similar to: Bug#642269: logcheck-database: bcfg2-server regular expression correction

Package: logcheck-database Version: 1.2.39 Severity: wishlist Hi, I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix : ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:

Package: logcheck Version: 1.2.43a Severity: minor /etc/logcheck/ignore.d.server/ntp contains: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: adjusting local clock by [.0-9]+s$ However, this will not match negative corrections such as: System Events =-=-=-=-=-=-= Mar 5 01:44:55 billchase ntpd[6171]: adjusting local clock by -0.190112s Mar 5 01:55:20 billchase ntpd[6171]: adjusting local

Package: logcheck Version: 1.2.43a Severity: normal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have messages like these in my logs: Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 58 to 57 Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 58 to 57

Package: logcheck-database Version: 1.2.39 Severity: normal The rule for postfix/smtp read timeout (port 25) doesn't match the actual log message: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ \[[.0-9]+\]: read timeout \(port 25\)$ A sample log line is: May 17 17:38:16 dp postfix/smtp[12256]: connect to smtpv1.ihs.gov[198.45.3.65]: read timeout (port

Package: logcheck Version: 1.3.13 Severity: minor Tags: patch Hi, Logcheck reports messages of the form: Mar 15 06:25:26 foohost rsyslogd: [origin software="rsyslogd" swVersion="5.7.6" x-pid="3301" x-info="http://www.rsyslog.com"] rsyslogd was HUPed I suggest the following tweak to /etc/logcheck/ignore.d.server/rsyslog: diff -u

Package: logcheck-database Version: 1.2.51 Severity: normal Messages such as these are no longer being filtered by logcheck ('hostname' used to replace actual hostname; 'hostname.com' used to replace actual domain): Dec 23 12:02:58 hostname postfix/lmtp[5047]: 38BE4C21ED: to=<root at hostname.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.1, delays=2/0.16/0.05/1.8,

Package: logcheck-database Version: 1.2.37 Severity: normal Hello again, openntpd gives messages like these failry often: Apr 7 14:25:55 terminus ntpd[673]: peer 204.17.42.202 now invalid Apr 7 14:26:10 terminus ntpd[673]: peer 204.17.42.202 now valid I am not sure if this is something that an admin may find relevant but they happen fairly often and they do not offer a lot of info for me.

Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial Package: logcheck-database Version: 1.3.13 Severity: minor *** Please type your report below this line *** Similar to how AllowUsers denials are ignored, also ignore AllowGroups: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of

Package: logcheck Version: 1.2.41 Severity: wishlist Hi folks, thanks for your work maintaining logcheck, it works well. When my users read their mail using imap (usually via squirrelmail, not sure about other clients) I get a message like this in the log: Aug 22 21:03:32 phoenix imapd[6551]: Moved 11323 bytes of new mail to /home/winky/mail/mbox from /var/spool/mail/winky host= localhost

Package: logcheck Version: 1.2.57 Severity: normal Tags: patch In ignore.d.server/postgrey, change: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgrey(\[[0-9]+\])?: action=.+, reason=.+, (delay=.+, )?client_name=.+, client_address=.+, sender=.*, recipient=.+ to: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgrey(\[[0-9]+\])?: ([0-9A-F]+: )?action=.+, reason=.+, (delay=.+, )?client_name=.+,

Package: logcheck-database Hey, I created a logcheck ignore file for Snort with stuff I don't particularly want to see every day. The one line with the warning in it is questionable, so leave it in or out at your discretion. Also, my regex skills are not as good as they could be, so there are probably mistakes, or things that could be simplified more. Rules are below: ^\w{3} [

Package: logcheck-database Version: 1.2.54 Severity: minor -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (990, 'stable'), (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18.2-dp0 Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15) Versions of packages logcheck-database depends

Package: logcheck-database Version: 1.2.44 Severity: minor Tags: patch Hi, This patch changes one rule for dhcpd. It adds support for log lines of the following format: May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1 Regards, Robbert --- /root/dhcp 2006-05-30 21:50:24.000000000 +0200 +++ dhcp 2006-05-30 23:27:06.000000000 +0200 @@ -18,7 +18,7 @@

Package: logcheck Version: 1.2.34 Severity: wishlist I have a couple of home-made logcheck ignore files, and happened to have one unescaped (and unmatched) `(' in one of the filter lines. Because of this, cron sent a mail with the body "grep: Invalid regular expression" - the subject is the command in the "2 * * * *" line in /etc/cron.d/logcheck, of course. It would be

Package: logcheck-database Version: 1.2.39 Severity: normal I use dhcp3-server and a dhcp client which is Sony HDD video recorder CoCoon. The client not return client host name. In this case, dhcpd server assumed the client host name is (none). Therefor dhcpd output log described below. > Jan 7 10:49:24 on-o dhcpd: DHCPDISCOVER from 08:00:46:33:55:77 ((none)) via eth0 > Jan 7 10:49:25

Package: logcheck-database Version: 1.2.69 Severity: normal Tags: patch Hi, I think that this rule: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$ is supposed to filter out lines like: Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root It is not working because the pattern dos not include the "/dev/" part and

Hello, We just switched from UW to Dovecot for our mail server. The transition went smoothly, except we have some users complaining about their email clients re-downloading mail or getting multiple copies of emails. When we go into their accounts, we only see one copy of the email, so I'm assuming there's something odd in the communication between their client and us that's causing

Package: logcheck-database Severity: wishlist Tags: patch Hi, some rules for ntpd as i couldn't find any: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset [+-]*[0-9]{1,2}\.[0-9]{6} s$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation lost$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers reachable$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+

Package: logcheck-database Severity: normal postfix has changed log formats, now it includes sasl_sender in log lines. The rule at ./ignore.d.server/postfix:109 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$ must be updated with: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+

Hi everybody, I have some issues with the xen package as distributed in etch. I have tried posting on the xensource lists as well as debian-user without any success. So before filling a bug report, I would like to know what exactly do you need in the bug report. The problem: I am using etch on a dual athlon 4G of ram. I am trying to setup dom0 and domu with the package xen-3.0.3 and the right