similar to: Bug#617232: logcheck: ignore regexes match ipv4 addresses only, causing false positives with ipv6 addresses.

Package: logcheck Version: 1.3.3 Severity: normal Tags: patch User: ubuntu-devel at lists.ubuntu.com Usertags: origin-ubuntu karmic ubuntu-patch As reported in https://launchpad.net/bugs/307847: recent dhclient includes the ip address it is releasing and renewing. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(NAK|ACK|OFFER) from [.0-9]{7,15}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck Version: 1.3.13 Severity: normal Hi, at present my logcheck is into 33 minutes of cpu time for running the ignore/innd rule, when the innd package is not installed. If running logcheck against only locally created logfiles, there should be a configuration option to only run logcheck against installed (or non-purged) packages. -- System Information: Debian Release: squeeze/sid

Package: logcheck-database Version: 1.2.44 Severity: minor Tags: patch Hi, This patch changes one rule for dhcpd. It adds support for log lines of the following format: May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1 Regards, Robbert --- /root/dhcp 2006-05-30 21:50:24.000000000 +0200 +++ dhcp 2006-05-30 23:27:06.000000000 +0200 @@ -18,7 +18,7 @@

Processing commands for control at bugs.debian.org: > reassign 623058 rsyslog Bug #623058 [logcheck] logcheck: tweak 'rsyslogd was HUPed' filter Bug reassigned from package 'logcheck' to 'rsyslog'. Bug No longer marked as found in versions logcheck/1.3.13. > thanks Stopping processing here. Please contact me if you need assistance. -- 623058:

tags 338732 pending thanks On 12 Nov 2005, at 11:38, Martin Lohmeier wrote: > here is a rule for the cvs package. The line that should be ignored > looks like this: > > Nov 12 12:02:22 djinn01 cvs-pserver[15917]: connect from > 212.202.200.77 (212.202.200.77) > Nov 12 12:31:00 djinn01 cvs-pserver[18386]: connect from > 80.190.250.190 (80.190.250.190) > > I'll

Package: logcheck Version: 1.2.69 Severity: normal Tags: patch Logcheck's reports contains many messages like: Feb 7 19:03:57 srv dhcpd: DHCPREQUEST for 172.21.0.126 from 00:19:7e:9f:cc:32 (Hostname Unsuitable for Printing) via eth0 Feb 7 19:03:57 srv dhcpd: DHCPACK on 172.21.0.126 to 00:19:7e:9f:cc:32 (Hostname Unsuitable for Printing) via eth0 I create file

Hello I've installed a new mailserver with CentOS 6.0 x86_64. For the reporting I need logcheck. I've the same problem as https://bugzilla.redhat.com/show_bug.cgi?id=678436 Description of problem: I installed logcheck and now I get mails from cron with the following error message: Subject: Cron <logcheck at genius> if [ -x /usr/sbin/logcheck ]; then nice -n10

Package: logcheck Version: 1.3.13 Severity: minor Tags: patch Hi, Logcheck reports messages of the form: Mar 15 06:25:26 foohost rsyslogd: [origin software="rsyslogd" swVersion="5.7.6" x-pid="3301" x-info="http://www.rsyslog.com"] rsyslogd was HUPed I suggest the following tweak to /etc/logcheck/ignore.d.server/rsyslog: diff -u

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch fixes several regular expressions: * OpenVPN does not print the full path to ifconfig or route (at least here) * The interface name can also contain dots and does not always start with "tun" * The startup messages now gets suppressed

Package: logcheck Version: 1.3.13 Severity: minor Tags: patch In Lenny it was possible to use wildcards in logcheck.logfiles. For example, I used: /var/log/HOSTS/*/*.log root at durer:~# su -s /bin/bash -c "bash -x /usr/sbin/logcheck" logcheck <cut> + read file + logoutput '/var/log/HOSTS/*/*.log' + file='/var/log/HOSTS/*/*.log' + debug 'logoutput called

Package: logcheck-database Version: 1.2.40 Severity: normal Tags: patch There are one line that is not properly ignored. I include in the report a better version. -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (400, 'testing'), (300, 'unstable'), (200, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-k7 Locale:

Package: logcheck-database Severity: wishlist Tags: patch Hi, some rules for ntpd as i couldn't find any: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset [+-]*[0-9]{1,2}\.[0-9]{6} s$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation lost$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers reachable$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Processing commands for control at bugs.debian.org: > reassign 648146 logcheck-database 1.3.13 Bug #648146 [logcheck-database-1.3.13] ignore.d.server/ssh is too aggressive Warning: Unknown package 'logcheck-database-1.3.13' Bug reassigned from package 'logcheck-database-1.3.13' to 'logcheck-database'. Bug No longer marked as found in versions squeeze. Bug #648146

Package: logcheck-database Version: 1.3.13 Severity: wishlist Hi, scponly-full (using 4.8-4.1) in Debian is compiled with additional support for rsync, unison and SVN. However, the logcheck rule is based on the original version and doesn't include those commands in the regexp. Please add those three commands to the regexp. Best regards, Markus -- System Information: Debian Release:

Hi guys, now that violations.d/logcheck is empty, violations.ignore.d/logcheck-* are useless and many messages that were previously elevated and filtered there now turn up as system events. Thus, I went ahead and merged violations.ignore.d/logcheck-* into ignore.d.*/* in the viol-merge branch. http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge Unless I hear

Package: logcheck-database Version: 1.2.39 Severity: normal I use dhcp3-server and a dhcp client which is Sony HDD video recorder CoCoon. The client not return client host name. In this case, dhcpd server assumed the client host name is (none). Therefor dhcpd output log described below. > Jan 7 10:49:24 on-o dhcpd: DHCPDISCOVER from 08:00:46:33:55:77 ((none)) via eth0 > Jan 7 10:49:25

Package: logcheck Version: 1.3.14 Severity: normal I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run. Renaming it to local-rules got the file used during the next run. Fix: periods should be allowed in filenames, or the fact that they are forbidden expressly documented inteh logcheck README. Thanks Nils -- System Information: Debian

Package: logcheck-database Version: 1.2.39 Severity: wishlist Hi, I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix : ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:

Package: logcheck-database Version: 1.2.69 Severity: normal Tags: patch kernel log lines of the form: ...kernel: [1933150.816604] TCP: Treason uncloaked! Peer 0000:0000:0000:0000:0000:ffff:d04e:3f6b:4038/80 shrinks window 2491430013:2491430014. Repaired. are not caught by the current rules. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500,

Package: Logcheck Version: 1.2.54 Distro: Debian Etch (stable) Kernel: 2.6.18-5-686 #1 SMP I'm trying to force logcheck (reportlevel=server) to ignore smbd_audit logs. smbd_audit is a vfs module of samba. It writes logs into /var/log/syslog file. Typical log looks like this: Oct 24 08:36:14 server4 smbd_audit: Documents|Johnson|192.168.50.19|unlink ok|Projects/doc1.pdf I've added the