/" part and

Package: logcheck-database Version: 1.2.69 Severity: normal Tags: patch kernel log lines of the form: ...kernel: [1933150.816604] TCP: Treason uncloaked! Peer 0000:0000:0000:0000:0000:ffff:d04e:3f6b:4038/80 shrinks window 2491430013:2491430014. Repaired. are not caught by the current rules. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500,

Package: logcheck-database Version: 1.2.69 Severity: normal File: /etc/logcheck/ignore.d.server/dnsmasq A dnsmasq log about DHCP events has the interface name in it. Interface names are allowed to have a dash (-) in them, but the logcheck filter does not have the dash in it. Please add the dash. -- System Information: Debian Release: 5.0.7 APT prefers stable APT policy: (500,

Package: logcheck Version: 1.3.4 Severity: normal I am running debian/testing and just upgraded to logcheck 1.3.4 and it started reporting the error: mkdir: cannot create directory `/var/lock/logcheck': Permission denied I created the directory and chown'd it to logcheck and it seems fine now. Looking at the changelog, I see something was purposefully changed, so I imagine I

Package: logcheck-database Version: 1.2.69 Severity: normal on systems without configured global locale, i get lines like this in the logcheck filtered logs: Jun 10 21:12:13 ... sshd[9729]: pam_env(sshd:setcred): Unable to open env file: /etc/default/locale: No such file or directory this looks like a warning that is perfectly ok but does not do any harm and occurs because when no global locale

Package: logcheck-database Version: 1.2.69 Severity: wishlist Hello, when newgrp (part of the package login) is used, I see messages like this in my syslog: Aug 27 23:36:16 debian64 newgrp[1975]: user `root' (login `root' on tty1) switched to group `backup' Aug 27 19:28:15 srv1 newgrp[10082]: user `root' (login `mazur' on pts/1) switched to group `backup' Aug 27

Package: logcheck Version: 1.2.69 The current ruleset "kernel" provided with this logcheck package don't match entries where the kernel timeline has leading spaces, like: [ 42.302707] For example, the following entry: Feb 4 17:05:24 hostname kernel: [ 144.591487] tun: Universal TUN/TAP device driver, 1.6 didn't matched the re: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck-database,sendmail-base Version: logcheck-database/1.2.69 Version: sendmail-base/8.14.3-9 Severity: serious User: treinen at debian.org Usertags: edos-file-overwrite Date: 2009-08-18 Architecture: amd64 Distribution: sid Hi, automatic installation tests of packages that share a file and at the same time do not conflict by their package dependency relationships has detected the

Package: logcheck-database Version: 1.2.69 Severity: normal Tags: patch The syslog messages for acpid when a window client connects or disconnect all have a trailing single space at each line. Therefore the existing two patterns in /etc/logcheck/ignore.d.server/acpid fail to filter out the events. Furthermore, the disconnect message includes a PID-numbered client, which is not present in the

Package: logcheck-database Version: 1.2.69 Severity: wishlist Please add the rule ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/bounce\[[[:digit:]]+\]: [:alnum:]+: sender delay notification: [:alnum:]+$ -- System Information: Debian Release: 5.0.5 APT prefers stable APT policy: (700, 'stable'), (650, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP

Package: logcheck-database Version: 1.2.61 Severity: wishlist File: /etc/logcheck/ignore.d.server/proftpd Two weeks ago, I got a rush of these: Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd (Apparently, fail2ban managed to miss those.) This is triggered by pam_listfile, which is used by proftpd (and other FTP daemons) to block users listed in

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch fixes several regular expressions: * OpenVPN does not print the full path to ifconfig or route (at least here) * The interface name can also contain dots and does not always start with "tun" * The startup messages now gets suppressed

I enabled logcheck on a Debian Sarge box and it is including in it's reports hundreds of lines like this: Jun 2 17:56:09 localhost kernel: PUB_IN DROP 4 IN=eth0 OUT= +MAC=ff:ff:ff:ff:ff:ff:00:09:5b:e9:56:a0:08:00 SRC=192.168.13.10 +DST=192.168.13.255 LEN=52 TOS=0x00 PREC=0x00 TTL=1 ID=20692 PROTO=UDP SPT=520 +DPT=520 LEN=32 Jun 2 17:56:39 localhost kernel: PUB_IN DROP 4 IN=eth0 OUT=

Package: logcheck-database Severity: normal Tags: patch The rules in /etc/ignore.d/server/nagios contain the explicit version number "2". Now that lenny includes nagios3, those rules don't work anymore. Please change the rules to work for both nagios2 and 3. That can easily be done by replacing the 2 by (2|3) for example. -- System Information: Debian Release: lenny/sid APT

I ran into the same problem after somebody uninstalled logcheck and I re-installed it. It turned out that the ownership of /var/lock/logcheck where root:root - sudo chown logcheck:logcheck /var/lock/logcheck solved it. I see that there already is a check for the permissions in the postinst which (as far as I can see) *should* have fixed the permissions and ownership there. When re-installing