similar to: Bug#703936: logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete

Package: logcheck-database Version: 1.3.8 Severity: wishlist HI, can you please create a rule/some rules for amavis(d-new). I get for every mail this mesage: May 25 19:55:40 data amavis[9603]: (09603-15) Passed CLEAN, [::1] [213.165.64.22] <xxx at yyy.zz> -> \ <aaa at localhost>, Message-ID: <20100525175015.29677page1 at mx002.bbb.ccc>, mail_id: MM7upJv6se1Z, \ Hits:

Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch After upgrading to debian squeeze I get several messages a day in the form of: Jul 2 15:05:15 hostname spamd[21286]: spamd: handled cleanup of child pid [28609] due to SIGCHLD: exit 0 This is due to an update in spamd, that makes the message more detailed (includes exit code)[1]. Therefore messages including exit code 0

Dear logcheck Team, sorry for choosing the direct contact I don't know if it's the correct way. I am using logcheck on a webserver where pureftp is installed for upload of content. Logcheck is working fine except for one ignore.d rule regarding the logout messages from pureftp. Logcheck is reporting lots (an I mean lots) of messages from the following type: Feb 5 06:02:45 web1

<nitpickyness> To avoid possible confusion, shouldn't this be named logcheck-pureftpd, or logcheck-pure-ftpd (instead of logcheck-pureftp)? Or is there a reason (that I've missed) it's this way? </nitpickyness> -j -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This

Package: logcheck Version: 1.2.43a Severity: normal -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have messages like these in my logs: Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 58 to 57 Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 58 to 57

On Sat, Jan 27, 2007 at 02:40:41PM -0800, Steve Langasek wrote: > On Sat, Jan 27, 2007 at 02:36:00PM +0000, martin f krafft wrote: > > tags 408037 wontfix > > thanks > > > Steve, I am not happy with filtering this message on the basis that > > is *is* an uncorrectable sector and thus a problem that should get > > fixed. > > No, smartd already sends its

Package: logcheck Version: 1.2.34 Severity: normal the ignore.d.server pattern for courier 'imaplogin: DISCONNECTED' does not match the following line: Feb 12 16:19:47 backup imaplogin: DISCONNECTED, user=example at example.com, ip=[::ffff:111.111.111.111], headers=14013, body=0, time=1 This line should be ignored like the other DISCONNECTED messages. Or am I wrong? -- System

Package: logcheck-database Version: 1.2.52 Severity: normal logcheck seems to think this is a message worth letting me know about: Jan 20 17:18:06 mauritius smartd[3106]: Device: /dev/hda, 1 Offline uncorrectable sectors smartd already gives me enough painful reminders about this failing hardware, I can do without having them repeated in my mail every hour via logcheck. :) -- System

Package: logcheck Version: 1.3.13 Severity: normal Hi, at present my logcheck is into 33 minutes of cpu time for running the ignore/innd rule, when the innd package is not installed. If running logcheck against only locally created logfiles, there should be a configuration option to only run logcheck against installed (or non-purged) packages. -- System Information: Debian Release: squeeze/sid

Package: logcheck Version: 1.3.14 Severity: normal Tags: patch I keep getting these messages logged, when under high load. This patch should clean that up. commit 72661acccafa519fcb48a6a756e5c35d96e7511d Author: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com> Date: Fri Jan 27 16:08:33 2012 +0100 Workaround for error: /usr/sbin/logcheck: line 100: kill: (31667)

Package: logcheck Version: 1.3.13 Severity: normal Various files under ignore.d.* use "[0-9.]{7,15}" to match an IPv4 address, e.g., a connection to rsyncd. However, this does not match IPv6 addresses, causing spurious reports. A better regexp might be something like: ([0-9.]{7,15}|[0-9a-f:]{2,39}) -- System Information: Debian Release: 6.0 APT prefers stable APT policy: (990,

# Automatically generated email from bts, devscripts version 2.10.18.1 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/bind: # - moved "[bind] query $FOO denied" rule to violations.ignore.d # (closes: #443881). # - added bind's "AXFR ended" rule alongside "AXFR started" # (closes: #445046). # - added "adding an

Package: logcheck Version: 1.3.14 Severity: normal I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run. Renaming it to local-rules got the file used during the next run. Fix: periods should be allowed in filenames, or the fact that they are forbidden expressly documented inteh logcheck README. Thanks Nils -- System Information: Debian

Package: logcheck Version: 1.2.54 Severity: normal In the file ignore.d.paranoid/cron there are the rules ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$ to ignore lines like 10:17:01 at 04-03-2007 tooar

Processing commands for control at bugs.debian.org: > # Automatically generated email from bts, devscripts version 2.9.20 > package logcheck logcheck-database logtail Ignoring bugs not assigned to: logcheck-database logtail logcheck > tags 354820 + pending Bug#354820: rules to filter out entries caused by ssh scanners Tags were: patch Tags added: pending > tags 355085 + pending

On Tue, 2005-05-03 at 07:20 +0000, CVS User maks-guest wrote: > Modified Files: > logcheck.sgml > Log Message: > > minor addition describe 3 layers. > remove the url tag not recognized by docbook2man. > + > + <para>The reported messages are sorted in three different layers. > + The system events verbosity is governed by aboves level choice. > + The

Every hour I get a mail from logcheck with a line like Nov 6 12:08:34 wheat fetchnews[13617]: clamping maxage for comp.os.linux.admin to global expire 50 The strange thing is that syslog is filled with similar lines, but this is the only one I get in the report. It is the last such line in each group: # many similar lines deleted Nov 6 12:08:32 wheat fetchnews[13617]: comp.std.c++: considering

Hi guys, now that violations.d/logcheck is empty, violations.ignore.d/logcheck-* are useless and many messages that were previously elevated and filtered there now turn up as system events. Thus, I went ahead and merged violations.ignore.d/logcheck-* into ignore.d.*/* in the viol-merge branch. http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge Unless I hear

Package: logcheck-database Version: 1.2.43a Severity: minor Since last weekend's upgrade of logcheck-database from 1.2.42 to 1.2.43a, logcheck stopped ignoring routine SpamAssassin messages of the form Feb 20 21:36:16 tux64 spamd[4665]: spamd: checking message <20060220190721.0E0B41C5207 at llwb563.servidoresdns.net> for amu:7286 Could you please edit the second pattern in

Package: logcheck Version: 1.2.69 Severity: normal In the file /etc/logcheck/ignore.d.server/wu-ftpd ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$ should be ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd\[[0-9]{4}\]: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$ There is a number after "wu-ftpd" -- System