[Logcheck-devel] Bug#567842: [PATCH] rules suggestions for mountd

Sun, 31 Jan 2010 11:07:59 -0800 

Package: logcheck
Severity: wishlist

I'm attaching a git patch with rule suggestion for mountd, and a sample
from my logs.

From 8bad954c60492445f4cda646e85287f75238a40c Mon Sep 17 00:00:00 2001
From: Pawel Hajdan jr <phajdan...@gmail.com>
Date: Sun, 31 Jan 2010 19:49:25 +0100
Subject: [PATCH] Added rules for mountd.

---
 rulefiles/linux/ignore.d.server/mountd |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)
 create mode 100644 rulefiles/linux/ignore.d.server/mountd

diff --git a/rulefiles/linux/ignore.d.server/mountd 
b/rulefiles/linux/ignore.d.server/mountd
new file mode 100644
index 0000000..9df92f7
--- /dev/null
+++ b/rulefiles/linux/ignore.d.server/mountd
@@ -0,0 +1 @@
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: authenticated 
(mount|unmount) request from [0-9.]+:[0-9]+ for [._/[:alnum:]-]+ 
\([._/[:alnum:]-]+\)$
-- 
1.6.5.2


Jan 30 15:53:06 hq mountd[4771]: authenticated mount request from 
192.168.1.14:799 for /diskless (/diskless)
Jan 30 15:53:22 hq mountd[4771]: authenticated mount request from 
192.168.1.14:1017 for /home (/home)
Jan 30 15:53:22 hq mountd[4771]: authenticated mount request from 
192.168.1.14:989 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 16:59:10 hq mountd[4771]: authenticated mount request from 
192.168.1.11:869 for /diskless (/diskless)
Jan 30 16:59:31 hq mountd[4771]: authenticated mount request from 
192.168.1.11:883 for /home (/home)
Jan 30 16:59:31 hq mountd[4771]: authenticated mount request from 
192.168.1.11:807 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 17:00:01 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:821 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 17:00:01 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:822 for /home (/home)
Jan 30 17:00:01 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:823 for /diskless (/diskless)
Jan 30 17:00:06 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:832 for /home (/home)
Jan 30 17:00:49 hq mountd[4771]: authenticated mount request from 
192.168.1.14:813 for /diskless (/diskless)
Jan 30 17:01:04 hq mountd[4771]: authenticated mount request from 
192.168.1.14:986 for /home (/home)
Jan 30 17:01:04 hq mountd[4771]: authenticated mount request from 
192.168.1.14:955 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 17:02:20 hq mountd[4771]: authenticated unmount request from 
192.168.1.11:950 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 17:02:20 hq mountd[4771]: authenticated unmount request from 
192.168.1.11:951 for /home (/home)
Jan 30 17:02:20 hq mountd[4771]: authenticated unmount request from 
192.168.1.11:952 for /diskless (/diskless)
Jan 30 17:02:25 hq mountd[4771]: authenticated unmount request from 
192.168.1.11:961 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 17:02:25 hq mountd[4771]: authenticated unmount request from 
192.168.1.11:962 for /home (/home)
Jan 30 18:44:51 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:930 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 18:44:51 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:931 for /home (/home)
Jan 30 18:44:51 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:932 for /diskless (/diskless)
Jan 30 18:44:56 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:941 for /home (/home)
Jan 30 18:45:38 hq mountd[4771]: authenticated mount request from 
192.168.1.14:929 for /diskless (/diskless)
Jan 30 18:45:52 hq mountd[4771]: authenticated mount request from 
192.168.1.14:1018 for /home (/home)
Jan 30 18:45:52 hq mountd[4771]: authenticated mount request from 
192.168.1.14:926 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 19:18:26 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:910 for /diskless-var-tmp (/diskless-var-tmp)
Jan 30 19:18:26 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:911 for /home (/home)
Jan 30 19:18:26 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:912 for /diskless (/diskless)
Jan 30 19:18:31 hq mountd[4771]: authenticated unmount request from 
192.168.1.14:921 for /home (/home)
Jan 31 11:42:50 hq mountd[4771]: authenticated mount request from 
192.168.1.14:717 for /diskless (/diskless)
Jan 31 11:43:06 hq mountd[4771]: authenticated mount request from 
192.168.1.14:787 for /home (/home)
Jan 31 11:43:06 hq mountd[4771]: authenticated mount request from 
192.168.1.14:719 for /diskless-var-tmp (/diskless-var-tmp)

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

Reply via email to