Displaying 20 results from an estimated 2000 matches similar to: "Bug#642269: logcheck-database: bcfg2-server regular expression correction"
2006 May 21
2
Bug#368313: logcheck-database: new postfix violations ignore rule
Package: logcheck-database
Version: 1.2.39
Severity: wishlist
Hi,
I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix :
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:
2006 Mar 07
0
Bug#355649: logcheck: ntp 'adjusting local clock' only matches positive corrections
Package: logcheck
Version: 1.2.43a
Severity: minor
/etc/logcheck/ignore.d.server/ntp contains:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: adjusting local clock by [.0-9]+s$
However, this will not match negative corrections such as:
System Events
=-=-=-=-=-=-=
Mar 5 01:44:55 billchase ntpd[6171]: adjusting local clock by -0.190112s
Mar 5 01:55:20 billchase ntpd[6171]: adjusting local
2006 Apr 28
1
Bug#365121: logcheck: Fails to ignore certain pattern
Package: logcheck
Version: 1.2.43a
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have messages like these in my logs:
Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 58 to 57
Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 58 to 57
2006 May 17
2
Bug#367781: logcheck-database: postfix/smtp read timeout (port 25) regexp wrong
Package: logcheck-database
Version: 1.2.39
Severity: normal
The rule for postfix/smtp read timeout (port 25) doesn't match the
actual log message:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+ \[[.0-9]+\]: read timeout \(port 25\)$
A sample log line is:
May 17 17:38:16 dp postfix/smtp[12256]: connect to smtpv1.ihs.gov[198.45.3.65]: read timeout (port
2011 Apr 16
0
Bug#623058: logcheck: tweak 'rsyslogd was HUPed' filter
Package: logcheck
Version: 1.3.13
Severity: minor
Tags: patch
Hi,
Logcheck reports messages of the form:
Mar 15 06:25:26 foohost rsyslogd: [origin software="rsyslogd" swVersion="5.7.6" x-pid="3301" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
I suggest the following tweak to /etc/logcheck/ignore.d.server/rsyslog:
diff -u
2006 Dec 24
0
Bug#404422: logcheck-database: postfix/lmtp messages not ignored by ignore.d.server/postfix
Package: logcheck-database
Version: 1.2.51
Severity: normal
Messages such as these are no longer being filtered by logcheck
('hostname' used to replace actual hostname; 'hostname.com' used to
replace actual domain):
Dec 23 12:02:58 hostname postfix/lmtp[5047]: 38BE4C21ED: to=<root at hostname.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=4.1, delays=2/0.16/0.05/1.8,
2005 Apr 07
1
Bug#303661: logcheck-database: openntpd rules
Package: logcheck-database
Version: 1.2.37
Severity: normal
Hello again,
openntpd gives messages like these failry often:
Apr 7 14:25:55 terminus ntpd[673]: peer 204.17.42.202 now invalid
Apr 7 14:26:10 terminus ntpd[673]: peer 204.17.42.202 now valid
I am not sure if this is something that an admin may find relevant but they happen fairly often and they do not offer a lot of info
for me.
2011 Aug 15
3
Bug#637923: Tweak to ssh rules to ignore AllowGroups denial
Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial
Package: logcheck-database
Version: 1.3.13
Severity: minor
*** Please type your report below this line ***
Similar to how AllowUsers denials are ignored, also ignore AllowGroups:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of
2005 Aug 31
3
Bug#325801: logcheck: new regex to filter imap "Moved xxx bytes of new mail" messages
Package: logcheck
Version: 1.2.41
Severity: wishlist
Hi folks, thanks for your work maintaining logcheck, it works well.
When my users read their mail using imap (usually via squirrelmail,
not sure about other clients) I get a message like this in the log:
Aug 22 21:03:32 phoenix imapd[6551]: Moved 11323 bytes of new mail to /home/winky/mail/mbox from /var/spool/mail/winky host= localhost
2007 Aug 23
0
Bug#439207: postgrey: multiple recipients generates slightly different whitelisted message
Package: logcheck
Version: 1.2.57
Severity: normal
Tags: patch
In ignore.d.server/postgrey,
change:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgrey(\[[0-9]+\])?: action=.+, reason=.+, (delay=.+, )?client_name=.+,
client_address=.+, sender=.*, recipient=.+
to:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgrey(\[[0-9]+\])?: ([0-9A-F]+: )?action=.+, reason=.+, (delay=.+, )?client_name=.+,
2006 Dec 19
0
Bug#403758: Logcheck rules for Snort
Package: logcheck-database
Hey,
I created a logcheck ignore file for Snort with stuff I don't
particularly want to see every day. The one line with the warning in it is
questionable, so leave it in or out at your discretion. Also, my regex
skills are not as good as they could be, so there are probably mistakes, or
things that could be simplified more. Rules are below:
^\w{3} [
2007 May 25
0
Bug#425967: logcheck-database: The patterns for courier-imap-ssl do not match imap, only imap-ssl
Package: logcheck-database
Version: 1.2.54
Severity: minor
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (990, 'stable'), (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18.2-dp0
Locale: LANG=de_DE at euro, LC_CTYPE=de_DE at euro (charmap=ISO-8859-15)
Versions of packages logcheck-database depends
2006 May 30
2
Bug#369603: logcheck-database: new rule for dhcpd
Package: logcheck-database
Version: 1.2.44
Severity: minor
Tags: patch
Hi,
This patch changes one rule for dhcpd. It adds support for log lines of the following format:
May 30 19:36:57 server dhcpd: DHCPACK to 10.10.10.10 (aa:bb:cc:dd:ee:ff) via eth1
Regards,
Robbert
--- /root/dhcp 2006-05-30 21:50:24.000000000 +0200
+++ dhcp 2006-05-30 23:27:06.000000000 +0200
@@ -18,7 +18,7 @@
2005 Feb 16
3
Bug#295560: logcheck: Please include filename when reporting "invalid regular expression"
Package: logcheck
Version: 1.2.34
Severity: wishlist
I have a couple of home-made logcheck ignore files, and happened to
have one unescaped (and unmatched) `(' in one of the filter
lines. Because of this, cron sent a mail with the body "grep: Invalid
regular expression" - the subject is the command in the "2 * * * *"
line in /etc/cron.d/logcheck, of course.
It would be
2006 Jan 07
2
Bug#346350: logcheck-database: dhcp3-server ignores need to include (none ) client host name
Package: logcheck-database
Version: 1.2.39
Severity: normal
I use dhcp3-server and a dhcp client which is Sony HDD video recorder
CoCoon. The client not return client host name.
In this case, dhcpd server assumed the client host name is (none).
Therefor dhcpd output log described below.
> Jan 7 10:49:24 on-o dhcpd: DHCPDISCOVER from 08:00:46:33:55:77 ((none)) via eth0
> Jan 7 10:49:25
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
2009 Oct 17
1
Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
Hi,
I think that this rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-)
(pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$
is supposed to filter out lines like:
Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root
It is not working because the pattern dos not include the "/dev/" part
and
2010 Nov 16
1
POP users complaining about multiple copies of mail
Hello,
We just switched from UW to Dovecot for our mail server. The transition went smoothly, except we have some users complaining about their email clients re-downloading mail or getting multiple copies of emails. When we go into their accounts, we only see one copy of the email, so I'm assuming there's something odd in the communication between their client and us that's causing
2010 Jul 28
1
Bug#590679: [logcheck-database] rules for ntpd
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
some rules for ntpd as i couldn't find any:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset
[+-]*[0-9]{1,2}\.[0-9]{6} s$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation
lost$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: no servers
reachable$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+
2013 Feb 18
0
Bug#700851: logcheck-database: postfix ignore.d.server now logs on the same line sasl_method, sasl_username AND sasl_sender, rule must be updated
Package: logcheck-database
Severity: normal
postfix has changed log formats, now it includes sasl_sender in log lines.
The rule at ./ignore.d.server/postfix:109
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
[[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+,
sasl_username=[-_.@[:alnum:]]+$
must be updated with:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
2006 Dec 21
1
Problems with xen: what do you need in the bug report
Hi everybody,
I have some issues with the xen package as distributed in etch. I have
tried posting on the xensource lists as well as debian-user without any
success. So before filling a bug report, I would like to know what
exactly do you need in the bug report.
The problem: I am using etch on a dual athlon 4G of ram. I am trying to
setup dom0 and domu with the package xen-3.0.3 and the right