similar to: Bug#590729: logcheck: please enable syslog-summary by default

Package: logcheck-database Version: 1.2.63 Severity: wishlist Hi, Can you add rule to filter out following messages: System Events =-=-=-=-=-=-= May 15 07:44:48 niko syslog-ng[21911]: Configuration reload request received, reloading configuration; Best regards Andrei Emeltchenko -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'),

Package: logcheck-database Version: 1.2.39 Severity: wishlist Hi, I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix : ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:

Package: logcheck-database Version: 1.2.63 Severity: wishlist Tags: patch The bad address syntax bounce message was previously logged by postfix/qmgr, but in the current version of Postfix in lenny is (at least sometimes) logged by postfix/error instead. -- System Information: Debian Release: lenny/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1,

Package: logcheck-database Version: 1.2.51 Severity: wishlist I'm backup my ldap with slapcat (from package slapd) and get a entry in syslog. Can you add to /etc/logcheck/ignore.d.server/slpad: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ slapcat: bdb_db_init: Initializing BDB database$ -- System Information: Debian Release: 3.1 APT prefers experimental APT policy: (1, 'experimental')

Package: logcheck Version: 1.1.1-13.1woody1 Severity: important logcheck line 56 uses "TMPDIR=$(mktemp -d -p ..." but mktemp from woody doesn't accept -p option Cheers, Chris -- System Information Debian Release: 3.0 Kernel Version: Linux ethlife-a 2.4.26-vs1.27 #4 SMP Mit Apr 28 15:20:15 MEST 2004 i686 unknown Versions of the packages logcheck depends on: ii cron

Package: logcheck Version: 1.2.42 Severity: minor Tags: patch Logcheck does not report any error if the config file is not readable or does not exists. This may easily happen, as logcheck is run as logcheck user and while one is testing a new configuration on live system with running configuration intact. Following fragment may help: # Now source the config file - before things that should

Package: logcheck-database Version: 1.2.49 Severity: normal My logcheck configuration is quite a default one, ignore level server. i found the "session opened" and "session closed" ignore lines in ignore.d.server/logcheck. but i still get those lines in the logcheck mails: Nov 12 17:17:01 server06 CRON[32741]: (pam_unix) session opened for user root by (uid=0) Nov 12

Package: logcheck-database Version: 1.2.54 Severity: normal Hello, it seems crontab reports it's whole path in syslog : May 6 16:00:03 eckmul /usr/bin/crontab[9722]: (root) LIST (nobody) I don't have other messages from it in my logs, so I can't comment on the other lines in /etc/logcheck/ignore.d.server/cron , but I had to modify the LIST one with /usr/bin/crontab Thanks, --

Package: logcheck-database Version: 1.2.51 Severity: normal Messages such as these are no longer being filtered by logcheck ('hostname' used to replace actual hostname; 'hostname.com' used to replace actual domain): Dec 23 12:02:58 hostname postfix/lmtp[5047]: 38BE4C21ED: to=<root at hostname.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.1, delays=2/0.16/0.05/1.8,

Package: logcheck-database Version: 1.2.47 Severity: normal Tags: patch Without the following logcheck line in /etc/logcheck/violations.ignore.d, lines such as the following are reported: postfix/smtp[30054]: 824E9A2C1E: to=<nooneisillegal at someplace.net>, relay=0.0.0.0[0.0.0.0], delay=1, status=sent (250 2.6.0 Ok, id=30274-22, from MTA: 250 Ok: queued as 15140A2D0A) This is because

Package: logcheck-database Version: 1.2.43a Severity: wishlist -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I recently switched to syslog-ng. Here are some lines that can be ignored. syslog-ng: Changing permissions on special file /dev/xconsole syslog-ng: STATS: dropped 2 - -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (650, 'testing'),

Package: logcheck-database Version: 1.2.43a Severity: normal Tags: patch Hi, Given the following popa3d log messages: popa3d[15636]: 0 messages (0 bytes) loaded popa3d[15993]: 1 message (3837 bytes) loaded popa3d[15856]: 3 messages (18116 bytes) loaded The current logcheck ruleset does not take into account that sometimes there might be multiple message_S_ to be loaded. The following patch

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch When views are used in bind, the logcheck filters don't catch the common informational log messages. Added regex bits to the filter definitions. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel:

Package: logcheck-database Version: 1.2.54 Severity: normal The included filters for cyrus (/etc/logcheck/ignore.d.server/cyrus) are very minimal. The cyrus-imapd-2.2 has a more extensive ruleset (there's a /etc/logcheck/ignore.d.server/cyrus2_2 file in that package). Please copy over the filters from cyrus-imapd-2.2. I'm running logcheck on a loghost, which doesn't run cyrus

Package: logcheck-database Version: 1.2.39 Severity: normal The rule for postfix/smtp read timeout (port 25) doesn't match the actual log message: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ \[[.0-9]+\]: read timeout \(port 25\)$ A sample log line is: May 17 17:38:16 dp postfix/smtp[12256]: connect to smtpv1.ihs.gov[198.45.3.65]: read timeout (port

Package: logcheck-database Version: 1.2.44 Severity: minor Tags: patch Hi, This patch changes one rule for dhcpd. It adds support for log lines of the following format: May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1 Regards, Robbert --- /root/dhcp 2006-05-30 21:50:24.000000000 +0200 +++ dhcp 2006-05-30 23:27:06.000000000 +0200 @@ -18,7 +18,7 @@

Package: logcheck-database Version: 1.2.23 Followup-For: Bug #254681 Please generalize "nobody" to "[_[:alnum:]-]+", as some cron jobs su to other users: Jul 11 06:51:16 tux su[10385]: + ??? root:hinfo Jul 11 06:57:25 tux su[29801]: + ??? root:www-data Thanks. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500,

Package: logcheck-database Version: 1.2.28 Severity: wishlist Could you add support for dnsmasq for the server profile? This is the standard dnsmasq output. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: read /etc/hosts - [[:digit:]]+ addresses$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: reading /etc/resolv.conf$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck-database Version: 1.2.40 Severity: wishlist Hi, Please duplicate the imap-login related lines and change them to filter out the equivalent messages emitted by pop3-login. regards Andrew -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel:

Package: logcheck-database Version: 1.2.68 Severity: normal I'm using ldap to authenticate users. And thus pam_unix is sufficient, but allowed to fail. It has now started to spam the logs with lots of Jan 2 09:22:57 sisko sshd[28511]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=host92-22-static.38-79-b.business.telecomitalia.it user=root And on