similar to: Bug#583155: logcheck-database: Please create rules for amavis(d-new)

Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch After upgrading to debian squeeze I get several messages a day in the form of: Jul 2 15:05:15 hostname spamd[21286]: spamd: handled cleanup of child pid [28609] due to SIGCHLD: exit 0 This is due to an update in spamd, that makes the message more detailed (includes exit code)[1]. Therefore messages including exit code 0

Package: logcheck-database Version: 1.3.13 Severity: normal The rule for SSH ignoring "Bad protocol version identification" assumes there are no single quotes inside the version string ('[^']'). I am however getting mails including those lines: Mar 25 22:57:04 Debian-60-squeeze-64-minimal sshd[12144]: Bad protocol version identification

Package: logcheck-database Version: 1.2.26 Severity: normal Hi, the file courier contains the line: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop3d-ssl: Unexpected SSL connection shutdown\.$ This triggers the security logcheck section because of the word "shutdown". Quick fix is to move or duplicate this line to violations.ignore.d/logcheck-courier. BTW: It looks like the courier package

I have rules like this on my servers: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ proftpd\[[[:digit:]]+\]: [._[:alnum:]-]+ \([._[:alnum:]-]+\[[[:digit:].]{7,15}\]\) (- )USER [-_.[:alnum:]]+: no such user found from [._[:alnum:]-]+ \[[[:digit:].]{7,15}\]\ to [[:digit:].]{7,15}:21$ basically, I just don't care about logins as nonexistent users, I get so many of those that I don't even

Dear Samba-users, I cannot manage to make samba read my logon.script for windows clients where basicaly networkdrive-mapping is done. Samba complaines about not having permission... Error: switch message SMBntcreateX (pid 28286) [2004/12/03 11:27:31, 3] smbd/dosmode.c:unix_mode(110) unix_mode(logon.bat) returning 0744 [2004/12/03 11:27:31, 3] smbd/open.c:open_file(173) Error opening file

Package: logcheck Version: 1.2.43a Severity: normal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have messages like these in my logs: Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 58 to 57 Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 58 to 57

Package: logcheck Version: 1.2.23 Severity: normal Hello, I have: # /bin/cat ignore.d.server/cron ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) LIST \([[:alnum:]-]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ crontab\[[0-9]+\]: \([[:alnum:]-]+\) REPLACE \([[:alnum:]-]+\)$ and: # /bin/cat ignore.d.paranoid/cron ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck-database Version: 1.2.43a Severity: minor Since last weekend's upgrade of logcheck-database from 1.2.42 to 1.2.43a, logcheck stopped ignoring routine SpamAssassin messages of the form Feb 20 21:36:16 tux64 spamd[4665]: spamd: checking message <20060220190721.0E0B41C5207 at llwb563.servidoresdns.net> for amu:7286 Could you please edit the second pattern in

Hi guys, now that violations.d/logcheck is empty, violations.ignore.d/logcheck-* are useless and many messages that were previously elevated and filtered there now turn up as system events. Thus, I went ahead and merged violations.ignore.d/logcheck-* into ignore.d.*/* in the viol-merge branch. http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge Unless I hear

# Automatically generated email from bts, devscripts version 2.10.18.1 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/bind: # - moved "[bind] query $FOO denied" rule to violations.ignore.d # (closes: #443881). # - added bind's "AXFR ended" rule alongside "AXFR started" # (closes: #445046). # - added "adding an

Package: logcheck Version: 1.2.20a Severity: serious Tags: patch On a system where sh points to dash and LANG=es_ES, I get this: # apt-get -y --reinstall install logcheck Leyendo lista de paquetes... 0% Leyendo lista de paquetes... 0% Leyendo lista de paquetes... 23% Leyendo lista de paquetes... Hecho Creando ?rbol de dependencias... 0% Creando ?rbol de dependencias... 0% Creando ?rbol de

Dear logcheck Team, sorry for choosing the direct contact I don't know if it's the correct way. I am using logcheck on a webserver where pureftp is installed for upload of content. Logcheck is working fine except for one ignore.d rule regarding the logout messages from pureftp. Logcheck is reporting lots (an I mean lots) of messages from the following type: Feb 5 06:02:45 web1

<nitpickyness> To avoid possible confusion, shouldn't this be named logcheck-pureftpd, or logcheck-pure-ftpd (instead of logcheck-pureftp)? Or is there a reason (that I've missed) it's this way? </nitpickyness> -j -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This

Package: logcheck-database Version: 1.2.23 Severity: minor Hi, a couple of minor corrections to the dhcp rule sets: First of all, the hostname matching parts need to include the "._-" signs (maybe . is not needed but it might be). Then when using failover, log lines of type DHCPDISCOVER and DHCPREQUEST may be entailed by the string ": load balance to peer <somestring>".

Package: logcheck Version: 1.2.22a Severity: wishlist There is no support for imapproxy, and it would be a great help if it was added. Following are two sample lines from the syslog: Jun 11 09:36:55 MyHost in.imapproxyd[30845]: LOGOUT: '"MyUser"' from server sd [13] Jun 11 09:37:02 MyHost in.imapproxyd[30846]: LOGIN: '"MyUser"' (xxx.xxx.xxx.xx:yyyyy) on

On Sat, Jan 27, 2007 at 02:40:41PM -0800, Steve Langasek wrote: > On Sat, Jan 27, 2007 at 02:36:00PM +0000, martin f krafft wrote: > > tags 408037 wontfix > > thanks > > > Steve, I am not happy with filtering this message on the basis that > > is *is* an uncorrectable sector and thus a problem that should get > > fixed. > > No, smartd already sends its

Package: logcheck Version: 1.2.41 Severity: minor man (8) logcheck says: For hints on how to maintain rules, see README.logcheck-database.gz, but this file is not included in /usr/share/doc/logcheck. micah -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel:

Every hour I get a mail from logcheck with a line like Nov 6 12:08:34 wheat fetchnews[13617]: clamping maxage for comp.os.linux.admin to global expire 50 The strange thing is that syslog is filled with similar lines, but this is the only one I get in the report. It is the last such line in each group: # many similar lines deleted Nov 6 12:08:32 wheat fetchnews[13617]: comp.std.c++: considering

Package: logcheck Version: 1.3.3 Severity: wishlist Tags: patch Ali Saidi submitted rules for amd from the am-utils package to Ubuntu at https://bugs.launchpad.net/ubuntu/+source/logcheck/+bug/91438 The provided rules are located at: http://launchpadlibrarian.net/6728953/amd Please consider including them in the next release. I've asked where to put them, but it should probably the

Package: logcheck-database Version: 1.2.37 Severity: normal Hello again, openntpd gives messages like these failry often: Apr 7 14:25:55 terminus ntpd[673]: peer 204.17.42.202 now invalid Apr 7 14:26:10 terminus ntpd[673]: peer 204.17.42.202 now valid I am not sure if this is something that an admin may find relevant but they happen fairly often and they do not offer a lot of info for me.