Displaying 20 results from an estimated 5000 matches similar to: "Bug#617232: logcheck: ignore regexes match ipv4 addresses only, causing false positives with ipv6 addresses."
2009 Oct 24
1
Bug#552222: logcheck: dhclient regexes need updating
Package: logcheck
Version: 1.3.3
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu karmic ubuntu-patch
As reported in https://launchpad.net/bugs/307847:
recent dhclient includes the ip address it is releasing and renewing.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(NAK|ACK|OFFER) from [.0-9]{7,15}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2010 Nov 05
0
Bug#602494: logcheck runs filters for packages not installed
Package: logcheck
Version: 1.3.13
Severity: normal
Hi, at present my logcheck is into 33 minutes of cpu time for
running the ignore/innd rule, when the innd package is not installed.
If running logcheck against only locally created logfiles, there should
be a configuration option to only run logcheck against installed (or
non-purged) packages.
-- System Information:
Debian Release: squeeze/sid
2006 May 30
2
Bug#369603: logcheck-database: new rule for dhcpd
Package: logcheck-database
Version: 1.2.44
Severity: minor
Tags: patch
Hi,
This patch changes one rule for dhcpd. It adds support for log lines of the following format:
May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1
Regards,
Robbert
--- /root/dhcp 2006-05-30 21:50:24.000000000 +0200
+++ dhcp 2006-05-30 23:27:06.000000000 +0200
@@ -18,7 +18,7 @@
2011 Apr 17
0
Processed: logcheck ignore rules for rsyslogd
Processing commands for control at bugs.debian.org:
> reassign 623058 rsyslog
Bug #623058 [logcheck] logcheck: tweak 'rsyslogd was HUPed' filter
Bug reassigned from package 'logcheck' to 'rsyslog'.
Bug No longer marked as found in versions logcheck/1.3.13.
> thanks
Stopping processing here.
Please contact me if you need assistance.
--
623058:
2006 Feb 12
1
Bug#338732: logcheck-database: ignore rule for package cvs
tags 338732 pending
thanks
On 12 Nov 2005, at 11:38, Martin Lohmeier wrote:
> here is a rule for the cvs package. The line that should be ignored
> looks like this:
>
> Nov 12 12:02:22 djinn01 cvs-pserver[15917]: connect from
> 212.202.200.77 (212.202.200.77)
> Nov 12 12:31:00 djinn01 cvs-pserver[18386]: connect from
> 80.190.250.190 (80.190.250.190)
>
> I'll
2010 Feb 07
2
Bug#568815: Redundant messages from dhcpd in logcheck output in "server" mode.
Package: logcheck
Version: 1.2.69
Severity: normal
Tags: patch
Logcheck's reports contains many messages like:
Feb 7 19:03:57 srv dhcpd: DHCPREQUEST for 172.21.0.126 from 00:19:7e:9f:cc:32 (Hostname
Unsuitable for Printing) via eth0
Feb 7 19:03:57 srv dhcpd: DHCPACK on 172.21.0.126 to 00:19:7e:9f:cc:32 (Hostname
Unsuitable for Printing) via eth0
I create file
2011 Jul 28
0
/usr/sbin/logcheck: line 100: kill: (24333) - No such process
Hello
I've installed a new mailserver with CentOS 6.0 x86_64. For the reporting
I need logcheck.
I've the same problem as
https://bugzilla.redhat.com/show_bug.cgi?id=678436
Description of problem:
I installed logcheck and now I get mails from cron with the following
error
message:
Subject: Cron <logcheck at genius> if [ -x /usr/sbin/logcheck ]; then nice
-n10
2011 Apr 16
0
Bug#623058: logcheck: tweak 'rsyslogd was HUPed' filter
Package: logcheck
Version: 1.3.13
Severity: minor
Tags: patch
Hi,
Logcheck reports messages of the form:
Mar 15 06:25:26 foohost rsyslogd: [origin software="rsyslogd" swVersion="5.7.6" x-pid="3301" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
I suggest the following tweak to /etc/logcheck/ignore.d.server/rsyslog:
diff -u
2008 Sep 17
2
Bug#499323: logcheck-database: Logcheck fails to ignore certain OpenVPN messages
Package: logcheck-database
Version: 1.2.54
Severity: normal
Tags: patch
Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch
fixes several regular expressions:
* OpenVPN does not print the full path to ifconfig or route (at least here)
* The interface name can also contain dots and does not always start with "tun"
* The startup messages now gets suppressed
2011 Mar 02
1
Bug#616103: logcheck: (re)enable globbing of logfile names
Package: logcheck
Version: 1.3.13
Severity: minor
Tags: patch
In Lenny it was possible to use wildcards in logcheck.logfiles. For
example, I used: /var/log/HOSTS/*/*.log
root at durer:~# su -s /bin/bash -c "bash -x /usr/sbin/logcheck" logcheck
<cut>
+ read file
+ logoutput '/var/log/HOSTS/*/*.log'
+ file='/var/log/HOSTS/*/*.log'
+ debug 'logoutput called
2005 Jul 11
3
Bug#317741: logcheck-database: fails to ignore properly some lines from 'rbldnsd'
Package: logcheck-database
Version: 1.2.40
Severity: normal
Tags: patch
There are one line that is not properly ignored. I include in the report
a better version.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (400, 'testing'), (300, 'unstable'), (200, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale:
2010 Jul 28
1
Bug#590679: [logcheck-database] rules for ntpd
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
some rules for ntpd as i couldn't find any:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset
[+-]*[0-9]{1,2}\.[0-9]{6} s$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation
lost$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers
reachable$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2011 Nov 09
0
Processed: Re: Bug#648146: ignore.d.server/ssh is too aggressive
Processing commands for control at bugs.debian.org:
> reassign 648146 logcheck-database 1.3.13
Bug #648146 [logcheck-database-1.3.13] ignore.d.server/ssh is too aggressive
Warning: Unknown package 'logcheck-database-1.3.13'
Bug reassigned from package 'logcheck-database-1.3.13' to 'logcheck-database'.
Bug No longer marked as found in versions squeeze.
Bug #648146
2011 Mar 09
1
Bug#617527: logcheck-database: incomplete rules for scponly-full
Package: logcheck-database
Version: 1.3.13
Severity: wishlist
Hi,
scponly-full (using 4.8-4.1) in Debian is compiled with additional support for rsync, unison and SVN.
However, the logcheck rule is based on the original version and doesn't include those commands in
the regexp.
Please add those three commands to the regexp.
Best regards,
Markus
-- System Information:
Debian Release:
2008 Jul 21
1
merging violations.ignore.d/logcheck-* into ignore.d.*/*
Hi guys, now that violations.d/logcheck is empty,
violations.ignore.d/logcheck-* are useless and many messages that
were previously elevated and filtered there now turn up as system
events. Thus, I went ahead and merged violations.ignore.d/logcheck-*
into ignore.d.*/* in the viol-merge branch.
http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge
Unless I hear
2006 Jan 07
2
Bug#346350: logcheck-database: dhcp3-server ignores need to include (none ) client host name
Package: logcheck-database
Version: 1.2.39
Severity: normal
I use dhcp3-server and a dhcp client which is Sony HDD video recorder
CoCoon. The client not return client host name.
In this case, dhcpd server assumed the client host name is (none).
Therefor dhcpd output log described below.
> Jan 7 10:49:24 on-o dhcpd: DHCPDISCOVER from 08:00:46:33:55:77 ((none)) via eth0
> Jan 7 10:49:25
2012 Mar 02
1
Bug#661912: logcheck: files with period in ignore rule dirs ignored
Package: logcheck
Version: 1.3.14
Severity: normal
I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run.
Renaming it to local-rules got the file used during the next run.
Fix: periods should be allowed in filenames, or the fact that they are forbidden expressly documented inteh logcheck README.
Thanks
Nils
-- System Information:
Debian
2006 May 21
2
Bug#368313: logcheck-database: new postfix violations ignore rule
Package: logcheck-database
Version: 1.2.39
Severity: wishlist
Hi,
I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix :
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:
2009 Sep 10
1
Bug#546004: logcheck-database: logcheck kernel "Treason uncloaked" filter doesn't catch ipv6 addresses.
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
kernel log lines of the form:
...kernel: [1933150.816604] TCP: Treason uncloaked!
Peer 0000:0000:0000:0000:0000:ffff:d04e:3f6b:4038/80 shrinks window
2491430013:2491430014. Repaired.
are not caught by the current rules.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500,
2007 Nov 25
1
Bug#452879: Logcheck doesn't ignore smbd_audit logs
Package: Logcheck
Version: 1.2.54
Distro: Debian Etch (stable)
Kernel: 2.6.18-5-686 #1 SMP
I'm trying to force logcheck (reportlevel=server) to ignore smbd_audit logs.
smbd_audit is a vfs module of samba. It writes logs into /var/log/syslog file.
Typical log looks like this:
Oct 24 08:36:14 server4 smbd_audit: Documents|Johnson|192.168.50.19|unlink
ok|Projects/doc1.pdf
I've added the