Displaying 20 results from an estimated 2000 matches similar to: "Bug#568815: Redundant messages from dhcpd in logcheck output in "server" mode."
2006 May 30
2
Bug#369603: logcheck-database: new rule for dhcpd
Package: logcheck-database
Version: 1.2.44
Severity: minor
Tags: patch
Hi,
This patch changes one rule for dhcpd. It adds support for log lines of the following format:
May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1
Regards,
Robbert
--- /root/dhcp 2006-05-30 21:50:24.000000000 +0200
+++ dhcp 2006-05-30 23:27:06.000000000 +0200
@@ -18,7 +18,7 @@
2005 Jul 11
3
Bug#317741: logcheck-database: fails to ignore properly some lines from 'rbldnsd'
Package: logcheck-database
Version: 1.2.40
Severity: normal
Tags: patch
There are one line that is not properly ignored. I include in the report
a better version.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (400, 'testing'), (300, 'unstable'), (200, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale:
2010 Feb 14
3
Bug#569843: logcheck-database: acpid filter misses trailing white space
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
The syslog messages for acpid when a window client connects
or disconnect all have a trailing single space at each line.
Therefore the existing two patterns in
/etc/logcheck/ignore.d.server/acpid
fail to filter out the events. Furthermore, the disconnect
message includes a PID-numbered client, which is not present
in the
2009 Oct 24
1
Bug#552222: logcheck: dhclient regexes need updating
Package: logcheck
Version: 1.3.3
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
As reported in https://launchpad.net/bugs/307847:
recent dhclient includes the ip address it is releasing and renewing.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(NAK|ACK|OFFER) from [.0-9]{7,15}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2010 Jul 28
1
Bug#590679: [logcheck-database] rules for ntpd
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
some rules for ntpd as i couldn't find any:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset
[+-]*[0-9]{1,2}\.[0-9]{6} s$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation
lost$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers
reachable$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2005 May 15
1
Bug#191637: New rules for qpopper
package logcheck-database
tags 125794 pending
tags 191637 pending
thanks
I've been running the latest version of qpopper from unstable for a few
days and I've added the following rules to CVS:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: connect from
[._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]:
\(v[.[:digit:]]+\) POP login by user
2010 Feb 17
1
Bug#570207: logcheck wu-ftpd rules do'nt match
Package: logcheck
Version: 1.2.69
Severity: normal
In the file /etc/logcheck/ignore.d.server/wu-ftpd
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$
should be
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd\[[0-9]{4}\]: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$
There is a number after "wu-ftpd"
-- System
2004 Jul 21
4
Bug#260743: logcheck-database: dhcp rule updates for failover support
Package: logcheck-database
Version: 1.2.23
Severity: minor
Hi,
a couple of minor corrections to the dhcp rule sets:
First of all, the hostname matching parts need to include the "._-"
signs (maybe . is not needed but it might be).
Then when using failover, log lines of type DHCPDISCOVER and DHCPREQUEST
may be entailed by the string ": load balance to peer <somestring>".
2004 Jun 21
2
Bug#255560: logcheck-database: More Postfix rules
Package: logcheck-database
Version: 1.2.22a
Severity: normal
Thanks to the upgrade to Postfix 2.1 and deploying a newer logcheck
ruleset on a busier server I've found a bunch more rules for Postfix.
I've attached new rules files and patches are inline.
The following patch is for violations.ignore.d:
--- logcheck-postfix.orig 2004-06-21 20:11:14.000000000 +0100
+++ logcheck-postfix
2006 Jul 04
1
no such user
I have rules like this on my servers:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]:
[._[:alnum:]-]+ \([._[:alnum:]-]+\[[[:digit:].]{7,15}\]\) (- )USER
[-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+
\[[[:digit:].]{7,15}\]\ to [[:digit:].]{7,15}:21$
basically, I just don't care about logins as nonexistent users,
I get so many of those that I don't even
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
2009 Oct 17
1
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
Hi,
I think that this rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-)
(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
is supposed to filter out lines like:
Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root
It is not working because the pattern dos not include the "/dev/" part
and
2005 Apr 26
3
Bug#306388: add ignore line for udhcpd
Package: logcheck-database
Severity: wishlist
Hi,
the following two lines should be added either to ignore.d.server/dhcp or
ignore.d.server/udhcp to ignore messages from udhcpd (other lines may be
necessary)
# udhcpd support
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending OFFER of [.0-9]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: sending ACK to [.0-9]+
filippo
2009 Apr 03
1
ssh failed login rule problem
Hi there,
I know this is the classic RTFM list question but... I've really tried
hard on this and no result!
This is what I'm receving from logcheck:
System Events
=-=-=-=-=-=-=
Apr 3 06:55:13 bsg sshd[32246]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.245.226
user=root
Apr 3 06:55:19 bsg sshd[32248]: pam_unix(sshd:auth):
2010 Jul 22
1
Bug#589981: logcheck-database: add sender delay rules for bounce
Package: logcheck-database
Version: 1.2.69
Severity: wishlist
Please add the rule
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/bounce\[[[:digit:]]+\]: [:alnum:]+: sender delay notification: [:alnum:]+$
-- System Information:
Debian Release: 5.0.5
APT prefers stable
APT policy: (700, 'stable'), (650, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP
2010 Jul 27
1
Bug#590559: updated rules for webmin
Package: logcheck-database
Version: 1.2.69
Severity: wishlist
(also in version 1.3.10~bpo50+1)
Please update the rules for webmin
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ webmin\[[0-9]+\]: Timeout of
[[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ webmin\[[0-9]+\]: Timeout of(
session for)? [[:alnum:]]+$
(Webmin is version 1.517 from virtualmin.com, if that matters)
- Tim
2010 Feb 09
1
Bug#569014: logcheck kernel rules don't match [<blank><number>.<number>]
Package: logcheck
Version: 1.2.69
The current ruleset "kernel" provided with this logcheck package don't
match entries where the kernel timeline has leading spaces, like:
[ 42.302707]
For example, the following entry:
Feb 4 17:05:24 hostname kernel: [ 144.591487] tun: Universal TUN/TAP
device driver, 1.6
didn't matched the re:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2006 Jan 07
2
Bug#346350: logcheck-database: dhcp3-server ignores need to include (none ) client host name
Package: logcheck-database
Version: 1.2.39
Severity: normal
I use dhcp3-server and a dhcp client which is Sony HDD video recorder
CoCoon. The client not return client host name.
In this case, dhcpd server assumed the client host name is (none).
Therefor dhcpd output log described below.
> Jan 7 10:49:24 on-o dhcpd: DHCPDISCOVER from 08:00:46:33:55:77 ((none)) via eth0
> Jan 7 10:49:25
2008 Sep 24
2
Bug#500017: ignore.d.server/ssh: outdated 'reverse mapping checking ... failed' rule
Package: logcheck-database
Version: 1.2.68
Severity: minor
openssh-server version 1:5.1p1-2
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
should look like
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ \[[.[:alnum:]:]+\] failed -
2008 Jan 24
0
[PATCH] Added "Re-using pre-shared static key" openvpn rule
Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net>
---
rulefiles/linux/ignore.d.server/openvpn | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn
index 68ebf8f..c57e3cb 100644
--- a/rulefiles/linux/ignore.d.server/openvpn
+++ b/rulefiles/linux/ignore.d.server/openvpn
@@ -13,7 +13,7
2008 Jan 24
0
[PATCH] Re-enabled :port portion of "UDPv4 link" openvpn rule
I see that this openvpn rule has been modified to no longer attach the
":port" part to "[undef]" -- probably to reflect a recent change in
openvpn. Unfortunately, the rule no longer matches in etch, thus
breaking the backport.
Here's a patch to match both versions.
Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net>
---
rulefiles/linux/ignore.d.server/openvpn