Displaying 20 results from an estimated 600 matches similar to: "Bug#590559: updated rules for webmin"
2010 Feb 09
1
Bug#569014: logcheck kernel rules don't match [<blank><number>.<number>]
Package: logcheck
Version: 1.2.69
The current ruleset "kernel" provided with this logcheck package don't
match entries where the kernel timeline has leading spaces, like:
[ 42.302707]
For example, the following entry:
Feb 4 17:05:24 hostname kernel: [ 144.591487] tun: Universal TUN/TAP
device driver, 1.6
didn't matched the re:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2010 Feb 17
1
Bug#570207: logcheck wu-ftpd rules do'nt match
Package: logcheck
Version: 1.2.69
Severity: normal
In the file /etc/logcheck/ignore.d.server/wu-ftpd
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$
should be
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd\[[0-9]{4}\]: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$
There is a number after "wu-ftpd"
-- System
2010 Jul 22
1
Bug#589981: logcheck-database: add sender delay rules for bounce
Package: logcheck-database
Version: 1.2.69
Severity: wishlist
Please add the rule
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/bounce\[[[:digit:]]+\]: [:alnum:]+: sender delay notification: [:alnum:]+$
-- System Information:
Debian Release: 5.0.5
APT prefers stable
APT policy: (700, 'stable'), (650, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP
2010 Jul 28
1
Bug#590679: [logcheck-database] rules for ntpd
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
some rules for ntpd as i couldn't find any:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset
[+-]*[0-9]{1,2}\.[0-9]{6} s$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation
lost$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers
reachable$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2009 Oct 24
1
Bug#552222: logcheck: dhclient regexes need updating
Package: logcheck
Version: 1.3.3
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
As reported in https://launchpad.net/bugs/307847:
recent dhclient includes the ip address it is releasing and renewing.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(NAK|ACK|OFFER) from [.0-9]{7,15}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2011 Aug 15
3
Bug#637923: Tweak to ssh rules to ignore AllowGroups denial
Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial
Package: logcheck-database
Version: 1.3.13
Severity: minor
*** Please type your report below this line ***
Similar to how AllowUsers denials are ignored, also ignore AllowGroups:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of
2009 Sep 10
1
Bug#546004: logcheck-database: logcheck kernel "Treason uncloaked" filter doesn't catch ipv6 addresses.
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
kernel log lines of the form:
...kernel: [1933150.816604] TCP: Treason uncloaked!
Peer 0000:0000:0000:0000:0000:ffff:d04e:3f6b:4038/80 shrinks window
2491430013:2491430014. Repaired.
are not caught by the current rules.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500,
2010 May 17
1
Bug#582060: logcheck-database: bind network unreachable errors
Package: logcheck-database
Version: 1.3.8
Severity: normal
After double checking that I had the most up to date logcheck-database
:-) I am seeing these lines reported.
May 17 15:29:33 localhost named[1765]: error (network unreachable) resolving 'software.majix.org/A/IN': 2001:503:ba3e::2:30#53
I believe that this line was intended to match it.
^\w{3} [ :[:digit:]]{11}
2010 Dec 29
1
Bug#608256: /etc/logcheck/ignore.d.server/dnsmasq: dnsmasq: interface names are allowed to have a dash (-) please add this to the filter
Package: logcheck-database
Version: 1.2.69
Severity: normal
File: /etc/logcheck/ignore.d.server/dnsmasq
A dnsmasq log about DHCP events has the interface name in it. Interface names are allowed to have a dash (-) in them,
but the logcheck filter does not have the dash in it.
Please add the dash.
-- System Information:
Debian Release: 5.0.7
APT prefers stable
APT policy: (500,
2009 Sep 06
1
Bug#545318: logcheck-database: please add rule for newgrp messages
Package: logcheck-database
Version: 1.2.69
Severity: wishlist
Hello,
when newgrp (part of the package login) is used, I see messages
like this in my syslog:
Aug 27 23:36:16 debian64 newgrp[1975]: user `root' (login `root' on tty1)
switched to group `backup'
Aug 27 19:28:15 srv1 newgrp[10082]: user `root' (login `mazur' on pts/1)
switched to group `backup'
Aug 27
2010 Feb 07
2
Bug#568815: Redundant messages from dhcpd in logcheck output in "server" mode.
Package: logcheck
Version: 1.2.69
Severity: normal
Tags: patch
Logcheck's reports contains many messages like:
Feb 7 19:03:57 srv dhcpd: DHCPREQUEST for 172.21.0.126 from 00:19:7e:9f:cc:32 (Hostname
Unsuitable for Printing) via eth0
Feb 7 19:03:57 srv dhcpd: DHCPACK on 172.21.0.126 to 00:19:7e:9f:cc:32 (Hostname
Unsuitable for Printing) via eth0
I create file
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
2009 Oct 17
1
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
Hi,
I think that this rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-)
(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
is supposed to filter out lines like:
Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root
It is not working because the pattern dos not include the "/dev/" part
and
2011 Dec 18
0
Bug#652537: Please add rule for inetutils-syslogd
Package: logcheck
Version: 1.2.69
The inetutils-syslogd (2:1.5.dfsg.1-9) package provides a system
logging daemon. syslogd periodically logs the following message:
Dec 17 00:29:11 host syslogd (GNU inetutils 1.5): restart
The following logcheck rulefile works to filter the messages from the
"System Events" email:
# cat inetutils-syslogd
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd
2010 Feb 14
3
Bug#569843: logcheck-database: acpid filter misses trailing white space
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
The syslog messages for acpid when a window client connects
or disconnect all have a trailing single space at each line.
Therefore the existing two patterns in
/etc/logcheck/ignore.d.server/acpid
fail to filter out the events. Furthermore, the disconnect
message includes a PID-numbered client, which is not present
in the
2010 Jan 11
1
Bug#564702: [PATCH] rules suggestions for dhcpcd
Package: logcheck
Severity: wishlist
I'm attaching rules suggestions for dhcpcd as a git patch, and also a
sample from my logs.
Please review the patch (I can fix any issues with it) and include in
logcheck if you like it.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: 0001-Added-rules-for-dhcpcd.patch
URL:
2011 Apr 26
1
Bug#624197: logcheck-database: update for amavisd-new SPAMMY log entries
Package: logcheck-database
Version: 1.3.13
Severity: normal
Tags: patch
mavisd-new uses SPAMMY since 2.4.1:
http://www.mail-archive.com/amavis-user at lists.sourceforge.net/msg05055.html
patch attached.
-- System Information:
Debian Release: 6.0.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux
2011 Mar 02
1
Bug#616103: logcheck: (re)enable globbing of logfile names
Package: logcheck
Version: 1.3.13
Severity: minor
Tags: patch
In Lenny it was possible to use wildcards in logcheck.logfiles. For
example, I used: /var/log/HOSTS/*/*.log
root at durer:~# su -s /bin/bash -c "bash -x /usr/sbin/logcheck" logcheck
<cut>
+ read file
+ logoutput '/var/log/HOSTS/*/*.log'
+ file='/var/log/HOSTS/*/*.log'
+ debug 'logoutput called
2010 Jan 11
1
Bug#564693: logcheck: should suggest/recommend nail
Package: logcheck
Version: 1.3.5
Severity: minor
Hi,
reading logcheck source it seems that it requires nail for MAILATTACH to work,
however it is not suggested/recommended.
(JFTR it is debatable if nail is appropriate or something else should be used)
thanks,
filippo
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500,
2010 Jan 21
1
Bug#566107: logcheck-database: with violations.d/logcheck empty most rules in violations.ignore.d look useless
Package: logcheck-database
Version: 1.3.5
Severity: normal
Hi,
I was having a look at logcheck and why I received a "verification failed:
Temporary failure in name resolution" as a _system_ message.
Turns out that since violations.d/logcheck is empty now, most of the rules in
violations.ignore.d look quite useless, can you confirm?
I suspect that a big part of those rules should be
2008 Sep 24
2
Bug#500017: ignore.d.server/ssh: outdated 'reverse mapping checking ... failed' rule
Package: logcheck-database
Version: 1.2.68
Severity: minor
openssh-server version 1:5.1p1-2
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ failed - POSSIBLE BREAK-?IN ATTEMPT!$
should look like
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: reverse mapping checking getaddrinfo for [._[:alnum:]-]+ \[[.[:alnum:]:]+\] failed -