Your message dated Mon, 22 Feb 2010 21:42:58 +0000 with message-id <e1njg3o-00014i...@ries.debian.org> and subject line Bug#567842: fixed in logcheck 1.3.7 has caused the Debian Bug report #567842, regarding [PATCH] rules suggestions for mountd to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 567842: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=567842 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: logcheck Severity: wishlist I'm attaching a git patch with rule suggestion for mountd, and a sample from my logs.From 8bad954c60492445f4cda646e85287f75238a40c Mon Sep 17 00:00:00 2001 From: Pawel Hajdan jr <phajdan...@gmail.com> Date: Sun, 31 Jan 2010 19:49:25 +0100 Subject: [PATCH] Added rules for mountd. --- rulefiles/linux/ignore.d.server/mountd | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) create mode 100644 rulefiles/linux/ignore.d.server/mountd diff --git a/rulefiles/linux/ignore.d.server/mountd b/rulefiles/linux/ignore.d.server/mountd new file mode 100644 index 0000000..9df92f7 --- /dev/null +++ b/rulefiles/linux/ignore.d.server/mountd @@ -0,0 +1 @@ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: authenticated (mount|unmount) request from [0-9.]+:[0-9]+ for [._/[:alnum:]-]+ \([._/[:alnum:]-]+\)$ -- 1.6.5.2Jan 30 15:53:06 hq mountd[4771]: authenticated mount request from 192.168.1.14:799 for /diskless (/diskless) Jan 30 15:53:22 hq mountd[4771]: authenticated mount request from 192.168.1.14:1017 for /home (/home) Jan 30 15:53:22 hq mountd[4771]: authenticated mount request from 192.168.1.14:989 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 16:59:10 hq mountd[4771]: authenticated mount request from 192.168.1.11:869 for /diskless (/diskless) Jan 30 16:59:31 hq mountd[4771]: authenticated mount request from 192.168.1.11:883 for /home (/home) Jan 30 16:59:31 hq mountd[4771]: authenticated mount request from 192.168.1.11:807 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 17:00:01 hq mountd[4771]: authenticated unmount request from 192.168.1.14:821 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 17:00:01 hq mountd[4771]: authenticated unmount request from 192.168.1.14:822 for /home (/home) Jan 30 17:00:01 hq mountd[4771]: authenticated unmount request from 192.168.1.14:823 for /diskless (/diskless) Jan 30 17:00:06 hq mountd[4771]: authenticated unmount request from 192.168.1.14:832 for /home (/home) Jan 30 17:00:49 hq mountd[4771]: authenticated mount request from 192.168.1.14:813 for /diskless (/diskless) Jan 30 17:01:04 hq mountd[4771]: authenticated mount request from 192.168.1.14:986 for /home (/home) Jan 30 17:01:04 hq mountd[4771]: authenticated mount request from 192.168.1.14:955 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 17:02:20 hq mountd[4771]: authenticated unmount request from 192.168.1.11:950 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 17:02:20 hq mountd[4771]: authenticated unmount request from 192.168.1.11:951 for /home (/home) Jan 30 17:02:20 hq mountd[4771]: authenticated unmount request from 192.168.1.11:952 for /diskless (/diskless) Jan 30 17:02:25 hq mountd[4771]: authenticated unmount request from 192.168.1.11:961 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 17:02:25 hq mountd[4771]: authenticated unmount request from 192.168.1.11:962 for /home (/home) Jan 30 18:44:51 hq mountd[4771]: authenticated unmount request from 192.168.1.14:930 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 18:44:51 hq mountd[4771]: authenticated unmount request from 192.168.1.14:931 for /home (/home) Jan 30 18:44:51 hq mountd[4771]: authenticated unmount request from 192.168.1.14:932 for /diskless (/diskless) Jan 30 18:44:56 hq mountd[4771]: authenticated unmount request from 192.168.1.14:941 for /home (/home) Jan 30 18:45:38 hq mountd[4771]: authenticated mount request from 192.168.1.14:929 for /diskless (/diskless) Jan 30 18:45:52 hq mountd[4771]: authenticated mount request from 192.168.1.14:1018 for /home (/home) Jan 30 18:45:52 hq mountd[4771]: authenticated mount request from 192.168.1.14:926 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 19:18:26 hq mountd[4771]: authenticated unmount request from 192.168.1.14:910 for /diskless-var-tmp (/diskless-var-tmp) Jan 30 19:18:26 hq mountd[4771]: authenticated unmount request from 192.168.1.14:911 for /home (/home) Jan 30 19:18:26 hq mountd[4771]: authenticated unmount request from 192.168.1.14:912 for /diskless (/diskless) Jan 30 19:18:31 hq mountd[4771]: authenticated unmount request from 192.168.1.14:921 for /home (/home) Jan 31 11:42:50 hq mountd[4771]: authenticated mount request from 192.168.1.14:717 for /diskless (/diskless) Jan 31 11:43:06 hq mountd[4771]: authenticated mount request from 192.168.1.14:787 for /home (/home) Jan 31 11:43:06 hq mountd[4771]: authenticated mount request from 192.168.1.14:719 for /diskless-var-tmp (/diskless-var-tmp)signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---Source: logcheck Source-Version: 1.3.7 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.7_all.deb to main/l/logcheck/logcheck-database_1.3.7_all.deb logcheck_1.3.7.dsc to main/l/logcheck/logcheck_1.3.7.dsc logcheck_1.3.7.tar.gz to main/l/logcheck/logcheck_1.3.7.tar.gz logcheck_1.3.7_all.deb to main/l/logcheck/logcheck_1.3.7_all.deb logtail_1.3.7_all.deb to main/l/logcheck/logtail_1.3.7_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 567...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Fri, 19 Feb 2010 07:16:32 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.7 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail - Print log file lines that have not been read (deprecated) Closes: 546004 567150 567317 567842 570207 Changes: logcheck (1.3.7) unstable; urgency=low . [ Hannes von Haugwitz ] * Added src/logcheck-test and docs/logcheck-test.1 * ignore.d.server/wu-ftpd: - adjusted rule to match optional pid (closes: #570207) * src/logcheck: - use 7bit encoding for sending mail * ignore.d.workstation/kernel: - added rules for inserted and removed SD cards * ignore.d.server/mountd: new - added rule for authenticated mount/unmount requests, thanks to Paweł Hajdan, Jr. (closes: #567842) * docs/logcheck.sgml: clarify that "server" rules are included in "workstation" level * ignore.d.server/klogind: new - added rule for "connect from" message * ignore.d.server/login: - added rule for root logins on pseudo terminals * ignore.d.server/bind: - added rules for "received notify for zone" and "zone is up to date" message * Makefile: - added an empty "all" make target, thanks to Paweł Hajdan, Jr. (closes: #567150) - renamed BINDIR to SBINDIR - added logtail2 script to "clean" make target * ignore.d.server/ssh: - added rule for "disconnected by user" message (closes: #567317) * ignore.d.workstation/ifplugd: - added rule for "client: OK" message * debian/control: - bumped to Standards-Version 3.8.4 (no changes necessary) - added ${misc:Depends} to logtail Depends . [ Hanspeter Kunz ] * ignore.d.server/dovecot: - added an optional prefix "dovecot: " to the deliver rule - added rule to ignore various sieve messages (stored mail, forwards, vacation replies and discards) . [ Frédéric Brière ] * ignore.d.server/kernel: - added IPv6 support to "Treason uncloaked!" rule (closes: #546004) - added "Peer unexpectedly shrunk window" alternate rule - allow '-' in usbcore interface driver names (e.g. snd-usb-audio) * ignore.d.workstation/kernel: - added UDF-fs "readonly partition" and "Mounting volume" rules - usbhid no longer prints the source filename in its messages - allow ':' and arbitrary paths for input devices - adjusted "USB HID" rule to match generic devices - adjusted "USB HID" rule for newer kernels - adjusted agpgart rules for newer kernels Checksums-Sha1: 831eb68c007c231839da1ef3b3509d28dfab6d0f 1260 logcheck_1.3.7.dsc 1a0e7a5cb763e40857e9abed487e0596275faed9 152953 logcheck_1.3.7.tar.gz f01cdc840ce2cbafc766149d9c03cf11d432f568 74774 logcheck_1.3.7_all.deb 622067c8ddfab2937d806e82e7a5a7fd02691c91 114776 logcheck-database_1.3.7_all.deb 96aab023b10a1a712cc8a99bd8941e683d2d99c6 57494 logtail_1.3.7_all.deb Checksums-Sha256: a73324dd411f597e4f67fb8f2430f5cbdda0555c8a896fea44a61945554fe783 1260 logcheck_1.3.7.dsc dcfb68a128b3deab4a411e323c92e887eb9cd4ae4b330211f5c0ae7ed261a909 152953 logcheck_1.3.7.tar.gz d45135f16fef7a906e70b02e8974b28d1a982b83d507d134749471dc0eb195b4 74774 logcheck_1.3.7_all.deb 2d96da464708f362b2080d925fe314441e4ca82c3b35b4e0217b37992260e452 114776 logcheck-database_1.3.7_all.deb 6aadc7e4b40a330637c905d30da4087aa6c8fb2eeace7a4a9c8feabf45bad08e 57494 logtail_1.3.7_all.deb Files: f13e6ab476ecbf719549135180337fc9 1260 admin optional logcheck_1.3.7.dsc 3bfa692ff9e2e507250a6be9f8fd3494 152953 admin optional logcheck_1.3.7.tar.gz ad2232486c067e95c20c1ee7543b73e6 74774 admin optional logcheck_1.3.7_all.deb cdd30530e5240f4521a2b73cb4de8ddf 114776 admin optional logcheck-database_1.3.7_all.deb 7927e4041ebdd3db14392c3a37f3ba02 57494 admin optional logtail_1.3.7_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkuC7ZwACgkQELuA/Ba9d8ZhGACdGHZD3isVZ9cVUI0PXmVBj/Fn yXEAoJVL+nXWo3uwPTGWhpAUNUwdw90b =Ot/6 -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel