similar to: Bug#580260: logcheck-database: dkim-filter needs tweak

Package: logcheck-database Version: 1.2.63 > Apr 28 17:02:39 naam dkim-filter[15536]: 570BA180CE: bad signature data > Apr 28 17:03:20 naam dkim-filter[15536]: A08D2180CE: bad signature data > Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE SSL error:04077068:rsa routines:RSA_verify:bad signature > Apr 28 17:16:40 naam dkim-filter[15536]: BA397180CE: bad signature data > Apr 28

Package: logcheck-database Version: 1.2.45 Severity: normal Tags: patch pending confirmed My bad, sorry. --- rulefiles/linux/ignore.d.server/ssh 6 Jul 2006 10:16:41 -0000 1.18 +++ rulefiles/linux/ignore.d.server/ssh 7 Jul 2006 19:35:19 -0000 @@ -10,7 +10,7 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from [:[:alnum:].]+ \([:[:alnum:].]+\)$ ^\w{3} [ :0-9]{11}

- ignore messages "acpid: client has disconnected" Signed-off-by: Hanspeter Kunz <hp at edelkunz.ch> --- rulefiles/linux/ignore.d.server/acpid | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/rulefiles/linux/ignore.d.server/acpid b/rulefiles/linux/ignore.d.server/acpid index 034ddf1..faebe1e 100644 --- a/rulefiles/linux/ignore.d.server/acpid +++

I see that this openvpn rule has been modified to no longer attach the ":port" part to "[undef]" -- probably to reflect a recent change in openvpn. Unfortunately, the rule no longer matches in etch, thus breaking the backport. Here's a patch to match both versions. Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net> --- rulefiles/linux/ignore.d.server/openvpn

At least the policyd-weight in lenny seems to generate quite different patterns. For example the 'rate' is output multiple times in some situations, the 'check from' is omited sometimes and somehow those log messages have a trailing blank. With those patterns logcheck stays silent again. Signed-off-by: Mathias Krause <minipli at googlemail.com> ---

Package: logcheck-database Version: 1.3.8 Severity: normal After double checking that I had the most up to date logcheck-database :-) I am seeing these lines reported. May 17 15:29:33 localhost named[1765]: error (network unreachable) resolving 'software.majix.org/A/IN': 2001:503:ba3e::2:30#53 I believe that this line was intended to match it. ^\w{3} [ :[:digit:]]{11}

Package: logcheck Version: 1.2.62 Severity: wishlist Here are two rules for ddclient, a client for dynamic IP services such as DynDNS or DynIP: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: SUCCESS: updating [._[:alnum:]-]+: good: IP address set to [:[:xdigit:].]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ddclient\[[[:digit:]]+\]: WARNING: forcing update of [._[:alnum:]-]+ from

Signed-off-by: Fr?d?ric Bri?re <fbriere at fbriere.net> --- rulefiles/linux/ignore.d.server/openvpn | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn index 68ebf8f..c57e3cb 100644 --- a/rulefiles/linux/ignore.d.server/openvpn +++ b/rulefiles/linux/ignore.d.server/openvpn @@ -13,7 +13,7

From: Simon Deziel <simon.deziel at gmail.com> Fixes LP: #806537 Signed-off-by: Simon Deziel <simon.deziel at gmail.com> --- rulefiles/linux/ignore.d.server/openvpn | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/rulefiles/linux/ignore.d.server/openvpn b/rulefiles/linux/ignore.d.server/openvpn index 2b4bfd6..d80f42f 100644 ---

Package: logcheck-database Version: 1.2.62 Severity: wishlist File: /etc/logcheck/ignore.d.server/ssh openssh issues a friendly warning when the remote IP maps back to a hostname that looks just like an IP address. (For example, the address 206.251.174.31 currently maps back to the hostname "206.251.174.31".) Here's a rule that filters out these unimportant messages: ^\w{3} [

Package: logcheck-database Version: 1.2.62 Severity: normal File: /etc/logcheck/violations.ignore.d/logcheck-ssh Somewhere between etch and now, ssh stopped reporting failed passwords as "error: PAM: Authentication failure for foo", and switched to "Failed password for foo", similar to what it already did for unknown users, but without the "invalid user" part.

Package: logcheck Version: 1.3.13 Severity: minor Tags: patch Hi, Logcheck reports messages of the form: Mar 15 06:25:26 foohost rsyslogd: [origin software="rsyslogd" swVersion="5.7.6" x-pid="3301" x-info="http://www.rsyslog.com"] rsyslogd was HUPed I suggest the following tweak to /etc/logcheck/ignore.d.server/rsyslog: diff -u

Package: logcheck-database Version: 1.2.28 Severity: normal Hi, the Internet Software Consortium changed the name to Internet Systems Consortium. For a fix for the logcheck rules see the attachment. -- System Information: Debian Release: 3.0 APT prefers testing APT policy: (600, 'testing'), (100, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel:

Package: logcheck-database Version: 1.2.54 /etc/logcheck/ignore.d.server/postfix specifies a filter rule to filter out anvil statistic logging: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for \(([.:[:xdigit:]]+)?(smtp(s)?|25|587):[.:[:xdigit:]]+\) at \w{3} [ :0-9]{11}$ If Postfix on port 587 is configured

Package: logcheck-database Hey, I created a logcheck ignore file for Snort with stuff I don't particularly want to see every day. The one line with the warning in it is questionable, so leave it in or out at your discretion. Also, my regex skills are not as good as they could be, so there are probably mistakes, or things that could be simplified more. Rules are below: ^\w{3} [

Package: logcheck-database Version: 1.2.44 Severity: minor Tags: patch Hi, This patch changes one rule for dhcpd. It adds support for log lines of the following format: May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1 Regards, Robbert --- /root/dhcp 2006-05-30 21:50:24.000000000 +0200 +++ dhcp 2006-05-30 23:27:06.000000000 +0200 @@ -18,7 +18,7 @@

Package: logcheck-database Version: 1.2.54 Severity: minor -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.2-dp0 Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15) Versions of packages logcheck-database depends

Package: logcheck-database Version: 1.2.39 Severity: normal I use dhcp3-server and a dhcp client which is Sony HDD video recorder CoCoon. The client not return client host name. In this case, dhcpd server assumed the client host name is (none). Therefor dhcpd output log described below. > Jan 7 10:49:24 on-o dhcpd: DHCPDISCOVER from 08:00:46:33:55:77 ((none)) via eth0 > Jan 7 10:49:25

Package: logcheck-database Severity: wishlist Tags: patch Hi, some rules for ntpd as i couldn't find any: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset [+-]*[0-9]{1,2}\.[0-9]{6} s$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation lost$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers reachable$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck-database Version: 1.2.22a Severity: normal Thanks to the upgrade to Postfix 2.1 and deploying a newer logcheck ruleset on a busier server I've found a bunch more rules for Postfix. I've attached new rules files and patches are inline. The following patch is for violations.ignore.d: --- logcheck-postfix.orig 2004-06-21 20:11:14.000000000 +0100 +++ logcheck-postfix