Displaying 20 results from an estimated 2000 matches similar to: "Bug#566107: logcheck-database: with violations.d/logcheck empty most rules in violations.ignore.d look useless"
2010 Jan 11
1
Bug#564693: logcheck: should suggest/recommend nail
Package: logcheck
Version: 1.3.5
Severity: minor
Hi,
reading logcheck source it seems that it requires nail for MAILATTACH to work,
however it is not suggested/recommended.
(JFTR it is debatable if nail is appropriate or something else should be used)
thanks,
filippo
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500,
2005 May 19
3
Bug#309772: please add ignore lines for autossh
Package: logcheck-database
Severity: wishlist
Hi!
if autossh debug is enabled it logs to syslog, thus the messages go thru
logcheck, messages are in this form
May 19 14:02:55 sagara autossh[1909]: port set to 0, monitoring disabled
so this is the ignore line
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ autossh\[[0-9]+\]: .*$
thanks,
filippo
-------------- next part --------------
A non-text attachment
2005 Apr 26
3
Bug#306388: add ignore line for udhcpd
Package: logcheck-database
Severity: wishlist
Hi,
the following two lines should be added either to ignore.d.server/dhcp or
ignore.d.server/udhcp to ignore messages from udhcpd (other lines may be
necessary)
# udhcpd support
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending OFFER of [.0-9]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending ACK to [.0-9]+
filippo
2009 Oct 24
1
Bug#552222: logcheck: dhclient regexes need updating
Package: logcheck
Version: 1.3.3
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
As reported in https://launchpad.net/bugs/307847:
recent dhclient includes the ip address it is releasing and renewing.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(NAK|ACK|OFFER) from [.0-9]{7,15}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2009 Sep 06
1
Bug#545318: logcheck-database: please add rule for newgrp messages
Package: logcheck-database
Version: 1.2.69
Severity: wishlist
Hello,
when newgrp (part of the package login) is used, I see messages
like this in my syslog:
Aug 27 23:36:16 debian64 newgrp[1975]: user `root' (login `root' on tty1)
switched to group `backup'
Aug 27 19:28:15 srv1 newgrp[10082]: user `root' (login `mazur' on pts/1)
switched to group `backup'
Aug 27
2010 Jan 11
1
Bug#564702: [PATCH] rules suggestions for dhcpcd
Package: logcheck
Severity: wishlist
I'm attaching rules suggestions for dhcpcd as a git patch, and also a
sample from my logs.
Please review the patch (I can fix any issues with it) and include in
logcheck if you like it.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0001-Added-rules-for-dhcpcd.patch
URL:
2008 Mar 15
1
Bug#471072: logcheck-database: Moving most of violations.ignore.d to ignore.d.*
Package: logcheck-database
Version: 1.2.63
Severity: normal
Given that violations.d/logcheck has been emptied by
2394562ab4a13c4510c671f01ffc8f35e97f1cd3, shouldn't most of
violations.ignore.d be moved to one of ignore.d.*? AIUI, all of these
are currently rendered useless.
(I'll gladly lend a hand; I just want to make sure this is the right
thing to do.)
-- System Information:
Debian
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
2009 Oct 17
1
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
Hi,
I think that this rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-)
(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
is supposed to filter out lines like:
Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root
It is not working because the pattern dos not include the "/dev/" part
and
2007 Oct 03
2
Bug#445072: /etc/logcheck/violations.ignore.d/logcheck-ssh: Failed password for ...
Package: logcheck-database
Version: 1.2.62
Severity: normal
File: /etc/logcheck/violations.ignore.d/logcheck-ssh
Somewhere between etch and now, ssh stopped reporting failed passwords
as "error: PAM: Authentication failure for foo", and switched to "Failed
password for foo", similar to what it already did for unknown users, but
without the "invalid user" part.
2008 Jul 21
1
merging violations.ignore.d/logcheck-* into ignore.d.*/*
Hi guys, now that violations.d/logcheck is empty,
violations.ignore.d/logcheck-* are useless and many messages that
were previously elevated and filtered there now turn up as system
events. Thus, I went ahead and merged violations.ignore.d/logcheck-*
into ignore.d.*/* in the viol-merge branch.
http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge
Unless I hear
2006 May 21
2
Bug#368313: logcheck-database: new postfix violations ignore rule
Package: logcheck-database
Version: 1.2.39
Severity: wishlist
Hi,
I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix :
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:
2005 Jan 12
3
Bug#290195: violations.d/sudo and violations.ignore.d/logcheck-sudo missing sudo log entries
Package: logcheck
Version: 1.2.32
Severity: normal
It seems when someone runs a sudo command on my system, logcheck misses
it.
The second line of /etc/logcheck/violations.d/sudo matches them, but
the /etc/logcheck/violations.ignore.d/logcheck-sudo kills them.
Furthermore, when users run commands like '$ sudo rm *' in a directory
with lots of files, we reports with lines like:
Jan 13
2005 Oct 16
1
getting dmraid to use klibc
[please CC me on replies, I'm not subscribed]
Hi,
I'm trying to get dmraid 1.0.0rc9 [0] to compile with --enable-klibc, however I
have some troubles with mkfifo defined in /usr/lib/klibc/include/sys/stat.h.
/usr/lib/klibc/include/sys/stat.h: In function 'mkfifo':
/usr/lib/klibc/include/sys/stat.h:28: error: 'S_IFMT' undeclared (first use in
this function)
after
2004 Sep 04
1
Bug#269959: logcheck-database: courier ignore.d.server contains word from violations.d list
Package: logcheck-database
Version: 1.2.26
Severity: normal
Hi,
the file courier contains the line:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection
shutdown\.$
This triggers the security logcheck section because of the word
"shutdown". Quick fix is to move or duplicate this line to
violations.ignore.d/logcheck-courier.
BTW: It looks like the courier package
2005 Feb 20
1
Rename violations.ignore.d/logcheck-pureftp
<nitpickyness>
To avoid possible confusion, shouldn't this be named logcheck-pureftpd,
or logcheck-pure-ftpd (instead of logcheck-pureftp)?
Or is there a reason (that I've missed) it's this way?
</nitpickyness>
-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This
2008 Mar 17
0
Processed: Re: Bug#444470: /etc/logcheck/violations.ignore.d/logcheck-ssh: Updated "authentication failure" rule
Processing commands for control at bugs.debian.org:
> # Commit 037fed5fc268088bad1f17c885d9153ee800ec40
> tag 444470 pending
Bug#444470: /etc/logcheck/violations.ignore.d/logcheck-ssh: Updated "authentication failure" rule
There were no tags set.
Tags added: pending
> thanks
Stopping processing here.
Please contact me if you need assistance.
Debian bug tracking system
2008 Mar 17
0
Bug#444470: /etc/logcheck/violations.ignore.d/logcheck-ssh: Updated "authentication failure" rule
In article <20080120021013.GA2871__36835.8155632906$1200797204$gmane$org at nexus.elho.net> you wrote:
> Looking at those two lines, they could just be different versions of
> the same thing, here are the commented differences:
Take my word: you'll live longer if you don't try to make sense of ssh
log messages. (I *swear* I once got different messages by doing the
same thing
2008 Aug 31
1
Bug#491694: setting package to logcheck-database logtail logcheck, tagging 491694, tagging 474239, tagging 489172 ...
# Automatically generated email from bts, devscripts version 2.10.35
# via tagpending
#
# logcheck (1.3) unstable; urgency=low
#
# * Formalise the dropping of violations.d/logcheck. Please see
# /usr/share/doc/logcheck-database/NEWS.Debian.gz for more information
# (closes: #471072).
# * Add Auto-Submitted header to outgoing mails (closes: #489172).
# * ignore.d.server/kernel:
# -
2008 Jun 24
1
Bug#446310: setting package to logcheck-database logtail logcheck, tagging 452879, tagging 450660, tagging 450697 ...
# Automatically generated email from bts, devscripts version 2.10.30
# via tagpending
#
# logcheck (1.2.65) unstable; urgency=low
#
# * ignore.d.server/courier:
# - update rules to include port information; thanks to Antoine Pardignon
# (closes: #446310).
# - ignore couriertcpd messages; thanks to Andrew Gallagher
# (closes: #451118).
# * ignore.d.server/smbd_audit:
# -
2008 Mar 05
1
Bug#445072: setting package to logcheck-database logtail logcheck, tagging 444097, tagging 445069, tagging 444096 ... ... ... ... ... ... ...
# Automatically generated email from bts, devscripts version 2.10.18.1
#
# logcheck (1.2.64) unstable; urgency=low
#
# * ignore.d.server/bind:
# - moved "[bind] query $FOO denied" rule to violations.ignore.d
# (closes: #443881).
# - added bind's "AXFR ended" rule alongside "AXFR started"
# (closes: #445046).
# - added "adding an