similar to: Installing and running logcheck on CentOS

Hello List, I have a problem with the CA on my Puppetmaster. This Puppetmaster is connected to different Networks with different sub domainnames. The Puppet clients connecting via different Interfaces. There is no routing between subnets. Only one subnet can connect successfully. This is because the subject in the Certificate is the name of this subnet. All other clients get: Could not

Package: logcheck-database Version: 1.2.69 Severity: normal Tags: patch Hi, I think that this rule: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: (\+|-) (pts/[0-9]{1,2}|tty[0-9]) [_[:alnum:]-]+:[_[:alnum:]-]+$ is supposed to filter out lines like: Oct 17 14:49:24 myhost su[13469]: + /dev/pts/1 user1:root It is not working because the pattern dos not include the "/dev/" part and

# Automatically generated email from bts, devscripts version 2.10.35 # via tagpending # # logcheck (1.3) unstable; urgency=low # # * Formalise the dropping of violations.d/logcheck. Please see # /usr/share/doc/logcheck-database/NEWS.Debian.gz for more information # (closes: #471072). # * Add Auto-Submitted header to outgoing mails (closes: #489172). # * ignore.d.server/kernel: # -

# Automatically generated email from bts, devscripts version 2.10.30 # via tagpending # # logcheck (1.2.65) unstable; urgency=low # # * ignore.d.server/courier: # - update rules to include port information; thanks to Antoine Pardignon # (closes: #446310). # - ignore couriertcpd messages; thanks to Andrew Gallagher # (closes: #451118). # * ignore.d.server/smbd_audit: # -

# Automatically generated email from bts, devscripts version 2.10.18.1 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/bind: # - moved "[bind] query $FOO denied" rule to violations.ignore.d # (closes: #443881). # - added bind's "AXFR ended" rule alongside "AXFR started" # (closes: #445046). # - added "adding an

# Automatically generated email from bts, devscripts version 2.10.30 # via tagpending # # logcheck (1.2.65) unstable; urgency=low # # * ignore.d.server/postfix: # - ignore connection messages for anonymous TLS connections; thanks to # Justin Larue (closes: #486440). # - ignore hostname verification due to DNS name not found; thanks to # Justin Larue (closes: #486440). # *

Package: logcheck Version: 1.2.26 Severity: wishlist Please add ignore for Spamassasin's "check" messages like: Aug 16 19:27:54 ns spamd[23853]: checking message <20040816150710.86ADA708A8 at smtp-out.hotpop.com> for nobody:65534. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.26.20040601 Locale: LANG=C, LC_CTYPE=C (ignored: LC_ALL

Package: logcheck-database Version: 1.2.69 Severity: normal Tags: patch kernel log lines of the form: ...kernel: [1933150.816604] TCP: Treason uncloaked! Peer 0000:0000:0000:0000:0000:ffff:d04e:3f6b:4038/80 shrinks window 2491430013:2491430014. Repaired. are not caught by the current rules. -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500,

# Automatically generated email from bts, devscripts version 2.10.27 # # logcheck (1.2.64) unstable; urgency=low # # * ignore.d.server/dhcp # - Adding dhcp rules for DNS updates by ddns_remove_a() # (closes: #459875, #472368) # - Added dhcp "removed reverse map" rule, which occurs on DHCPRELEASE. # * ignore.d.server/spamd # - deal with socket connections by e.g. evolution

Package: logcheck Version: 1.2.39 Severity: normal Since I've upgraded my servers to sarge, I'm getting mail every hour for stuff that was duly included in /etc/logcheck/logcheck.ignore. Turns out that sarge's version no longer reads that file. If this was a conscious decision, then there should be some warning about this when upgrading (via debconf of NEWS.Debian). Also, the

Package: logcheck-database Version: 1.2.54 Severity: normal Tags: patch Logcheck fails to ignore certain lines generated by OpenVPN; the attached patch fixes several regular expressions: * OpenVPN does not print the full path to ifconfig or route (at least here) * The interface name can also contain dots and does not always start with "tun" * The startup messages now gets suppressed

Package: logcheck-database Version: 1.3.5 Severity: normal Hi, I was having a look at logcheck and why I received a "verification failed: Temporary failure in name resolution" as a _system_ message. Turns out that since violations.d/logcheck is empty now, most of the rules in violations.ignore.d look quite useless, can you confirm? I suspect that a big part of those rules should be

On Sat, 15 May 2004, CVS User ttroxell wrote: > if [ -f /etc/logcheck/header.txt ] ; then > - $CAT /etc/logcheck/header.txt >> $TMPDIR/report > + $CAT /etc/logcheck/header.txt >> $TMPDIR/report \ > + || error "Could not append header to $TMPDIR/report Disk full?" > fi > } > > @@ -152,7 +157,8 @@ > # Add a footer

Package: logcheck Version: 1.2.32 Severity: important In postinst logcheck "fixes" permissions of /etc/logcheck/* to 750. In my (and others on #d-d) opinion ownership and permissions should be preserved upon package upgrades. Logcheck must not screw with my decision to make them world readable every time it configures. -- Peter

# Automatically generated email from bts, devscripts version 2.10.35 # via tagpending # # logcheck (1.3.2) experimental; urgency=low # # * Apply patch from Jari Aalto for fixing package description paragraph # ordering by importence, thanks (closes: #499415) # * Supress cron session closed messages too, thanks to Ferenc Wagner for # noticing (closes: #499393) # package logcheck-database

Package: logcheck-database Version: 1.2.62 Severity: normal File: /etc/logcheck/violations.ignore.d/logcheck-ssh Somewhere between etch and now, ssh stopped reporting failed passwords as "error: PAM: Authentication failure for foo", and switched to "Failed password for foo", similar to what it already did for unknown users, but without the "invalid user" part.

# Automatically generated email from bts, devscripts version 2.10.35 # via tagpending # # logcheck (1.3.2) experimental; urgency=low # # * Apply patch from Jari Aalto for fixing package description paragraph # ordering by importence, thanks (closes: #499415) # package logcheck-database logtail logcheck tags 499415 + pending

Hello world, I installed logcheck for monitoring geronimo logs (geronimo.out). i want use it only for that. i don't know how to add a geronimo regex. Even a new term "Exception" is detected, i want that logcheck send me an alert by mail. Can you tell me please how can i do because it appears that my configuration not works. -------------- next part -------------- An HTML attachment

Package: logcheck-database Version: 1.2.28 Severity: normal Hi, the Internet Software Consortium changed the name to Internet Systems Consortium. For a fix for the logcheck rules see the attachment. -- System Information: Debian Release: 3.0 APT prefers testing APT policy: (600, 'testing'), (100, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel:

Hello, list! I can't run logcheck. This is the first time my system has not let me run something, any way I try. I am member of sudo group. I run this sudo -u logcheck logcheck -o -t and get Sorry, user [user] is not allowed to execute '/usr/sbin/logcheck -o -t' as logcheck on [machine]. If I try su -s /bin/bash -c "/usr/sbin/logcheck -o -t" logcheck I get