similar to: Bug#589981: logcheck-database: add sender delay rules for bounce

Package: logcheck-database Version: 1.2.69 Severity: normal Tags: patch Hi, I think that this rule: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$ is supposed to filter out lines like: Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root It is not working because the pattern dos not include the "/dev/" part and

# Automatically generated email from bts, devscripts version 2.10.35 # via tagpending # # logcheck (1.3) unstable; urgency=low # # * Formalise the dropping of violations.d/logcheck. Please see # /usr/share/doc/logcheck-database/NEWS.Debian.gz for more information # (closes: #471072). # * Add Auto-Submitted header to outgoing mails (closes: #489172). # * ignore.d.server/kernel: # -

# Automatically generated email from bts, devscripts version 2.10.30 # via tagpending # # logcheck (1.2.65) unstable; urgency=low # # * ignore.d.server/courier: # - update rules to include port information; thanks to Antoine Pardignon # (closes: #446310). # - ignore couriertcpd messages; thanks to Andrew Gallagher # (closes: #451118). # * ignore.d.server/smbd_audit: # -

# Automatically generated email from bts, devscripts version 2.10.18.1 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/bind: # - moved "[bind] query $FOO denied" rule to violations.ignore.d # (closes: #443881). # - added bind's "AXFR ended" rule alongside "AXFR started" # (closes: #445046). # - added "adding an

# Automatically generated email from bts, devscripts version 2.10.30 # via tagpending # # logcheck (1.2.65) unstable; urgency=low # # * ignore.d.server/postfix: # - ignore connection messages for anonymous TLS connections; thanks to # Justin Larue (closes: #486440). # - ignore hostname verification due to DNS name not found; thanks to # Justin Larue (closes: #486440). # *

Package: logcheck Version: 1.2.26 Severity: wishlist Please add ignore for Spamassasin's "check" messages like: Aug 16 19:27:54 ns spamd[23853]: checking message <20040816150710.86ADA708A8 at smtp-out.hotpop.com> for nobody:65534. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.26.20040601 Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL

Package: logcheck-database Version: 1.2.69 Severity: normal Tags: patch kernel log lines of the form: ...kernel: [1933150.816604] TCP: Treason uncloaked! Peer 0000:0000:0000:0000:0000:ffff:d04e:3f6b:4038/80 shrinks window 2491430013:2491430014. Repaired. are not caught by the current rules. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500,

# Automatically generated email from bts, devscripts version 2.10.27 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/dhcp # - Adding dhcp rules for DNS updates by ddns_remove_a() # (closes: #459875, #472368) # - Added dhcp "removed reverse map" rule, which occurs on DHCPRELEASE. # * ignore.d.server/spamd # - deal with socket connections by e.g. evolution

Package: logcheck Version: 1.2.39 Severity: normal Since I've upgraded my servers to sarge, I'm getting mail every hour for stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns out that sarge's version no longer reads that file. If this was a conscious decision, then there should be some warning about this when upgrading (via debconf of NEWS.Debian). Also, the

Package: logcheck-database Version: 1.3.5 Severity: normal Hi, I was having a look at logcheck and why I received a "verification failed: Temporary failure in name resolution" as a _system_ message. Turns out that since violations.d/logcheck is empty now, most of the rules in violations.ignore.d look quite useless, can you confirm? I suspect that a big part of those rules should be

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch fixes several regular expressions: * OpenVPN does not print the full path to ifconfig or route (at least here) * The interface name can also contain dots and does not always start with "tun" * The startup messages now gets suppressed

On Sat, 15 May 2004, CVS User ttroxell wrote: > if [ -f /etc/logcheck/header.txt ] ; then > - $CAT /etc/logcheck/header.txt >> $TMPDIR/report > + $CAT /etc/logcheck/header.txt >> $TMPDIR/report \ > + || error "Could not append header to $TMPDIR/report Disk full?" > fi > } > > @@ -152,7 +157,8 @@ > # Add a footer

Package: logcheck Version: 1.2.32 Severity: important In postinst logcheck "fixes" permissions of /etc/logcheck/* to 750. In my (and others on #d-d) opinion ownership and permissions should be preserved upon package upgrades. Logcheck must not screw with my decision to make them world readable every time it configures. -- Peter

# Automatically generated email from bts, devscripts version 2.10.35 # via tagpending # # logcheck (1.3.2) experimental; urgency=low # # * Apply patch from Jari Aalto for fixing package description paragraph # ordering by importence, thanks (closes: #499415) # * Supress cron session closed messages too, thanks to Ferenc Wagner for # noticing (closes: #499393) # package logcheck-database

Package: logcheck-database Version: 1.2.62 Severity: normal File: /etc/logcheck/violations.ignore.d/logcheck-ssh Somewhere between etch and now, ssh stopped reporting failed passwords as "error: PAM: Authentication failure for foo", and switched to "Failed password for foo", similar to what it already did for unknown users, but without the "invalid user" part.

# Automatically generated email from bts, devscripts version 2.10.35 # via tagpending # # logcheck (1.3.2) experimental; urgency=low # # * Apply patch from Jari Aalto for fixing package description paragraph # ordering by importence, thanks (closes: #499415) # package logcheck-database logtail logcheck tags 499415 + pending

Hello world, I installed logcheck for monitoring geronimo logs (geronimo.out). i want use it only for that. i don't know how to add a geronimo regex. Even a new term "Exception" is detected, i want that logcheck send me an alert by mail. Can you tell me please how can i do because it appears that my configuration not works. -------------- next part -------------- An HTML attachment

Package: logcheck-database Version: 1.2.28 Severity: normal Hi, the Internet Software Consortium changed the name to Internet Systems Consortium. For a fix for the logcheck rules see the attachment. -- System Information: Debian Release: 3.0 APT prefers testing APT policy: (600, 'testing'), (100, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel:

Hello, list! I can't run logcheck. This is the first time my system has not let me run something, any way I try. I am member of sudo group. I run this sudo -u logcheck logcheck -o -t and get Sorry, user [user] is not allowed to execute '/usr/sbin/logcheck -o -t' as logcheck on [machine]. If I try su -s /bin/bash -c "/usr/sbin/logcheck -o -t" logcheck I get

I've installed logcheck on CentOS from source, as well as liblockfile and lockfile-progs. I've created a logcheck user with /var/lib/logcheck as the home and /sbin/nologin as the shell. logcheck user is in the adm group. I also customised the list of logfiles for CentOS. When I run logcheck, I get the following errors: # sudo -u logcheck logcheck -ot basename: invalid option -- - Try