Displaying 20 results from an estimated 40000 matches similar to: "Bug#703936: logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete"
2010 May 25
1
Bug#583155: logcheck-database: Please create rules for amavis(d-new)
Package: logcheck-database
Version: 1.3.8
Severity: wishlist
HI,
can you please create a rule/some rules for amavis(d-new).
I get for every mail this mesage:
May 25 19:55:40 data amavis[9603]: (09603-15) Passed CLEAN, [::1] [213.165.64.22] <xxx at yyy.zz> -> \
<aaa at localhost>, Message-ID: <20100525175015.29677page1 at mx002.bbb.ccc>, mail_id: MM7upJv6se1Z, \
Hits:
2011 Jul 02
1
Bug#632471: logcheck-database: spamd child cleanup message broken after upgrade to squeeze
Package: logcheck-database
Version: 1.3.13
Severity: normal
Tags: patch
After upgrading to debian squeeze I get several messages a day in the form of:
Jul 2 15:05:15 hostname spamd[21286]: spamd: handled cleanup of child pid [28609] due to SIGCHLD: exit 0
This is due to an update in spamd, that makes the message more detailed (includes exit code)[1]. Therefore messages including exit code 0
2005 Feb 05
1
Missing/Wrong ignore.d for pureftp
Dear logcheck Team,
sorry for choosing the direct contact I don't know if it's the correct
way.
I am using logcheck on a webserver where pureftp is installed for upload
of content. Logcheck is working fine except for one ignore.d rule
regarding the logout messages from pureftp.
Logcheck is reporting lots (an I mean lots) of messages from the
following type:
Feb 5 06:02:45 web1
2005 Feb 20
1
Rename violations.ignore.d/logcheck-pureftp
<nitpickyness>
To avoid possible confusion, shouldn't this be named logcheck-pureftpd,
or logcheck-pure-ftpd (instead of logcheck-pureftp)?
Or is there a reason (that I've missed) it's this way?
</nitpickyness>
-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This
2006 Apr 28
1
Bug#365121: logcheck: Fails to ignore certain pattern
Package: logcheck
Version: 1.2.43a
Severity: normal
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I have messages like these in my logs:
Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 58 to 57
Apr 27 10:05:49 localhost smartd[9357]: Device: /dev/hda, SMART Usage Attribute: 195 Hardware_ECC_Recovered changed from 58 to 57
2007 Jan 29
1
Bug#408037: will not fix
On Sat, Jan 27, 2007 at 02:40:41PM -0800, Steve Langasek wrote:
> On Sat, Jan 27, 2007 at 02:36:00PM +0000, martin f krafft wrote:
> > tags 408037 wontfix
> > thanks
>
> > Steve, I am not happy with filtering this message on the basis that
> > is *is* an uncorrectable sector and thus a problem that should get
> > fixed.
>
> No, smartd already sends its
2005 Feb 12
3
Bug#294950: logcheck: ignore.d.server courier imaplogin: DISCONNECTED not matching
Package: logcheck
Version: 1.2.34
Severity: normal
the ignore.d.server pattern for courier 'imaplogin: DISCONNECTED' does
not match the following line:
Feb 12 16:19:47 backup imaplogin: DISCONNECTED,
user=example at example.com, ip=[::ffff:111.111.111.111],
headers=14013, body=0, time=1
This line should be ignored like the other DISCONNECTED messages. Or am
I wrong?
-- System
2007 Jan 23
0
Bug#408037: logcheck-database: logcheck doesn't need to remind me my hard drive is dying, kthx
Package: logcheck-database
Version: 1.2.52
Severity: normal
logcheck seems to think this is a message worth letting me know about:
Jan 20 17:18:06 mauritius smartd[3106]: Device: /dev/hda, 1 Offline uncorrectable sectors
smartd already gives me enough painful reminders about this failing hardware,
I can do without having them repeated in my mail every hour via logcheck. :)
-- System
2010 Nov 05
0
Bug#602494: logcheck runs filters for packages not installed
Package: logcheck
Version: 1.3.13
Severity: normal
Hi, at present my logcheck is into 33 minutes of cpu time for
running the ignore/innd rule, when the innd package is not installed.
If running logcheck against only locally created logfiles, there should
be a configuration option to only run logcheck against installed (or
non-purged) packages.
-- System Information:
Debian Release: squeeze/sid
2012 Jan 27
1
Bug#657641: /usr/sbin/logcheck: line 100: kill: (31667) - No such process
Package: logcheck
Version: 1.3.14
Severity: normal
Tags: patch
I keep getting these messages logged, when under high load.
This patch should clean that up.
commit 72661acccafa519fcb48a6a756e5c35d96e7511d
Author: Cristian Ionescu-Idbohrn <cristian.ionescu-idbohrn at axis.com>
Date: Fri Jan 27 16:08:33 2012 +0100
Workaround for error:
/usr/sbin/logcheck: line 100: kill: (31667)
2011 Mar 07
0
Bug#617232: logcheck: ignore regexes match ipv4 addresses only, causing false positives with ipv6 addresses.
Package: logcheck
Version: 1.3.13
Severity: normal
Various files under ignore.d.* use "[0-9.]{7,15}" to match an IPv4
address, e.g., a connection to rsyncd. However, this does not match
IPv6 addresses, causing spurious reports.
A better regexp might be something like: ([0-9.]{7,15}|[0-9a-f:]{2,39})
-- System Information:
Debian Release: 6.0
APT prefers stable
APT policy: (990,
2008 Mar 05
1
Bug#445072: setting package to logcheck-database logtail logcheck, tagging 444097, tagging 445069, tagging 444096 ... ... ... ... ... ... ...
# Automatically generated email from bts, devscripts version 2.10.18.1
#
# logcheck (1.2.64) unstable; urgency=low
#
# * ignore.d.server/bind:
# - moved "[bind] query $FOO denied" rule to violations.ignore.d
# (closes: #443881).
# - added bind's "AXFR ended" rule alongside "AXFR started"
# (closes: #445046).
# - added "adding an
2012 Mar 02
1
Bug#661912: logcheck: files with period in ignore rule dirs ignored
Package: logcheck
Version: 1.3.14
Severity: normal
I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run.
Renaming it to local-rules got the file used during the next run.
Fix: periods should be allowed in filenames, or the fact that they are forbidden expressly documented inteh logcheck README.
Thanks
Nils
-- System Information:
Debian
2007 Mar 04
0
Bug#413364: logcheck ignores cron rules for "session closed" and "session opened"
Package: logcheck
Version: 1.2.54
Severity: normal
In the file ignore.d.paranoid/cron there are the rules
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
to ignore lines like
10:17:01 at 04-03-2007 tooar
2006 Jul 04
0
Processed: setting package to logcheck logcheck-database logtail, tagging 354820, tagging 355085, tagging 356681 ... ... ... ... ... ... ...
Processing commands for control at bugs.debian.org:
> # Automatically generated email from bts, devscripts version 2.9.20
> package logcheck logcheck-database logtail
Ignoring bugs not assigned to: logcheck-database logtail logcheck
> tags 354820 + pending
Bug#354820: rules to filter out entries caused by ssh scanners
Tags were: patch
Tags added: pending
> tags 355085 + pending
2005 May 03
1
Re: [Logcheck-commits] CVS logcheck/docs
On Tue, 2005-05-03 at 07:20 +0000, CVS User maks-guest wrote:
> Modified Files:
> logcheck.sgml
> Log Message:
>
> minor addition describe 3 layers.
> remove the url tag not recognized by docbook2man.
> +
> + <para>The reported messages are sorted in three different layers.
> + The system events verbosity is governed by aboves level choice.
> + The
2006 Nov 06
1
rule seems to be matching all but last occurrence
Every hour I get a mail from logcheck with a line like
Nov 6 12:08:34 wheat fetchnews[13617]: clamping maxage for comp.os.linux.admin to global expire 50
The strange thing is that syslog is filled with similar lines, but
this is the only one I get in the report. It is the last such line in
each group:
# many similar lines deleted
Nov 6 12:08:32 wheat fetchnews[13617]: comp.std.c++: considering
2008 Jul 21
1
merging violations.ignore.d/logcheck-* into ignore.d.*/*
Hi guys, now that violations.d/logcheck is empty,
violations.ignore.d/logcheck-* are useless and many messages that
were previously elevated and filtered there now turn up as system
events. Thus, I went ahead and merged violations.ignore.d/logcheck-*
into ignore.d.*/* in the viol-merge branch.
http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge
Unless I hear
2006 Feb 21
2
Bug#353868: logcheck-database: no longer ignores "spamd: checking message ..."
Package: logcheck-database
Version: 1.2.43a
Severity: minor
Since last weekend's upgrade of logcheck-database from 1.2.42 to
1.2.43a, logcheck stopped ignoring routine SpamAssassin messages of
the form
Feb 20 21:36:16 tux64 spamd[4665]: spamd: checking message <20060220190721.0E0B41C5207 at llwb563.servidoresdns.net> for amu:7286
Could you please edit the second pattern in
2010 Feb 17
1
Bug#570207: logcheck wu-ftpd rules do'nt match
Package: logcheck
Version: 1.2.69
Severity: normal
In the file /etc/logcheck/ignore.d.server/wu-ftpd
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$
should be
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wu-ftpd\[[0-9]{4}\]: PAM-listfile: Refused user [._[:alnum:]-]+ for service wu-ftpd$
There is a number after "wu-ftpd"
-- System