Displaying 20 results from an estimated 5000 matches similar to: "logcheck vs auditd"
2009 Jun 02
1
how to disable lots of auditd messages?
hello all.
My system is centos 5.x and there is no module related auditd
there is no process(daemon) related auditd and selinux definately disabled.
But I can see lots of auditd messages like below.
Oct 20 02:01:01 linux kernel: type=1106 audit(1224435661.064:65210): user pid=25860 uid=0 auid=0 msg='PAM: session close acct="root" : exe="/usr/sbin/crond" (hostname=?,
2011 May 30
0
logcheck rules submission
Hi,
please add the following rule to the logcheck database:
For package/daemon auditd:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ auditd\[[[:digit:]]+\]: Audit daemon rotating log files$
Log line as system event:
May 31 11:41:11 localhost auditd[2594]: Audit daemon rotating log files
Regards
Till
2009 Dec 11
1
Auditd fails to start : Connection refused
Greetings:
i have an x86_64 Centos5.3 box and i'm trying to run auditd. it fails on startup and this is the O/P at the end:
config_manager init complete
Error setting audit daemon pid (Connection refused)
type=DAEMON_ABORT msg=audit(1260554376.697:5674): auditd error halt, auid=4294967295 pid=32702 res=failed
Unable to set audit pid, exiting
The audit daemon is exiting.
Error setting
2008 Sep 17
2
Bug#499323: logcheck-database: Logcheck fails to ignore certain OpenVPN messages
Package: logcheck-database
Version: 1.2.54
Severity: normal
Tags: patch
Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch
fixes several regular expressions:
* OpenVPN does not print the full path to ifconfig or route (at least here)
* The interface name can also contain dots and does not always start with "tun"
* The startup messages now gets suppressed
2004 May 15
1
Re: [Logcheck-commits] CVS logcheck/src
On Sat, 15 May 2004, CVS User ttroxell wrote:
> if [ -f /etc/logcheck/header.txt ] ; then
> - $CAT /etc/logcheck/header.txt >> $TMPDIR/report
> + $CAT /etc/logcheck/header.txt >> $TMPDIR/report \
> + || error "Could not append header to $TMPDIR/report Disk full?"
> fi
> }
>
> @@ -152,7 +157,8 @@
> # Add a footer
2008 Dec 29
1
cannot run logcheck
Hello, list!
I can't run logcheck. This is the first time my system has not let me run
something, any way I try.
I am member of sudo group. I run this
sudo -u logcheck logcheck -o -t
and get
Sorry, user [user] is not allowed to execute '/usr/sbin/logcheck -o -t' as
logcheck on [machine].
If I try
su -s /bin/bash -c "/usr/sbin/logcheck -o -t" logcheck
I get
2008 Aug 31
1
Bug#491694: setting package to logcheck-database logtail logcheck, tagging 491694, tagging 474239, tagging 489172 ...
# Automatically generated email from bts, devscripts version 2.10.35
# via tagpending
#
# logcheck (1.3) unstable; urgency=low
#
# * Formalise the dropping of violations.d/logcheck. Please see
# /usr/share/doc/logcheck-database/NEWS.Debian.gz for more information
# (closes: #471072).
# * Add Auto-Submitted header to outgoing mails (closes: #489172).
# * ignore.d.server/kernel:
# -
2008 Jul 21
1
merging violations.ignore.d/logcheck-* into ignore.d.*/*
Hi guys, now that violations.d/logcheck is empty,
violations.ignore.d/logcheck-* are useless and many messages that
were previously elevated and filtered there now turn up as system
events. Thus, I went ahead and merged violations.ignore.d/logcheck-*
into ignore.d.*/* in the viol-merge branch.
http://git.debian.org/?p=logcheck/logcheck.git;a=shortlog;h=refs/heads/viol-merge
Unless I hear
2006 May 21
2
Bug#368313: logcheck-database: new postfix violations ignore rule
Package: logcheck-database
Version: 1.2.39
Severity: wishlist
Hi,
I'd like to add the following rule to /etc/logcheck/violations.ignore.d/logcheck-postfix :
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: NOQUEUE: reject: RCPT from [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]: 554 <[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]>:
2010 Jun 25
1
Installing and running logcheck on CentOS
I've installed logcheck on CentOS from source, as well as liblockfile
and lockfile-progs.
I've created a logcheck user with /var/lib/logcheck as the home and
/sbin/nologin as the shell. logcheck user is in the adm group. I also
customised the list of logfiles for CentOS. When I run logcheck, I get
the following errors:
# sudo -u logcheck logcheck -ot
basename: invalid option -- -
Try
2006 Feb 06
1
Bug#351669: logcheck: [manual] the sudo(1) is missing from EXAMPLES
Package: logcheck
Version: 1.2.35
Severity: minor
Current manual reads:
EXAMPLES
logcheck can be invoked directly thanks to su(8) or sudo(8), which
change the user ID:
logcheck -o -t Check the logfiles without updating the offset. Print
everything to STDOUT
I believe this shuold be formatted as:
EXAMPLES
logcheck can be invoked directly thanks
2006 Jul 08
2
building the logcheck package from SVN
apt-get install svn-buildpackage
cat <<_eof >> ~/.svn-buildpackage.conf
svn-lintian
svn-linda
svn-move
_eof
mkdir logcheck; cd logcheck
svn co svn+ssh://svn.debian.org/svn/logcheck/logcheck/trunk
cd trunk
svn-buildpackage -k<your key ID> -rfakeroot
man svn-buildpackage for more. Nice, huh?
--
.''`. martin f. krafft <madduck at debian.org>
: :' :
2009 Sep 10
1
Bug#546004: logcheck-database: logcheck kernel "Treason uncloaked" filter doesn't catch ipv6 addresses.
Package: logcheck-database
Version: 1.2.69
Severity: normal
Tags: patch
kernel log lines of the form:
...kernel: [1933150.816604] TCP: Treason uncloaked!
Peer 0000:0000:0000:0000:0000:ffff:d04e:3f6b:4038/80 shrinks window
2491430013:2491430014. Repaired.
are not caught by the current rules.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (500,
2009 Feb 11
1
where to submit new logcheck rules?
Hi,
I've got a few logcheck ignore.d rules that I'd like to submit, one
example is sqlgrey. /usr/share/doc/logcheck/README.maintainer talks
about shipping the rules inside the package itself, so I could file a
request with sqlgrey.
However, that doesn't work because of course I don't have all the
packages I use on my network installed on my loghost. In fact, I believe
that
2012 Mar 02
1
Bug#661912: logcheck: files with period in ignore rule dirs ignored
Package: logcheck
Version: 1.3.14
Severity: normal
I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run.
Renaming it to local-rules got the file used during the next run.
Fix: periods should be allowed in filenames, or the fact that they are forbidden expressly documented inteh logcheck README.
Thanks
Nils
-- System Information:
Debian
2004 Aug 31
1
Bug#269318: logcheck: /etc/logcheck/ignore.d.server (add spamassassin)
Package: logcheck
Version: 1.2.26
Severity: wishlist
Please add ignore for Spamassasin's "check" messages like:
Aug 16 19:27:54 ns spamd[23853]: checking message <20040816150710.86ADA708A8 at smtp-out.hotpop.com> for nobody:65534.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.26.20040601
Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL
2008 Mar 05
1
Bug#445072: setting package to logcheck-database logtail logcheck, tagging 444097, tagging 445069, tagging 444096 ... ... ... ... ... ... ...
# Automatically generated email from bts, devscripts version 2.10.18.1
#
# logcheck (1.2.64) unstable; urgency=low
#
# * ignore.d.server/bind:
# - moved "[bind] query $FOO denied" rule to violations.ignore.d
# (closes: #443881).
# - added bind's "AXFR ended" rule alongside "AXFR started"
# (closes: #445046).
# - added "adding an
2004 May 26
5
Bug#251046: logcheck: invalid mktemp -p option
Package: logcheck
Version: 1.1.1-13.1woody1
Severity: important
logcheck line 56 uses "TMPDIR=$(mktemp -d -p ..." but mktemp from
woody doesn't accept -p option
Cheers, Chris
-- System Information
Debian Release: 3.0
Kernel Version: Linux ethlife-a 2.4.26-vs1.27 #4 SMP Mit Apr 28 15:20:15 MEST 2004 i686 unknown
Versions of the packages logcheck depends on:
ii cron
2007 Sep 14
2
Bug#442244: logcheck-database: should include the filters from cyrus-imapd-2.2
Package: logcheck-database
Version: 1.2.54
Severity: normal
The included filters for cyrus (/etc/logcheck/ignore.d.server/cyrus) are very minimal. The cyrus-imapd-2.2 has a more
extensive ruleset (there's a /etc/logcheck/ignore.d.server/cyrus2_2 file in that package).
Please copy over the filters from cyrus-imapd-2.2. I'm running logcheck on a loghost, which doesn't run cyrus
2008 Jun 24
1
Bug#446310: setting package to logcheck-database logtail logcheck, tagging 452879, tagging 450660, tagging 450697 ...
# Automatically generated email from bts, devscripts version 2.10.30
# via tagpending
#
# logcheck (1.2.65) unstable; urgency=low
#
# * ignore.d.server/courier:
# - update rules to include port information; thanks to Antoine Pardignon
# (closes: #446310).
# - ignore couriertcpd messages; thanks to Andrew Gallagher
# (closes: #451118).
# * ignore.d.server/smbd_audit:
# -