[Logcheck-devel] Processed: [PATCH] Let mime-construct pick an encoding (closes: #860052)
Processing commands for cont...@bugs.debian.org: > tags 860052 + patch Bug #860052 [logcheck] can generate illegal and thus lost e-mail messages due to long lines Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 860052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860052 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#825170: marked as done (logcheck: Ignore DNSSEC rekeying)
Your message dated Wed, 25 Jan 2017 22:05:37 +
with message-id <e1cwvhb-0002ww...@fasolo.debian.org>
and subject line Bug#825170: fixed in logcheck 1.3.18
has caused the Debian Bug report #825170,
regarding logcheck: Ignore DNSSEC rekeying
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
825170: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825170
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck
Version: 1.3.17
Severity: minor
Tags: patch
After enabling bind inline-signing the logfile sees every hour a 'reconfiguring
zone keys' and 'next key event' line. These could be ignored.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: systemd (via /run/systemd/system)
Versions of packages logcheck depends on:
ii adduser3.114
ii cron 3.0pl1-128
ii exim4-daemon-heavy [mail-transport-agent] 4.87-3
ii lockfile-progs 0.1.17
ii logtail1.3.17
ii mime-construct 1.11+nmu2
ii rsyslog [system-log-daemon]8.16.0-1+b3
Versions of packages logcheck recommends:
ii logcheck-database 1.3.17
Versions of packages logcheck suggests:
pn syslog-summary
-- Configuration Files:
/etc/logcheck/logcheck.conf [Errno 13] Permission denied:
u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied:
u'/etc/logcheck/logcheck.logfiles'
-- debconf information:
* logcheck/install-note:
logcheck/changes:
>From d3450966f68a2221a4155868a9beed524478feca Mon Sep 17 00:00:00 2001
From: Philipp Kolmann <phil...@kolmann.at>
Date: Tue, 24 May 2016 11:27:19 +0200
Subject: [PATCH] commit d180391d2a0f71f4f91a39a8b2b55fb676fdb3bc Author:
Philipp Kolmann <phil...@kolmann.at> Date: Tue May 24 11:25:10 2016 +0200
After enabling bind inline-signing the logfile sees every hour a 'reconfiguring
zone keys' and 'next key event' line. These could be ignored.
Signed-off-by: Philipp Kolmann <phil...@kolmann.at>
---
rulefiles/linux/ignore.d.server/bind | 2 ++
1 file changed, 2 insertions(+)
diff --git a/rulefiles/linux/ignore.d.server/bind b/rulefiles/linux/ignore.d.server/bind
index 88e1989..6e7e2ae 100644
--- a/rulefiles/linux/ignore.d.server/bind
+++ b/rulefiles/linux/ignore.d.server/bind
@@ -11,3 +11,5 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [-._[:alnum:]]+/IN: notify from [.:[:xdigit:]]+#[[:digit:]]+: zone is up to date$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[0-9]+\]: success resolving '[^[:space:]]+' \(in '[.[:alnum:]-]+'\?\) after (disabling EDNS|reducing the advertised EDNS UDP packet size to 512 octets)$
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: error \((FORMERR|connection refused|unexpected RCODE (REFUSED|SERVFAIL)|(network|host) unreachable)\) resolving '[^[:space:]]+': [.:[:xdigit:]]+#[[:digit:]]+$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [._[:alnum:]-]+/IN (signed): reconfiguring zone keys$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [._[:alnum:]-]+/IN (signed): next key event: [:digit:]]{3}-\w{3}-[:digit:]{4} [.:[:digit:]]{12}$
--
2.8.1
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 825...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-data
[Logcheck-devel] Bug#786815: marked as done (please add alternate dependency on cron-daemon)
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id <e1cwvha-0002wa...@fasolo.debian.org>
and subject line Bug#786815: fixed in logcheck 1.3.18
has caused the Debian Bug report #786815,
regarding please add alternate dependency on cron-daemon
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
786815: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786815
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck
Severity: minor
Tags: patch
Currently logcheck only depends on cron but systemd-cron only Provides:
cron-daemon but not cron.
So these 2 can't be used together.
diff --git a/debian/control b/debian/control
index 808dec5..33a76bb 100644
--- a/debian/control
+++ b/debian/control
@@ -12,7 +12,7 @@ Homepage: http://www.logcheck.org/
Package: logcheck
Architecture: all
-Depends: adduser, default-mta | mail-transport-agent, cron, rsyslog |
system-log-daemon, mime-construct, logtail (>= 1.2.59), lockfile-progs,
${misc:Depends}
+Depends: adduser, default-mta | mail-transport-agent, cron | cron-daemon,
rsyslog | system-log-daemon, mime-construct, logtail (>= 1.2.59),
lockfile-progs, ${misc:Depends}
Recommends: logcheck-database (>= ${source:Version})
Suggests: syslog-summary
Description: mails anomalies in the system logfiles to the administrator
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 786...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com>
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041
799304 809605 815114 815755 822165 825170
Changes:
logcheck (1.3.18) unstable; urgency=medium
.
* src/logcheck:
- fix check if rule files are unreadable, thanks to Simon Ruderich
for the patch (closes: #418147)
* src/logcheck-test:
- make mktemp usage more portable
* Makefile:
- remove duplicate xargs option (thanks to Sander Bos)
* ignore.d.server/dhcp:
- match dhcpd PID (closes: #799041)
* ignore.d.server/dhclient:
- rewrite rules (LP: #1357880, closes: #809605)
* ignore.d.server/ssh:
- add generic preauth disconnect rule (closes: #775090)
- adjust 'Bad protocol version identification' rule, thanks to
Paul Brossier for the patch (closes: #703936)
- allow new FingerprintHash format (closes: #799304)
- match 'ED25519' key type, thanks to Ayke van Laethem for the patch
- match more disconnect messages
* ignore.d.server/su:
- allow '.' and '_' in username (closes: #780441)
* ignore.d.server/rsync:
- allow comma as thousands separator (LP: #1476199)
* ignore.d.workstation/wpasupplicant:
- adjust CTRL-EVENT-CONNECTED rule
- add another CTRL-EVENT-DISCONNECTED rule
- adjust multiple rules to match added interface name
- allow '.' in SSID
- match 'SME: ' prefix in 'Trying to associate' message
- match 'freq=', 'address=' and 'uuid=' wpa_action messages
- match CTRL-EVENT-SUBNET-STATUS-UPDATE message
- match predictable network interface names
* violations.ignore.d/logcheck-sudo:
- match 'GROUP=' field (closes: #815114)
* ignore.d.server/bind:
- match domain name in query message, thanks to Wojciech Nizinski
for the patch
- ignore
[Logcheck-devel] Bug#815114: marked as done (Please whitelist sudo -g nogroup (not just sudo -u nobody))
Your message dated Wed, 25 Jan 2017 22:05:37 +
with message-id <e1cwvhb-0002we...@fasolo.debian.org>
and subject line Bug#815114: fixed in logcheck 1.3.18
has caused the Debian Bug report #815114,
regarding Please whitelist sudo -g nogroup (not just sudo -u nobody)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
815114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815114
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck
Version: 1.3.17
Severity: wishlist
Tags: patch
Currently logcheck thinks
"sudo -u nobodypwd" is OK,
"sudo -g nogroup pwd" is scary; and
"sudo -u nobody -g nogroup pwd" is scary.
IMO either these are all OK, or all scary --- probably the former.
Here is an (untested) patch against current logcheck;
I've been using a variation on oldoldstable systems for a while.
diff --git a/rulefiles/linux/violations.ignore.d/logcheck-sudo
b/rulefiles/linux/violations.ignore.d/logcheck-sudo
index 92c3dd4..274ed83 100644
--- a/rulefiles/linux/violations.ignore.d/logcheck-sudo
+++ b/rulefiles/linux/violations.ignore.d/logcheck-sudo
@@ -1,5 +1,5 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user
[[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ :
TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ;
USER=[._[:alnum:]-]+ ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ :
TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ (;
(USER|GROUP)=[._[:alnum:]-]+ )+; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit
).*|list)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ :
\(command continued\).*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\):
session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\):
session closed for user [[:alnum:]-]+$
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 815...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com>
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041
799304 809605 815114 815755 822165 825170
Changes:
logcheck (1.3.18) unstable; urgency=medium
.
* src/logcheck:
- fix check if rule files are unreadable, thanks to Simon Ruderich
for the patch (closes: #418147)
* src/logcheck-test:
- make mktemp usage more portable
* Makefile:
- remove duplicate xargs option (thanks to Sander Bos)
* ignore.d.server/dhcp:
- match dhcpd PID (closes: #799041)
* ignore.d.server/dhclient:
- rewrite rules (LP: #1357880, closes: #809605)
* ignore.d.server/ssh:
- add generic preauth disconnect rule (closes: #775090)
- adjust 'Bad protocol version identification' rule, thanks to
Paul Brossier for the patch (closes: #703936)
- allow new FingerprintHash format (closes: #799304)
- match 'ED25519' key type, thanks to Ayke van Laethem for the patch
- match more disconnect messages
* ignore.d.server/su:
- allow '.' and '_' in username (closes: #
[Logcheck-devel] Bug#481353: marked as done (Please add support for logcheck.logfiles.d)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002va...@fasolo.debian.org> and subject line Bug#481353: fixed in logcheck 1.3.18 has caused the Debian Bug report #481353, regarding Please add support for logcheck.logfiles.d to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 481353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Version: 1.2.63 Severity: wishlist Please add support for logcheck.logfiles.d so packages can put files there and add new logfiles for reviewing. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 481...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore DNSSEC rekeying (closes: #825170) * ignore.d.server/openvpn: - match arbitrary mtu sizes (closes: #815755) * ignore.d.server/snmpd: - match optional port (closes: #644886) * ignore.d.server/postfix: - remove obsolete rule (closes: #822165) * ignore.d.server/systemd-timesyncd: new - match 'interval/delta/delay/jitter/drift' message * ignore.d.server/kernel: - 'TCP: ' prefix is optional, thanks to Xavier Mehrenberg
[Logcheck-devel] Bug#799304: marked as done (logcheck-database: rule for sshd accepted key rule is obsolete)
Your message dated Wed, 25 Jan 2017 22:05:37 +
with message-id <e1cwvhb-0002ws...@fasolo.debian.org>
and subject line Bug#799304: fixed in logcheck 1.3.18
has caused the Debian Bug report #799304,
regarding logcheck-database: rule for sshd accepted key rule is obsolete
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
799304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799304
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.17
Severity: normal
The following rule in ignore.d.server/ssh:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted
(gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased)
for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(:
(RSA|ECDSA) ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})?$
is not working with version 6.9 of openssh. Log entries in my system
are like this now:
Sep 16 10:35:04 rlaboiss sshd[17173]: Accepted publickey for xx from
000.000.000.000 port 000 ssh2: RSA
SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY
The problem is that the key hash at the end:
SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY
does not match the end of the rule:
([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})
Please, fix it.
Thanks,
Rafael Laboissiere
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 799...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com>
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041
799304 809605 815114 815755 822165 825170
Changes:
logcheck (1.3.18) unstable; urgency=medium
.
* src/logcheck:
- fix check if rule files are unreadable, thanks to Simon Ruderich
for the patch (closes: #418147)
* src/logcheck-test:
- make mktemp usage more portable
* Makefile:
- remove duplicate xargs option (thanks to Sander Bos)
* ignore.d.server/dhcp:
- match dhcpd PID (closes: #799041)
* ignore.d.server/dhclient:
- rewrite rules (LP: #1357880, closes: #809605)
* ignore.d.server/ssh:
- add generic preauth disconnect rule (closes: #775090)
- adjust 'Bad protocol version identification' rule, thanks to
Paul Brossier for the patch (closes: #703936)
- allow new FingerprintHash format (closes: #799304)
- match 'ED25519' key type, thanks to Ayke van Laethem for the patch
- match more disconnect messages
* ignore.d.server/su:
- allow '.' and '_' in username (closes: #780441)
* ignore.d.server/rsync:
- allow comma as thousands separator (LP: #1476199)
* ignore.d.workstation/wpasupplicant:
- adjust CTRL-EVENT-CONNECTED rule
- add another CTRL-EVENT-DISCONNECTED rule
- adjust multiple rules to match added interface name
- allow '.' in SSID
- match 'SME: ' prefix in 'Trying to associate' message
- match 'freq=', 'address=' and 'uuid=' wpa_action messages
- match CTRL-EVENT-SUBNET-STATUS-UPDATE message
- match predictable network interface names
* violations.ignore.d/logcheck-sudo:
- match 'GROUP=' field (closes: #815114)
* ignore.d.server/bind:
- match domain name in query message, thanks to Wojciech Nizinski
for the patch
- ignore DNSSEC r
[Logcheck-devel] Bug#418147: marked as done (logcheck: Does not complain if rules are unreadable)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002vu...@fasolo.debian.org> and subject line Bug#418147: fixed in logcheck 1.3.18 has caused the Debian Bug report #418147, regarding logcheck: Does not complain if rules are unreadable to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 418147: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418147 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Version: 1.2.39 Severity: normal Hello, Due to the incorrect group ownership bug (which has already been fixed) I ended up with logcheck not being able to read any files in /etc/logcheck/ignore.d.paranoid. However, instead of complaining that some files were unreadable, logcheck just sent the *complete* logfiles by mail, without any filtering. If logcheck cannot read some of its rule files, it should mention that in its mail. Additionally, it may be worth considering to not include any logfile contents in this case, since for me this generated a 10 MB mail. Best, Nikolaus -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.9-023stab039.1-smp Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck depends on: ii adduser 3.63Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.30.13 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii exim44.50-8sarge2metapackage to ease exim MTA (v4) ii exim4-daemon-hea 4.50-8sarge2exim MTA (v4) daemon with extended ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.39 A database of system log rules for ii logtail 1.2.39 Print log file lines that have not ii mailx1:8.1.2-0.20040524cvs-4 A simple mail user agent ii sysklogd [system 1.4.1-17System Logging Daemon -- debconf information excluded --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 418...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow
[Logcheck-devel] Bug#775090: marked as done (logcheck-database: Should filter shh preauth disconnect ok messages)
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id <e1cwvha-0002vs...@fasolo.debian.org>
and subject line Bug#775090: fixed in logcheck 1.3.18
has caused the Debian Bug report #775090,
regarding logcheck-database: Should filter shh preauth disconnect ok messages
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
775090: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775090
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.17
Severity: normal
Tags: patch
I get tons of messages for sshd like these:
Received disconnect from [IP]: 11: ok [preauth]
`Bye Bye [preauth]` is already filtered out.
-- System Information:
Debian Release: 8.0
APT prefers unstable
APT policy: (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
>From fc9a190720510e14039505229c9e6c0803ebde3f Mon Sep 17 00:00:00 2001
From: Adrian Heine <m...@adrianheine.de>
Date: Sun, 11 Jan 2015 08:34:07 +0100
Subject: [PATCH] server/ssh: Better match for preauth disconnect
---
rulefiles/linux/ignore.d.server/ssh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh
index 890d20a..9c6ec96 100644
--- a/rulefiles/linux/ignore.d.server/ssh
+++ b/rulefiles/linux/ignore.d.server/ssh
@@ -14,7 +14,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2)( \[preauth\])?)?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (disconnected by user|Closed due to user request\.)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: Bye Bye \[preauth\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (Bye Bye|ok) \[preauth\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by [:.[:xdigit:]]+ \[preauth\]$
--
2.1.4
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 775...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com>
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041
799304 809605 815114 815755 822165 825170
Changes:
logcheck (1.3.18) unstable; urgency=medium
.
* src/logcheck:
- fix check if rule files are unreadable, thanks to Simon Ruderich
for the patch (closes: #418147)
* src/logcheck-test:
- make mktemp
[Logcheck-devel] Bug#799041: marked as done (Updated rules for isc-dhcp-server)
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id <e1cwvha-0002wm...@fasolo.debian.org>
and subject line Bug#799041: fixed in logcheck 1.3.18
has caused the Debian Bug report #799041,
regarding Updated rules for isc-dhcp-server
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
799041: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799041
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.17
Severity: normal
Tags: patch
isc-dhcp-server has added the PID to the log output since version 4.3.3-2:
* Enable pid file logging (closes: #792928).
This spams logcheck output.
Attached is a new version of /etc/logcheck/ignore.d.server/dhcp
which matches the new log output.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Internet
(Software|Systems) Consortium DHCP Server [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Copyright [0-9-]+ Internet
(Software|Systems) Consortium\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): All rights reserved\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): For info, please visit
http(://www\.isc\.org/(products/DHCP|sw/dhcp/)|s://www\.isc\.org/software/dhcp/)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Wrote [0-9]+
(leases|(class|group|deleted host|new dynamic host) decls) to leases file\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): (BOOTREQUEST|DHCPDISCOVER)
from [:[:alnum:]]+ (\([\(\):._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): BOOTREPLY (for|on)
[.0-9]{7,15} to [:[:alnum:]]+ (\([:._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPOFFER on [.0-9]{7,15}
to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPREQUEST for
[.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([\(\)._[:alnum:]-]+\)
)?via [._[:alnum:]-]+(: unknown lease [.0-9]{7,15}\.)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPACK on [.0-9]{7,15} to
[:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCP(NAK|RELEASE|INFORM)
(on|from) ([.0-9]{7,15}|[:[:alnum:].]+)$
#Added for dhcp 3
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPDISCOVER from
[:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+(: load balance to peer
[._[:alnum:]-]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPOFFER on
[.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPREQUEST for
[.0-9]{7,15} (\([.0-9]{7,15}\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via
[._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by
peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15}
to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPNAK on [.0-9]{7,15}
to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPINFORM from
[.0-9]{7,15} via [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPRELEASE of
[.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+
\((not |)found\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK to
[.0-9]{7,15}( \(([:[:xdigit:]]+|)\) via
[._[:alnum:]-]+)?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ((balancing|balanced)
)?pool [0-9a-f]{6,7} [.0-9]{7,15}/[:[:alnum:]]+ ? total [:[:alnum:]]+ free
[:[:alnum:]]+ backup [:[:alnum:]]+ lts [:[:alnum:]-]+.*( max-(own
\(\+/-\)[[:digit:]]+|misbal [[:digit:]]+))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ICMP Echo reply while
lease [.[:digit:]]{7,15} valid\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: uid lease [.0-9]{7,15}
for client [:[:xdigit:]]+ is duplicate on [.0-9]{7,15}/[[:digit:]]+$
# Dyndns support
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: [Aa]dded (new
)?(forward|reverse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: removed reverse map on
[._[:alnum:]-]+\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Can't update forward
map [._[:alnum:]-]+ to [.0-9]{7,15}: no such RRset$
# udhcpd support
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: s
[Logcheck-devel] Bug#644886: marked as done (logcheck-database: snmpd ruleset needs update)
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id <e1cwvha-0002vg...@fasolo.debian.org>
and subject line Bug#644886: fixed in logcheck 1.3.18
has caused the Debian Bug report #644886,
regarding logcheck-database: snmpd ruleset needs update
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
644886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644886
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.13
Severity: normal
Rule
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from UDP:
\[[.0-9]{7,15}\]:[0-9]{4,5}$
does not cover log entries like
Oct 10 07:05:04 foobar snmpd[19089]: Connection from UDP:
[192.0.2.61]:34180->[198.51.100.163]
Gabor
-- System Information:
Debian Release: 6.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Related package versions:
snmpd 5.4.3~dfsg-2
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 644...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com>
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041
799304 809605 815114 815755 822165 825170
Changes:
logcheck (1.3.18) unstable; urgency=medium
.
* src/logcheck:
- fix check if rule files are unreadable, thanks to Simon Ruderich
for the patch (closes: #418147)
* src/logcheck-test:
- make mktemp usage more portable
* Makefile:
- remove duplicate xargs option (thanks to Sander Bos)
* ignore.d.server/dhcp:
- match dhcpd PID (closes: #799041)
* ignore.d.server/dhclient:
- rewrite rules (LP: #1357880, closes: #809605)
* ignore.d.server/ssh:
- add generic preauth disconnect rule (closes: #775090)
- adjust 'Bad protocol version identification' rule, thanks to
Paul Brossier for the patch (closes: #703936)
- allow new FingerprintHash format (closes: #799304)
- match 'ED25519' key type, thanks to Ayke van Laethem for the patch
- match more disconnect messages
* ignore.d.server/su:
- allow '.' and '_' in username (closes: #780441)
* ignore.d.server/rsync:
- allow comma as thousands separator (LP: #1476199)
* ignore.d.workstation/wpasupplicant:
- adjust CTRL-EVENT-CONNECTED rule
- add another CTRL-EVENT-DISCONNECTED rule
- adjust multiple rules to match added interface name
- allow '.' in SSID
- match 'SME: ' prefix in 'Trying to associate' message
- match 'freq=', 'address=' and 'uuid=' wpa_action messages
- match CTRL-EVENT-SUBNET-STATUS-UPDATE message
- match predictable network interface names
* violations.ignore.d/logcheck-sudo:
- match 'GROUP=' field (closes: #815114)
* ignore.d.server/bind:
- match domain name in query message, thanks to Wojciech Nizinski
for the patch
- ignore DNSSEC rekeying (closes: #825170)
* ignore.d.server/openvpn:
- match arbitrary mtu sizes (closes: #815755)
* ignore.d.server/snmpd:
- match optional port (closes: #644886)
* ignore.d.server/postfix:
- remove obs
[Logcheck-devel] Bug#780441: marked as done (logcheck/PAM interaction ignore domain names as user)
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id <e1cwvha-0002vy...@fasolo.debian.org>
and subject line Bug#780441: fixed in logcheck 1.3.18
has caused the Debian Bug report #780441,
regarding logcheck/PAM interaction ignore domain names as user
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
780441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780441
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck
Severity: normal
Dear Maintainer,
the default "/etc/logcheck/ignore.d.server/su"
has the following
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for
[[:alnum:]-]+ by [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]:
pam_[[:alnum:]]+\(su:session\): session closed for user [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]:
pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:]-]+ by
([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\?
root:[_[:alnum:]-]+$
but sometimes the session closed for user is the hostname and has "."
inside
like these
Mar 13 07:16:01 api su[57408]: Successful su for mydomain.com by root
Mar 13 01:52:01 api su[47132]: + ??? root:mydomain.com
Mar 13 01:52:01 api su[47132]: pam_unix(su:session): session opened for
user mydomain.com by (uid=0)
Mar 13 01:52:01 api su[47132]: pam_unix(su:session): session closed for
user mydomain.com
so think it must be changed like the following
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for
[[:alnum:].-]+ by [[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]:
pam_[[:alnum:]]+\(su:session\): session closed for user [[:alnum:].-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]:
pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:].-]+ by
([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\?
root:[_[:alnum:].-]+$
-- System Information:
Debian Release: 7.8
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/12 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 780...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com>
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041
799304 809605 815114 815755 822165 825170
Changes:
logcheck (1.3.18) unstable; urgency=medium
.
* src/logcheck:
- fix check if rule files are unreadable, thanks to Simon Ruderich
for the patch (closes: #418147)
* src/logcheck-test:
- make mktemp usage more portable
* Makefile:
- remove duplicate xargs option (thanks to Sander Bos)
* ignore.d.server/dhcp:
- match dhcpd PID (closes: #799041)
* ignore.d.server/dhclient:
- rewrite rules (LP: #1357880, closes: #809605)
* ignore.d.server/ssh:
- add generic preauth disconnect rule (closes: #775090)
- adjust 'Bad protocol version identification' rule, thanks to
Paul Brossier for the patch (closes: #703936)
- allow new FingerprintHash format (closes: #799304)
- match 'E
[Logcheck-devel] Bug#783633: marked as done (logcheck-database: Please add rules for systemd)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002w4...@fasolo.debian.org> and subject line Bug#783633: fixed in logcheck 1.3.18 has caused the Debian Bug report #783633, regarding logcheck-database: Please add rules for systemd to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 783633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783633 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.17 Severity: wishlist Tags: patch I was quite surprised that after a dist-upgrade I was flooded with systemd messages from logcheck. The appropriate rules are already available at https://wiki.debian.org/systemd/logcheck See also https://lists.debian.org/debian-devel/2014/08/msg00923.html -- System Information: Debian Release: 8.0 APT prefers stable APT policy: (990, 'stable'), (400, 'testing'), (300, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Configuration Files: /etc/logcheck/cracking.d/kernel [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/kernel' /etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/rlogind' /etc/logcheck/cracking.d/rsh [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/rsh' /etc/logcheck/cracking.d/smartd [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/smartd' /etc/logcheck/cracking.d/tftpd [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/tftpd' /etc/logcheck/cracking.d/uucico [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/uucico' /etc/logcheck/ignore.d.paranoid/bind [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/bind' /etc/logcheck/ignore.d.paranoid/cron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/cron' /etc/logcheck/ignore.d.paranoid/incron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/incron' /etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/logcheck' /etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/postfix' /etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/ppp' /etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/pureftp' /etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/qpopper' /etc/logcheck/ignore.d.paranoid/squid [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/squid' /etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/ssh' /etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/stunnel' /etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/sysklogd' /etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/telnetd' /etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/tripwire' /etc/logcheck/ignore.d.paranoid/usb [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/usb' /etc/logcheck/ignore.d.server/acpid [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/acpid' /etc/logcheck/ignore.d.server/amandad [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/amandad' /etc/logcheck/ignore.d.server/amavisd-new [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/amavisd-new' /etc/logcheck/ignore.d.server/anacron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/anacron' /etc/logcheck/ignore.d.server/anon-proxy [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/anon-proxy' /etc/logcheck/ignore.d.server/apache [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/apache' /etc/logcheck/ignore.d.server/apcupsd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/apcupsd' /etc/logcheck/ignore.d.server/arpwatch [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/arpwatch' /etc/logcheck/ignore.d.server/asterisk [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/asterisk' /etc/logcheck/ignore.d.server/automount [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/automount' /etc/logcheck/ignore.d.server/bind [Errno 13] Permission deni
[Logcheck-devel] Bug#797512: marked as done (logcheck-database: Updated regex for kernel "unexpectedly shrunk window")
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id <e1cwvha-0002wg...@fasolo.debian.org>
and subject line Bug#797512: fixed in logcheck 1.3.18
has caused the Debian Bug report #797512,
regarding logcheck-database: Updated regex for kernel "unexpectedly shrunk
window"
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
797512: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797512
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.17
Severity: wishlist
Dear Maintainer,
You will find a patch for logcheck server kernel rules to reflect
message changes in net/ipv4/tcp_timer.c.
-- System Information:
Architecture: amd64 (x86_64)
Kernel: 3.16.0-4-amd64
Best regards
--
Xavier Mehrenberger
PGP: 0xFD3D563AEBC0307E
Fingerprint: 8847 CDED F0AF 19DA 61D6 892F FD3D 563A EBC0 307E
diff --git a/logcheck/ignore.d.server/kernel b/logcheck/ignore.d.server/kernel
index 682943d..12ed3fc 100644
--- a/logcheck/ignore.d.server/kernel
+++ b/logcheck/ignore.d.server/kernel
@@ -28,7 +28,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? PCI: Setting latency timer of device [[:alnum:]:.]+ to [[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? SCSI device [[:alnum:]]+: drive cache: write (through|back)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? SCSI subsystem initialized$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? TCP: (Treason uncloaked! )?Peer [:.[:xdigit:]]+:[[:digit:]]{1,5}/[[:digit:]]{1,5} (shrinks|unexpectedly shrunk) window [[:digit:]]+:[[:digit:]]+\.? (Repaired\.|\(repaired\))$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? (TCP: )?(Treason uncloaked! )?Peer [:.[:xdigit:]]+:[[:digit:]]{1,5}/[[:digit:]]{1,5} (shrinks|unexpectedly shrunk) window [[:digit:]]+:[[:digit:]]+\.? (Repaired\.|\(repaired\))$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? XFS mounting filesystem [[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:][:space:]]+: probe of [:.[:xdigit:]]+ failed with error [-[:digit:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: link up\.$
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 797...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com>
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041
799304 809605 815114 815755 822165 825170
Changes:
logcheck (1.3.18) unstable; urgency=medium
.
* src/logcheck:
- fix check if rule files are unreadable, thanks to Simon Ruderich
for the patch (closes: #418147)
* src/logcheck-test:
- make mktemp usage more portable
* Makefile:
- remove duplicate xargs option (thanks to Sander Bos)
* ignore.d.server/dhcp:
- match dhcpd PID (closes: #799041)
* ignore.d.server/dhclient:
- rewrite rules (LP: #1357880, closes: #809605)
* ignore.d.server/ssh:
- add generic preauth disconnect rule (closes: #775090)
- adjust 'Bad protocol version identific
[Logcheck-devel] Bug#703936: marked as done (logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete)
Your message dated Wed, 25 Jan 2017 22:05:36 +
with message-id <e1cwvha-0002vm...@fasolo.debian.org>
and subject line Bug#703936: fixed in logcheck 1.3.18
has caused the Debian Bug report #703936,
regarding logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is
incomplete
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
703936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703936
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.13
Severity: normal
The rule for SSH ignoring "Bad protocol version identification" assumes there
are no single quotes
inside the version string ('[^']'). I am however getting mails including those
lines:
Mar 25 22:57:04 Debian-60-squeeze-64-minimal sshd[12144]: Bad protocol version
identification
'\004\241\031\a\232k\273#\203J\223\030\246\354t\260n\346q\004*\231\264q&\035\321.l5\260)r\224!\030C\f#ytS8\344\343\363\334'{_D\033\317[e\006\362\327\344\006-pH\356\0205\271\306\360\002\217\325y\023~\026\3412dc\021u\354\004\353m\225\210\272\030\311w\030I)\031\016\206\345\342'
from 119.78.236.189
Mar 25 16:21:14 Debian-60-squeeze-64-minimal sshd[4015]: Bad protocol version
identification
'\354\035\371^\277\376\323\332{0\016Dd\351\237\356\302\252\275\331\315w\306\343\246m\377@waj\231\374C\236\234\207\210p\363C9}\366\2532xiM\255f\232!\376\335[\363'\b\217!Zp(\314\266\253?'
from 210.73.57.141
Mar 25 13:18:36 Debian-60-squeeze-64-minimal sshd[317]: Bad protocol version
identification
'\301h\355\243\375\2106\005/H\256\001\362\250\365d\333Hd\235\353\322\232\335\003\274\353JB\374\353\263\272>#\337\020\250\376\247\344\\\v\301\336\036\236\t\235\026\273\003/\021C\307\264\2338>E7\341\303'B\246\357\321^\366\200Q\364\234G\374\302\207\3113\016\306\222\244\217\216\216\177\351\212j\325\255;'
from 122.206.34.166
-- System Information:
Debian Release: 6.0.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- Configuration Files:
/etc/logcheck/cracking.d/kernel [Errno 13] Permission denied:
u'/etc/logcheck/cracking.d/kernel'
/etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied:
u'/etc/logcheck/cracking.d/rlogind'
/etc/logcheck/cracking.d/rsh [Errno 13] Permission denied:
u'/etc/logcheck/cracking.d/rsh'
/etc/logcheck/cracking.d/smartd [Errno 13] Permission denied:
u'/etc/logcheck/cracking.d/smartd'
/etc/logcheck/cracking.d/tftpd [Errno 13] Permission denied:
u'/etc/logcheck/cracking.d/tftpd'
/etc/logcheck/cracking.d/uucico [Errno 13] Permission denied:
u'/etc/logcheck/cracking.d/uucico'
/etc/logcheck/ignore.d.paranoid/bind [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/bind'
/etc/logcheck/ignore.d.paranoid/cron [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/cron'
/etc/logcheck/ignore.d.paranoid/incron [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/incron'
/etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/logcheck'
/etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/postfix'
/etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/ppp'
/etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/pureftp'
/etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/qpopper'
/etc/logcheck/ignore.d.paranoid/squid [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/squid'
/etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/ssh'
/etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/stunnel'
/etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/sysklogd'
/etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/telnetd'
/etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/tripwire'
/etc/logcheck/ignore.d.paranoid/usb [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/usb'
/etc/logcheck/ignore.d.server/acpid [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.server/acpid'
/etc/logcheck/ignore.d.server/amandad [Errno 13] Permissio
[Logcheck-devel] Processed: Re: Bug#808429: systemd: Please add logcheck rules
Processing control commands: > reassign -1 logcheck-database Bug #808429 [systemd] systemd: Please add logcheck rules Bug reassigned from package 'systemd' to 'logcheck-database'. No longer marked as found in versions systemd/228-2. Ignoring request to alter fixed versions of bug #808429 to the same values previously set -- 808429: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808429 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 825170
Processing commands for cont...@bugs.debian.org: > tags 825170 + pending Bug #825170 [logcheck] logcheck: Ignore DNSSEC rekeying Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 825170: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825170 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 822165
Processing commands for cont...@bugs.debian.org: > tags 822165 + pending Bug #822165 [logcheck-database] logcheck-database: regex wrong in linux/ignore.d.server/postfix Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 822165: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822165 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 644886
Processing commands for cont...@bugs.debian.org: > tags 644886 + pending Bug #644886 [logcheck-database] logcheck-database: snmpd ruleset needs update Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 644886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644886 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 815755
Processing commands for cont...@bugs.debian.org: > tags 815755 + pending Bug #815755 [logcheck-database] logcheck-database: error in openvpn rules Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 815755: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815755 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 481353
Processing commands for cont...@bugs.debian.org: > tags 481353 + pending Bug #481353 [logcheck] Please add support for logcheck.logfiles.d Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 481353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 799041
Processing commands for cont...@bugs.debian.org: > tags 799041 + pending Bug #799041 [logcheck-database] Updated rules for isc-dhcp-server Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 799041: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799041 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 799304
Processing commands for cont...@bugs.debian.org: > tags 799304 + pending Bug #799304 [logcheck-database] logcheck-database: rule for sshd accepted key rule is obsolete Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 799304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799304 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 703936
Processing commands for cont...@bugs.debian.org: > tags 703936 + pending Bug #703936 [logcheck-database] logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 703936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 780441
Processing commands for cont...@bugs.debian.org: > tags 780441 + pending Bug #780441 [logcheck] logcheck/PAM interaction ignore domain names as user Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 780441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780441 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 775090
Processing commands for cont...@bugs.debian.org: > tags 775090 + pending Bug #775090 [logcheck-database] logcheck-database: Should filter shh preauth disconnect ok messages Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 775090: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775090 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 809605
Processing commands for cont...@bugs.debian.org: > tags 809605 + pending Bug #809605 [logcheck] logcheck: dhclient rules do not match because of [pid] Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 809605: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809605 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassign 816685 to logcheck-database
Processing commands for cont...@bugs.debian.org: > reassign 816685 logcheck-database Bug #816685 [postfix] postfix: logcheck (maybe something else) Bug reassigned from package 'postfix' to 'logcheck-database'. No longer marked as found in versions postfix/3.0.4-5. Ignoring request to alter fixed versions of bug #816685 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 816685: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816685 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Add patch tag
Processing commands for cont...@bugs.debian.org: > tags 481353 +patch Bug #481353 [logcheck] Please add support for logcheck.logfiles.d Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 481353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Fwd: re: logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete
Processing commands for cont...@bugs.debian.org: tags 703936 + patch Bug #703936 [logcheck-database] logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete Added tag(s) patch. thanks Stopping processing here. Please contact me if you need assistance. -- 703936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassigning to the package containing the bug
Processing commands for cont...@bugs.debian.org: reassign 750973 logcheck-database Bug #750973 [cron-apt] /etc/logcheck/ignore.d.server/cron-apt does not match some syslog message format Bug reassigned from package 'cron-apt' to 'logcheck-database'. No longer marked as found in versions cron-apt/0.8.2. Ignoring request to alter fixed versions of bug #750973 to the same values previously set thanks Stopping processing here. Please contact me if you need assistance. -- 750973: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750973 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#744205: marked as done (logcheck-database: rule for dhcp)
Your message dated Fri, 24 Oct 2014 22:52:12 +
with message-id e1xhnio-0006fl...@franck.debian.org
and subject line Bug#744205: fixed in logcheck 1.3.17
has caused the Debian Bug report #744205,
regarding logcheck-database: rule for dhcp
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
744205: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744205
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck-database
Version: 1.3.15
Severity: normal
Dear Maintainer,
isc-dhcp-server startup message now refers to https url:
s{For info, please visit http://www}{For info, please visit https://www}
-- System Information:
Debian Release: 7.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- Configuration Files:
[deleted - my user can't read them, and I didn't run reportbug as root ...]
-- no debconf information
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.17
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 744...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 24 Oct 2014 23:54:14 +0200
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.17
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org
Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read
Closes: 743000 743378 744205 764336
Changes:
logcheck (1.3.17) unstable; urgency=low
.
[ Hannes von Haugwitz ]
* debian/control:
- dropped obsolete Replaces fields
- removed 'deprecated' notice from logtail's short description
- bumped to Standards-Version 3.9.6 (no changes necessary)
* Migrated to dh7 style debian/rules file
* debian/compat:
- bumped to dh compatibility level 9
- updated copyright year to 2014
* debian/README.backports: removed (obsolete)
* src/logcheck:
- changed '#!/bin/bash' to '#!/usr/bin/env bash'
- use '/run/lock/logcheck' instead of '/var/lock/logcheck'
- set VERSION to the current version, thanks to Pascal Wittmann
* ignore.d.workstation/wpasupplicant:
- adjusted 'Group rekeying' rule and ignore 'CTRL-EVENT-SCAN-STARTED'
message (LP: #1325349)
* ignore.d.server/dhcp:
- adjust rule to match new URL (closes: #744205)
* debian/copyright:
- removed obsolete 'fork' notice
* docs/README.Maintainer:
- fixed typo (closes: #764336)
* ignore.d.server/ssh:
- match key fingerprint when using key exchange auth (closes: #743000)
* ignore.d.server/dkim-filter: removed
- package has been removed from debian
.
[ Alberto Gonzalez Iniesta ]
* ignore.d.workstation/kernel:
- fixed reworded Caching mode page message, thanks to Hagen Fuchs for
the patch (closes: #743378)
Checksums-Sha1:
61ac7312506a9fb9a933c245bc324c71aa6fc5d0 1834 logcheck_1.3.17.dsc
adb54e75f8a17e3aff4abb3066122c0dfdde21e3 130956 logcheck_1.3.17.tar.xz
7d7fa098eac52f563f2a0c128379e88ec65c71a3 75482 logcheck_1.3.17_all.deb
468760ac83bcd7ab4151f7af46cf5550e8e34ad5 110672
logcheck-database_1.3.17_all.deb
4768dca652eec641c6065e4039174e2cfc07f62b 60966 logtail_1.3.17_all.deb
Checksums-Sha256:
1213ee55a9730ed6866ddcc915bcfea7d087b5550a0953f9d39dee8ec8785304 1834
logcheck_1.3.17.dsc
c2d3fc323e8c6555e91d956385dbfd0f67b55872ed0f6a7ad8ad2526a9faf03a 130956
logcheck_1.3.17.tar.xz
f190a482f7f0dd5836c0ee391c932fb0d6821f9e267f70743a4178a79de6411b 75482
logcheck_1.3.17_all.deb
[Logcheck-devel] Bug#764336: marked as done (logcheck: small typo: confilcts - conflicts)
Your message dated Fri, 24 Oct 2014 22:52:12 + with message-id e1xhnio-0006fr...@franck.debian.org and subject line Bug#764336: fixed in logcheck 1.3.17 has caused the Debian Bug report #764336, regarding logcheck: small typo: confilcts - conflicts to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 764336: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764336 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.3.16 Severity: minor Tags: patch diff --git a/debian/changelog b/debian/changelog index bb0511a..768302a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2724,7 +2724,7 @@ logcheck (1.2.27) unstable; urgency=low (Closes: #268277) * Remove qmail rules because they have been added to qmail package. * Rule updates for spamd (Closes: #269318) - * Add note about avoiding file name confilcts in README.Maintainer + * Add note about avoiding file name conflicts in README.Maintainer * Add violations ignore for courier-pop3d-ssl (Closes: #269959) * Add anon-proxy rules (Closes: #269310) * Add perdition rules thanks to ja...@silverdream.org (Closes: #270191) diff --git a/docs/README.Maintainer b/docs/README.Maintainer index 6e7dc7c..ddc1790 100644 --- a/docs/README.Maintainer +++ b/docs/README.Maintainer @@ -51,7 +51,7 @@ any files to be parsed. If you are planning on adding rules for your package, please check to see if we have included them first. If we already have rules and you would like to maintain your own, please let us know before you upload -so we can avoid filename confilcts. +so we can avoid filename conflicts. -- Debian Logcheck Team logcheck-devel@lists.alioth.debian.org Thanks. ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.17 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 764...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 24 Oct 2014 23:54:14 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.17 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 743000 743378 744205 764336 Changes: logcheck (1.3.17) unstable; urgency=low . [ Hannes von Haugwitz ] * debian/control: - dropped obsolete Replaces fields - removed 'deprecated' notice from logtail's short description - bumped to Standards-Version 3.9.6 (no changes necessary) * Migrated to dh7 style debian/rules file * debian/compat: - bumped to dh compatibility level 9 - updated copyright year to 2014 * debian/README.backports: removed (obsolete) * src/logcheck: - changed '#!/bin/bash' to '#!/usr/bin/env bash' - use '/run/lock/logcheck' instead of '/var/lock/logcheck' - set VERSION to the current version, thanks to Pascal Wittmann * ignore.d.workstation/wpasupplicant: - adjusted 'Group rekeying' rule and ignore 'CTRL-EVENT-SCAN-STARTED' message (LP: #1325349) * ignore.d.server/dhcp: - adjust rule to match new URL (closes: #744205) * debian/copyright: - removed obsolete 'fork' notice * docs/README.Maintainer: - fixed typo (closes: #764336) * ignore.d.server/ssh: - match key fingerprint when using key exchange auth (closes: #743000) * ignore.d.server/dkim-filter: removed - package has been removed from debian . [ Alberto Gonzalez Iniesta ] * ignore.d.workstation/kernel: - fixed reworded Caching mode page message, thanks to Hagen Fuchs for the patch (closes: #743378) Checksums-Sha1
[Logcheck-devel] Bug#743378: marked as done (workstation.d/kernel: trivial fix for reworded Caching mode page messages)
Your message dated Fri, 24 Oct 2014 22:52:12 +
with message-id e1xhnio-0006ff...@franck.debian.org
and subject line Bug#743378: fixed in logcheck 1.3.17
has caused the Debian Bug report #743378,
regarding workstation.d/kernel: trivial fix for reworded Caching mode page
messages
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
743378: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743378
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck-database
Version: 1.3.16
Severity: normal
Tags: patch
Hello,
Attached you'll find a trivial patch that enables
'ignore.d.workstation/kernel' to capture the recently reworded message
No Caching mode page present (nowadays its present - found).
Thanks,
Hagen
diff --git a/logcheck/ignore.d.workstation/kernel b/logcheck/ignore.d.workstation/kernel
index 53cd1dc..2bc9f80 100644
--- a/logcheck/ignore.d.workstation/kernel
+++ b/logcheck/ignore.d.workstation/kernel
@@ -61,7 +61,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] [[:digit:]]+-byte physical blocks$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] Write Protect is (off|on)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] Mode Sense: [[:xdigit:]]+ [[:xdigit:]]+ [[:xdigit:]]+ [[:xdigit:]]+$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] No Caching mode page present$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] No Caching mode page (present|found)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] Assuming drive cache: write through$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] Spinning up disk\.\.\.\.ready$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:space:]]*sd[a-z]:( sd[a-z][[:digit:]]+)*$
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.17
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 743...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Fri, 24 Oct 2014 23:54:14 +0200
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.17
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org
Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read
Closes: 743000 743378 744205 764336
Changes:
logcheck (1.3.17) unstable; urgency=low
.
[ Hannes von Haugwitz ]
* debian/control:
- dropped obsolete Replaces fields
- removed 'deprecated' notice from logtail's short description
- bumped to Standards-Version 3.9.6 (no changes necessary)
* Migrated to dh7 style debian/rules file
* debian/compat:
- bumped to dh compatibility level 9
- updated copyright year to 2014
* debian/README.backports: removed (obsolete)
* src/logcheck:
- changed '#!/bin/bash' to '#!/usr/bin/env bash'
- use '/run/lock/logcheck' instead of '/var/lock/logcheck'
- set VERSION to the current version, thanks to Pascal Wittmann
* ignore.d.workstation/wpasupplicant:
- adjusted 'Group rekeying' rule and ignore 'CTRL-EVENT-SCAN-STARTED'
message (LP: #1325349)
* ignore.d.server/dhcp:
- adjust rule to match new URL (closes: #744205)
* debian/copyright:
- removed obsolete 'fork' notice
* docs
[Logcheck-devel] Processed: tagging 743000
Processing commands for cont...@bugs.debian.org: #fixed in bf39340 tags 743000 + pending Bug #743000 [logcheck] logcheck: i.d.s/ssh regex doesn't match when using key exchange authentication Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 743000: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743000 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 743378
Processing commands for cont...@bugs.debian.org: tags 743378 - fixed Bug #743378 [logcheck-database] workstation.d/kernel: trivial fix for reworded Caching mode page messages Removed tag(s) fixed. thanks Stopping processing here. Please contact me if you need assistance. -- 743378: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743378 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#748247: logcheck-database: wrong ssmtp ignore regex triggers mail every hour
Processing commands for cont...@bugs.debian.org: reassign 748247 ssmtp Bug #748247 [logcheck-database] logcheck-database: wrong ssmtp ignore regex triggers mail every hour Bug reassigned from package 'logcheck-database' to 'ssmtp'. No longer marked as found in versions logcheck/1.3.16. Ignoring request to alter fixed versions of bug #748247 to the same values previously set thanks Stopping processing here. Please contact me if you need assistance. -- 748247: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748247 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 764336
Processing commands for cont...@bugs.debian.org: #fixed in 0cb3882 tags 764336 + pending Bug #764336 [logcheck] logcheck: small typo: confilcts - conflicts Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 764336: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764336 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#647457: marked as done (logcheck-database: fix qpopper related filter rules)
Your message dated Mon, 27 Jan 2014 16:58:15 +
with message-id 52e69027.5050...@tiger-computing.co.uk
and subject line Re: logcheck-database: fix qpopper related filter rules
has caused the Debian Bug report #647457,
regarding logcheck-database: fix qpopper related filter rules
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
647457: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647457
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck-database
Version: 1.3.13
Severity: normal
Tags: patch
On Debian Squeeze the rules installed with logcheck for the qpopper POP3
service seem to be incomplete and outdated. First line connect from
needs to accept an IP-address after the host name. Also I needed to add
two more rules: one to ignore the message Servicing request when
clients connect, and one to ignore the bogus error message Unable to
open bulletin directory '/var/spool/popbull' when mail is read by
clients.
The version of qpopper installed here is 4.0.9.dfsg-1.2.
Patch attached.
cheers,
David
-- System Information:
Debian Release: 6.0.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: mipsel (mips64)
Kernel: Linux 2.6.39.4-dk1
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
--
GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk.gpg
Fingerprint: B17A DC95 D293 657B 4205 D016 7DEF 5323 C174 7D40
Index: logcheck.ignore/qpopper
===
--- logcheck.ignore.orig/qpopper 2011-11-02 21:58:04.409495461 +0100
+++ logcheck.ignore/qpopper 2011-11-02 21:58:54.757714318 +0100
@@ -1,6 +1,8 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: connect from [._[:alnum:]-]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: connect from [._[:alnum:]-]+ \([.[:digit:]]{7,15}\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \(v[.[:digit:]]+\) POP login by user \[@._[:alnum:]-]+\ at \([._[:alnum:]-]+\) [.[:digit:]]+ \[pop_log.c:244\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \[drac\]: login by [@._[:alnum:]-]+ from host [._[:alnum:]-]+ \([.[:digit:]]+\) \[drac.c:[0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: [@._[:alnum:]-]+ at [._[:alnum:]-]+ \([.[:digit:]]+\): -ERR Message [[:digit:]]+ does not exist. \[pop_send.c:289\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: ([@._[:alnum:]-]+|\(null\)) at [._[:alnum:]-]+ \([.[:digit:]]+\): -ERR Unknown command: \[[:alnum:]]+\. \[pop_get_command.c:152\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \(v[.[:digit:]]+\) Unable to get canonical name of client [.[:digit:]]+: Name or service not known \(-2\) \[pop_init.c:1196\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \(v[.[:digit:]]+\) Servicing request from [^]+ at [.[:digit:]]{7,15} \[pop_init.c:[0-9]+\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: Unable to open bulletin directory '/var/spool/popbull': No such file or directory \(2\) \[pop_bull.c:[0-9]+\]$
pgpVIqx2c3lRF.pgp
Description: PGP signature
---End Message---
---BeginMessage---
Control: user debian-rele...@lists.debian.org
Control: usertag -1 bsp-2014-01-gb-Monmouth
Package qpopper is no longer in the archive, so the rules are no longer
required. They will be removed in a future update to logcheck.
Best regards,
Chris
--
Chris Boot
Tiger Computing Ltd
Linux for Business
Tel: 01600 483 484
Web: http://www.tiger-computing.co.uk
Follow us on Facebook: http://www.facebook.com/TigerComputing
Registered in England. Company number: 3389961
Registered address: Wyastone Business Park,
Wyastone Leys, Monmouth, NP25 3SR---End Message---
___
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed (with 2 errors): Re: Bug#564063: logcheck-database: heartbeat daily informational stats report
Processing control commands: reassign -1 src:heartbeat Bug #564063 [logcheck-database] logcheck-database: heartbeat daily informational stats report Bug reassigned from package 'logcheck-database' to 'src:heartbeat'. No longer marked as found in versions logcheck/1.3.5. Ignoring request to alter fixed versions of bug #564063 to the same values previously set retitle -1 incorporate logcheck snippets Bug #564063 [src:heartbeat] logcheck-database: heartbeat daily informational stats report Changed Bug title to 'incorporate logcheck snippets' from 'logcheck-database: heartbeat daily informational stats report' user debian-rele...@lists.debian.org Unknown command or malformed arguments to command. usertag -1 bsp-2014-01-gb-Monmouth Unknown command or malformed arguments to command. -- 564063: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564063 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed (with 2 errors): Re: Bug#732298: logcheck-database: dhclient diag message changed; updated rule to ignore it
Processing control commands: reassign -1 src:isc-dhcp-client Bug #732298 [logcheck-database] logcheck-database: dhclient diag message changed; updated rule to ignore it Bug reassigned from package 'logcheck-database' to 'src:isc-dhcp-client'. Warning: Unknown package 'src:isc-dhcp-client' Warning: Unknown package 'src:isc-dhcp-client' No longer marked as found in versions logcheck/1.3.15. Warning: Unknown package 'src:isc-dhcp-client' Warning: Unknown package 'src:isc-dhcp-client' Ignoring request to alter fixed versions of bug #732298 to the same values previously set Warning: Unknown package 'src:isc-dhcp-client' retitle -1 incorporate logcheck snippets Bug #732298 [src:isc-dhcp-client] logcheck-database: dhclient diag message changed; updated rule to ignore it Warning: Unknown package 'src:isc-dhcp-client' Changed Bug title to 'incorporate logcheck snippets' from 'logcheck-database: dhclient diag message changed; updated rule to ignore it' Warning: Unknown package 'src:isc-dhcp-client' user debian-rele...@lists.debian.org Unknown command or malformed arguments to command. usertag -1 bsp-2014-01-gb-Monmouth Unknown command or malformed arguments to command. -- 732298: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732298 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#732771: ignore subversion message DIGEST-MD5 common mech free
Processing control commands: reassign -1 libsasl2-modules Bug #732771 [logcheck-database] ignore subversion message DIGEST-MD5 common mech free Bug reassigned from package 'logcheck-database' to 'libsasl2-modules'. No longer marked as found in versions logcheck/1.3.15. Ignoring request to alter fixed versions of bug #732771 to the same values previously set retitle -1 incorporate logcheck snippets Bug #732771 [libsasl2-modules] ignore subversion message DIGEST-MD5 common mech free Changed Bug title to 'incorporate logcheck snippets' from 'ignore subversion message DIGEST-MD5 common mech free' -- 732771: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732771 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#580260: marked as done (logcheck-database: dkim-filter needs tweak)
Your message dated Mon, 27 Jan 2014 18:15:59 +
with message-id 52e6a25f.2010...@tiger-computing.co.uk
and subject line Re: logcheck-database: dkim-filter needs tweak
has caused the Debian Bug report #580260,
regarding logcheck-database: dkim-filter needs tweak
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
580260: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580260
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck-database
Version: 1.3.8
11 hex digits, and no
diff -ur logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter
logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter
--- logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter
2008-05-22 04:20:58.0 -0400
+++ logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter 2010-05-04
16:32:31.0 -0400
@@ -1,2 +1,2 @@
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dkim-filter\[[[:digit:]]+\]:
[[:xdigit:]]{10} SSL error:04077068:rsa routines:RSA_verify:bad signature$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dkim-filter\[[[:digit:]]+\]:
[[:xdigit:]]{10}: bad signature data$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dkim-filter\[[[:digit:]]+\]:
[[:xdigit:]]{11} SSL error:04077068:rsa routines:RSA_verify:bad signature$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dkim-filter\[[[:digit:]]+\]:
[[:xdigit:]]{11}: (no|bad) signature data$
---End Message---
---BeginMessage---
Package src:dkim-milter (which produced dkim-filter) is no longer in the
archive, so the rules are no longer required. They will be removed in a
future update to logcheck.
Best regards,
Chris
--
Chris Boot
Tiger Computing Ltd
Linux for Business
Tel: 01600 483 484
Web: http://www.tiger-computing.co.uk
Follow us on Facebook: http://www.facebook.com/TigerComputing
Registered in England. Company number: 3389961
Registered address: Wyastone Business Park,
Wyastone Leys, Monmouth, NP25 3SR---End Message---
___
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#653444: marked as done (Some rules in ignore.d.server/smartd lacks optinal [SAT] mark)
Your message dated Sun, 26 Jan 2014 19:03:37 +
with message-id e1w7uzz-00022w...@franck.debian.org
and subject line Bug#653444: fixed in logcheck 1.3.16
has caused the Debian Bug report #653444,
regarding Some rules in ignore.d.server/smartd lacks optinal [SAT] mark
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
653444: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653444
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck-database
Version: 1.3.13
Tags: patch
Fixed ones:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Device:
/dev/[^[:space:]]+( \[[_/[:alnum:][:space:]]+\])?( \[SAT\])?, SMART
(Prefailure|Usage) Attribute: [[:digit:]]+ [_[:alnum:]]+ changed from
[[:digit:]]+( \[Raw [[:digit:]]+\])? to [[:digit:]]+( \[Raw [[:digit:]]+\])?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Device:
/dev/[^[:space:]]+( \[[_/[:alnum:][:space:]]+\])?( \[SAT\])?, starting
scheduled (Offline Immediate |(Long|Short) Self-)Test\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Device:
/dev/[^[:space:]]+( \[[_/[:alnum:][:space:]]+\])?( \[SAT\])?, previous
self-test completed without error$
Example entires from syslog:
Dec 28 08:36:22 censored smartd[10775]: Device: /dev/sda [megaraid_disk_00]
[SAT], SMART Usage Attribute: 194 Temperature_Celsius changed from 206 to 200
Dec 28 01:06:22 censored smartd[10775]: Device: /dev/sda [megaraid_disk_00]
[SAT], starting scheduled Short Self-Test.
Dec 28 01:36:22 censored smartd[10775]: Device: /dev/sda [megaraid_disk_00]
[SAT], previous self-test completed without error
Dec 28 02:36:22 censored smartd[10775]: Device: /dev/sda [megaraid_disk_01]
[SAT], SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 100 to 99
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.16
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 653...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Jan 2014 17:43:32 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.16
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org
Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read (deprecated)
Closes: 645588 653444 706085 717247 722312
Changes:
logcheck (1.3.16) unstable; urgency=low
.
* ignore.d.server/ssh:
- updated subsystem request for sftp rule (closes: #706085)
* debian/control:
- removed obsolete DM-Upload-Allowed field
- build-depend on debhelper (= 9)
- bumped to Standards-Version 3.9.5 (no changes necessary)
* ignore.d.server/smartd:
- allow additional '[SAT]' field after controller pattern
(closes: #653444)
* ignore.d.server/exim4:
- removed 'gluck.debian.org' specific rule (closes: #722312)
* debian/logcheck-database.postinst, debian/logcheck.postinst:
- applied patches by Loïc Minier (closes: #645588):
- add logcheck alias on install not on upgrade
- use [ -z ... ] rather than [ ! -n ... ]
- fix indentation and whitespaces in postinsts
- merge two tests into a single lt-nl comparison
* ignore.d.server/cron-apt:
- allow '-o quiet=1' in dist-upgrade rule (closes: #717247)
* debian/logcheck-database.maintscript: added
debian/logcheck-database.preinst: removed
- use dpkg-maintscript-helper to remove obsolete config files
- dropped handling of config files removed before squeeze release
* ignore.d.server/puppetd: removed
- rules are part of puppet-common package
Checksums-Sha1:
67fd6f01c426ca62c2d132da32916cdd298f319d 1828
[Logcheck-devel] Bug#645588: marked as done (Shouldn't recreate alias on upgrades)
Your message dated Sun, 26 Jan 2014 19:03:37 +
with message-id e1w7uzz-00022o...@franck.debian.org
and subject line Bug#645588: fixed in logcheck 1.3.16
has caused the Debian Bug report #645588,
regarding Shouldn't recreate alias on upgrades
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
645588: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645588
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck
Version: 1.3.14
Severity: normal
Tags: patch
Hi
I don't want the logcheck email alias because I configure logcheck to
send email to a different address, but it keeps getting re-added on
upgrades.
I've prepared a patch to only add the alias on install, not on
upgrades, but I've noticed some small issues with the rest of the
postinst (tests which could be simplified and tabs with different size
expectations depending on the code block you're looking at), so I'm
attaching a series of patches on top of current git to fix these.
Thanks,
--
Loïc Minier
From 0bb0adbaa4e2a84ad16b1871efa729cfd90eff2a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Minier?= l...@debian.org
Date: Mon, 17 Oct 2011 09:22:36 +0200
Subject: [PATCH 1/4] Add logcheck alias on install not on upgrade
---
debian/logcheck.postinst | 14 --
1 files changed, 8 insertions(+), 6 deletions(-)
diff --git a/debian/logcheck.postinst b/debian/logcheck.postinst
index 849ad98..7032323 100644
--- a/debian/logcheck.postinst
+++ b/debian/logcheck.postinst
@@ -47,13 +47,15 @@ case $1 in
adduser --quiet logcheck adm || true
fi
- # add logcheck to /etc/aliases
- if [ -f /etc/aliases ] || [ -L /etc/aliases ]; then
-if ! grep -qi ^logcheck[[:space:]]*: /etc/aliases; then
- echo logcheck: root /etc/aliases
- test -x $(command -v newaliases) newaliases || :
+ # add logcheck to /etc/aliases on install; not on upgrade
+ if [ -z $2 ]; then
+if [ -f /etc/aliases ] || [ -L /etc/aliases ]; then
+ if ! grep -qi ^logcheck[[:space:]]*: /etc/aliases; then
+echo logcheck: root /etc/aliases
+test -x $(command -v newaliases) newaliases || :
+ fi
fi
- fi
+ fi
# give logcheck system user a real name unless it has one.
if [ -z $(getent passwd logcheck | cut -d: -f5) ]; then
--
1.7.5.4
From d2e57486d3197297388494ed210e90b68d8fe23b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Minier?= l...@debian.org
Date: Mon, 17 Oct 2011 09:23:15 +0200
Subject: [PATCH 2/4] Use [ -z ... ] rather than [ ! -n ... ]
---
debian/logcheck.postinst |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/debian/logcheck.postinst b/debian/logcheck.postinst
index 7032323..d3dfbfc 100644
--- a/debian/logcheck.postinst
+++ b/debian/logcheck.postinst
@@ -63,7 +63,7 @@ case $1 in
fi
# Add logcheck mail header on install
-if [ ! -n $2 ] [ ! -f /etc/logcheck/header.txt ]; then
+if [ -z $2 ] [ ! -f /etc/logcheck/header.txt ]; then
cp -p /usr/share/logcheck/header.txt /etc/logcheck
fi
@@ -72,7 +72,7 @@ case $1 in
chgrp -R logcheck /etc/logcheck || true
# Set Permissions on install, not upgrade
- if [ ! -n $2 ]; then
+ if [ -z $2 ]; then
chmod 2750 /etc/logcheck/ignore.d.paranoid || true
chmod 2750 /etc/logcheck/ignore.d.workstation || true
chmod 2750 /etc/logcheck/ignore.d.server || true
--
1.7.5.4
From 11a96a81ec8bade1d4855495611452552cdfbe67 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lo=C3=AFc=20Minier?= l...@debian.org
Date: Mon, 17 Oct 2011 09:28:49 +0200
Subject: [PATCH 3/4] Fix indentation and whitespaces in postinsts
Also, call : in empty case statements.
---
debian/logcheck-database.postinst | 60
debian/logcheck.postinst | 138 ++--
2 files changed, 99 insertions(+), 99 deletions(-)
diff --git a/debian/logcheck-database.postinst b/debian/logcheck-database.postinst
index 4ff4888..c8f5337 100644
--- a/debian/logcheck-database.postinst
+++ b/debian/logcheck-database.postinst
@@ -29,39 +29,39 @@ set -e
confdir=/etc/logcheck
case $1 in
-configure)
- # Remove old sarge mv logcheck-data configfiles if unchanged
- if [ -n $2 ] dpkg --compare-versions $2 lt 1.2.48; then
- proftpd_sum=$(sha1sum '/etc/logcheck/ignore.d.paranoid/proftpd' 2/dev/null \
- | awk '{print $1}')
- imap_sum=$(sha1sum '/etc/logcheck/ignore.d.paranoid/imap' 2/dev/null \
- | awk '{print $1}')
- anacron_sum=$(sha1sum '/etc/logcheck/ignore.d.workstation/anacron' 2/dev/null \
- | awk '{print $1
[Logcheck-devel] Bug#722312: marked as done (exim4 rulefile contains match for gluck.debian.org)
Your message dated Sun, 26 Jan 2014 19:03:37 +
with message-id e1w7uzz-00023i...@franck.debian.org
and subject line Bug#722312: fixed in logcheck 1.3.16
has caused the Debian Bug report #722312,
regarding exim4 rulefile contains match for gluck.debian.org
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
722312: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722312
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck-database
Version: 1.3.15
Severity: minor
Hi,
The final line of rulefiles/linux/ignore.d.server/exim4 contains a rule
matching only on gluck.debian.org. That seems maybe too specific for a
general purpose package and may also be obsolete.
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ SMTP error from remote mailer after
initial connection: host [._[:alnum:]-]+ \[[.0-9]{7,15}\]: 421
gluck.debian.org: Too many concurrent SMTP connections; please try
again later\.$
Cheers,
Thijs
-- System Information:
Debian Release: 7.1
APT prefers stable
APT policy: (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.16
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 722...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Jan 2014 17:43:32 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.16
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org
Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read (deprecated)
Closes: 645588 653444 706085 717247 722312
Changes:
logcheck (1.3.16) unstable; urgency=low
.
* ignore.d.server/ssh:
- updated subsystem request for sftp rule (closes: #706085)
* debian/control:
- removed obsolete DM-Upload-Allowed field
- build-depend on debhelper (= 9)
- bumped to Standards-Version 3.9.5 (no changes necessary)
* ignore.d.server/smartd:
- allow additional '[SAT]' field after controller pattern
(closes: #653444)
* ignore.d.server/exim4:
- removed 'gluck.debian.org' specific rule (closes: #722312)
* debian/logcheck-database.postinst, debian/logcheck.postinst:
- applied patches by Loïc Minier (closes: #645588):
- add logcheck alias on install not on upgrade
- use [ -z ... ] rather than [ ! -n ... ]
- fix indentation and whitespaces in postinsts
- merge two tests into a single lt-nl comparison
* ignore.d.server/cron-apt:
- allow '-o quiet=1' in dist-upgrade rule (closes: #717247)
* debian/logcheck-database.maintscript: added
debian/logcheck-database.preinst: removed
- use dpkg-maintscript-helper to remove obsolete config files
- dropped handling of config files removed before squeeze release
* ignore.d.server/puppetd: removed
- rules are part of puppet-common package
Checksums-Sha1:
67fd6f01c426ca62c2d132da32916cdd298f319d 1828 logcheck_1.3.16.dsc
27892a6abf3822d285efbb26f935d80762134679 131832 logcheck_1.3.16.tar.xz
dcb358c06b51a54aa8a2b896a3fa1beee6b875ba 75992 logcheck_1.3.16_all.deb
aa6c1d5714732236dfd8ad3988a9a7248b54dd16 111388
logcheck-database_1.3.16_all.deb
e93b57bbc066224c73191b223c55d0fad330c047 61052 logtail_1.3.16_all.deb
Checksums-Sha256:
ed6f07c5e86b2beb8ca3cec7c3ebfe40d3539697d639035dad452bb1df08ab2a 1828
logcheck_1.3.16.dsc
3eea6f4d25b5cba59d30b8edd35e392389b8e4966d0aceac11c220e98426b8e6 131832
logcheck_1.3.16.tar.xz
[Logcheck-devel] Bug#717247: marked as done (cron-apt: addition of -o quiet does not match logcheck rules)
Your message dated Sun, 26 Jan 2014 19:03:37 +
with message-id e1w7uzz-00023c...@franck.debian.org
and subject line Bug#717247: fixed in logcheck 1.3.16
has caused the Debian Bug report #717247,
regarding cron-apt: addition of -o quiet does not match logcheck rules
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
717247: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717247
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: cron-apt
Version: 0.9.1
Severity: normal
Tags: patch
cron-apt apparently now uses -o quiet=1, but the logcheck rule was
not updated to match. the following adjustment is needed:
--- a/logcheck/ignore.d.server/cron-apt 2012-06-30 10:52:33.0 -0400
+++ b/logcheck/ignore.d.server/cron-apt 2013-07-18 06:51:02.0 -0400
@@ -5,6 +5,6 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT ACTION:
(0-update|3-download)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT LINE:
(/usr/bin/apt-get )?autoclean -y$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT LINE:
(/usr/bin/apt-get )?dist-upgrade -d -y -o APT::Get::Show-Upgraded=true$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT LINE:
(/usr/bin/apt-get )?-o quiet=1 dist-upgrade -d -y -o
APT::Get::Show-Upgraded=true$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT LINE:
(/usr/bin/apt-get )?update -o quiet=2$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT RUN
\[[-[:alnum:]/]+\]: \w{3} \w{3} [ [:digit:]]+ [:[:digit:]]{8} \w{3,4}
[[:digit:]]{4}$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT SLEEP:
[[:digit:]]+, \w{3} \w{3} [ [:digit:]]+ [:[:digit:]]{8} \w{3,4} [[:digit:]]{4}$
Regards,
--dkg
-- System Information:
Debian Release: 7.1
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages cron-apt depends on:
ii apt 0.9.7.9
Versions of packages cron-apt recommends:
ii bsd-mailx [mailx] 8.1.2-0.2006cvs-1
ii cron 3.0pl1-124
ii liblockfile1 1.09-5
cron-apt suggests no packages.
-- no debconf information
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.16
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 717...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Sun, 26 Jan 2014 17:43:32 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.16
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org
Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read (deprecated)
Closes: 645588 653444 706085 717247 722312
Changes:
logcheck (1.3.16) unstable; urgency=low
.
* ignore.d.server/ssh:
- updated subsystem request for sftp rule (closes: #706085)
* debian/control:
- removed obsolete DM-Upload-Allowed field
- build-depend on debhelper (= 9)
- bumped to Standards-Version 3.9.5 (no changes necessary)
* ignore.d.server/smartd:
- allow additional '[SAT]' field after controller pattern
(closes: #653444)
* ignore.d.server/exim4:
- removed 'gluck.debian.org' specific rule (closes: #722312)
* debian/logcheck-database.postinst, debian/logcheck.postinst:
- applied patches by Loïc Minier (closes: #645588):
- add logcheck alias on install not on upgrade
- use [ -z ... ] rather than [ ! -n ... ]
- fix indentation and whitespaces in postinsts
- merge two
[Logcheck-devel] Bug#590682: marked as done ([logcheck-database] rules for puppetd)
Your message dated Wed, 25 Dec 2013 11:37:15 +0100
with message-id 20131225103713.ga18...@carbon.vonhaugwitz.com
and subject line Re: Bug#590682: [logcheck-database] rules for puppetd
has caused the Debian Bug report #590682,
regarding [logcheck-database] rules for puppetd
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
590682: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590682
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck-database
Severity: wishlist
Tags: patch
Hi,
some more rules for puppetd:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Caching
configuration at [\/._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Calling
puppetmaster.getconfig$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Caught
(TERM|INT); shutting down$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]:
\(/File\[/var/lib/puppet/lib\]/checksum\) checksum changed
'{mtime}\w{3} \w{3} [ :0-9]{11} \+[ 0-9]{9}' to '{mtime}\w{3} \w{3}
[ :0-9]{11} \+[ 0-9]{9}'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Finished catalog
run in [.0-9]+ seconds$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Finished
configuration run in [.0-9]+ seconds$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: getting config$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Ignoring cache$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Ignoring --listen
on onetime run$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Loaded state in
[.0-9]+ seconds$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Loading fact .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Other end went
away; restarting connection and retrying$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Restarting
with .*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Retrieved
configuration in [.0-9]+ seconds$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Retrieving
plugins$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Shutting down$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Starting catalog
run$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Starting
configuration run$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Starting Puppet
client version [.0-9]+$
Hendrik
--
Hendrik Jaeger
Linux Systemadministrator
Init Seven AG
Elias-Canetti-Strasse 7
CH-8050 Zürich
phone: +41 44 315 44 00
fax: +41 44 315 44 01
http://www.init7.net/
signature.asc
Description: PGP signature
---End Message---
---BeginMessage---
On Wed, Jul 28, 2010 at 02:23:42PM +0200, Hendrik Jaeger wrote:
some more rules for puppetd:
The rules for puppet are included in the puppet-common binary package
and maintained in the puppet source package.
Most of your rules are already included in the puppet-common rules file,
hence I close this bug report now.
If there are still missing rules, please fill a new bug report against
the puppet-common package.
Best regards
Hannes---End Message---
___
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: your mail
Processing commands for cont...@bugs.debian.org: reassign 732655 logcheck Bug #732655 [dnsmasq] dnsmasq: logcheck doesnt match on eth1.2 style interfaces Bug reassigned from package 'dnsmasq' to 'logcheck'. No longer marked as found in versions dnsmasq/2.68-1. Ignoring request to alter fixed versions of bug #732655 to the same values previously set End of message, stopping processing here. Please contact me if you need assistance. -- 732655: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732655 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 722312
Processing commands for cont...@bugs.debian.org: #fixed in 0c5e0a0 tags 722312 + pending Bug #722312 [logcheck-database] exim4 rulefile contains match for gluck.debian.org Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 722312: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722312 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 653444
Processing commands for cont...@bugs.debian.org: #fixed in 83ac233 tags 653444 + pending Bug #653444 [logcheck-database] Some rules in ignore.d.server/smartd lacks optinal [SAT] mark Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 653444: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653444 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassign 717247 to logcheck-database
Processing commands for cont...@bugs.debian.org: reassign 717247 logcheck-database 1.3.15 Bug #717247 [cron-apt] cron-apt: addition of -o quiet does not match logcheck rules Bug reassigned from package 'cron-apt' to 'logcheck-database'. No longer marked as found in versions cron-apt/0.9.1. Ignoring request to alter fixed versions of bug #717247 to the same values previously set Bug #717247 [logcheck-database] cron-apt: addition of -o quiet does not match logcheck rules Marked as found in versions logcheck/1.3.15. thanks Stopping processing here. Please contact me if you need assistance. -- 717247: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717247 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#712941: logcheck-database: logcheck triggers a fatal error in egrep
Processing commands for cont...@bugs.debian.org: tags 712941 unreproducible moreinfo Bug #712941 [logcheck-database] logcheck-database: logcheck triggers a fatal error in egrep Added tag(s) unreproducible and moreinfo. thanks Stopping processing here. Please contact me if you need assistance. -- 712941: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712941 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassign 712785 to logcheck-database
Processing commands for cont...@bugs.debian.org: reassign 712785 logcheck-database 1.3.15 Bug #712785 [logcheck] logcheck: SSH subsystem request rule incomplete Bug reassigned from package 'logcheck' to 'logcheck-database'. No longer marked as found in versions logcheck/1.3.15. Ignoring request to alter fixed versions of bug #712785 to the same values previously set Bug #712785 [logcheck-database] logcheck: SSH subsystem request rule incomplete Marked as found in versions logcheck/1.3.15. thanks Stopping processing here. Please contact me if you need assistance. -- 712785: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712785 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: change e-mail address in Debian bugs
Processing commands for cont...@bugs.debian.org: submitter 695075 ! Bug #695075 [logcheck-database] logcheck-database: new filter rules for nfs (for Wheezy) Changed Bug submitter to 'Paul Muster p...@muster.net' from 'Paul Muster p...@muster.dyndns.info' submitter 702116 ! Bug #702116 [exim4-daemon-heavy] exim4-daemon-heavy: resolv.conf not respected when connecting to LDAP server Changed Bug submitter to 'Paul Muster p...@muster.net' from 'Paul Muster p...@muster.dyndns.info' submitter 687990 ! Bug #687990 [logcheck-database] logcheck-database: bind: updating zone...PTR and signer...approved Changed Bug submitter to 'Paul Muster p...@muster.net' from 'Paul Muster p...@muster.dyndns.info' submitter 698531 ! Bug #698531 [src:linux] xhci_hcd fails to set up USB devices on NEC uPD720200 Changed Bug submitter to 'Paul Muster p...@muster.net' from 'Paul Muster p...@muster.dyndns.info' submitter 688048 ! Bug #688048 [bind9] Subject: bind9: logs different for adding and deleting RR Changed Bug submitter to 'Paul Muster p...@muster.net' from 'Paul Muster p...@muster.dyndns.info' thanks Stopping processing here. Please contact me if you need assistance. -- 687990: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687990 688048: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688048 695075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695075 698531: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698531 702116: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702116 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: change e-mail address in Debian bugs
Processing commands for cont...@bugs.debian.org: submitter 688339 ! Bug #688339 [logcheck-database] logcheck-database: dhcp: match IPv6-aware records, too Changed Bug submitter to 'Paul Muster p...@muster.net' from 'Paul Muster p...@muster.dyndns.info' thanks Stopping processing here. Please contact me if you need assistance. -- 688339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688339 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 706085
Processing commands for cont...@bugs.debian.org: #fixed in bfa2699 tags 706085 + pending Bug #706085 [logcheck-database] logcheck-database: update ssh rules for new subsystem request for sftp messages Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 706085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706085 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#656314: marked as done (logcheck.logfiles * pattern does not work)
Your message dated Sat, 4 May 2013 07:53:33 +0200 with message-id 20130504055333.ga22...@carbon.vonhaugwitz.com and subject line Re: Bug#656314: Debian Bug report logs - #656314, logcheck.logfiles * pattern does not work has caused the Debian Bug report #656314, regarding logcheck.logfiles * pattern does not work to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 656314: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656314 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.3.13 Severity: important Lenny, /usr/sbin/logcheck: if [ ! $LOGFILE ] [ -r $LOGFILES_LIST ]; then for file in $(egrep --text -v (^#|^[[:space:]]*$) $LOGFILES_LIST); do logoutput $file done Squeeze, /usr/sbin/logcheck: if [ ! $LOGFILE ] [ -r $LOGFILES_LIST ]; then egrep --text -v (^#|^[[:space:]]*$) $LOGFILES_LIST | while read file; do logoutput $file done Therefore does not work the * pattern in /etc/logcheck/logcheck.logfiles: /var/log/MACHINE/*/syslog -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=hu_HU.utf8, LC_CTYPE=hu_HU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages logcheck depends on: ii adduser 3.112+nmu2 add and remove users and groups ii cron3.0pl1-116 process scheduling daemon ii lockfile-progs 0.1.15 Programs for locking and unlocking ii logtail 1.3.13 Print log file lines that have not ii mime-construct 1.11 construct/send MIME messages from ii postfix [mail-transport 2.7.1-1+squeeze1 High-performance mail transport ag ii syslog-ng [system-log-d 3.1.3-3 Next generation logging daemon Versions of packages logcheck recommends: ii logcheck-database 1.3.13 database of system log rules for t Versions of packages logcheck suggests: pn syslog-summarynone (no description available) -- Configuration Files: /etc/logcheck/logcheck.conf [Errno 13] Engedély megtagadva: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Engedély megtagadva: u'/etc/logcheck/logcheck.logfiles' -- no debconf information ---End Message--- ---BeginMessage--- Version: 1.3.14 On Thu, Aug 02, 2012 at 07:00:07PM -0700, Kevin Ross wrote: I believe this is fixed in 1.3.14. Yes, it is. So I close this bug as fixed in 1.3.14. Best regards Hannes---End Message--- ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#688339: Acknowledgement (logcheck-database: dhcp: match IPv6-aware records, too)
Processing commands for cont...@bugs.debian.org: reassign 688339 logcheck-database 1.3.15 Bug #688339 [logcheck] logcheck-database: dhcp: match IPv6-aware records, too Bug reassigned from package 'logcheck' to 'logcheck-database'. No longer marked as found in versions logcheck/1.3.13. Ignoring request to alter fixed versions of bug #688339 to the same values previously set Bug #688339 [logcheck-database] logcheck-database: dhcp: match IPv6-aware records, too Marked as found in versions logcheck/1.3.15. thanks Stopping processing here. Please contact me if you need assistance. -- 688339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688339 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#652148: marked as done (Please add rules for dropbear)
Your message dated Sat, 30 Jun 2012 16:38:37 + with message-id e1sl0gv-su...@franck.debian.org and subject line Bug#652148: fixed in logcheck 1.3.15 has caused the Debian Bug report #652148, regarding Please add rules for dropbear to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 652148: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652148 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.2.69 dropbear is a lightweight ssh server which can be installed in place of openssh-server. Log entries for dropbear are not currently filtered by logcheck resulting in a System Events email for each and every ssh login as below: This email is sent by logcheck. If you no longer wish to receive such mails, you can either deinstall the logcheck package or modify its configuration file (/etc/logcheck/logcheck.conf). System Events =-=-=-=-=-=-= Dec 15 07:48:24 captain dropbear[20011]: Child connection from :::82.125.214.201:55874 Dec 15 07:48:27 captain dropbear[20011]: pubkey auth succeeded for 'user' with key md5 68:07:18:0a:d8:4a:8b:61:2d:a6:15:94:1e:cb:b9:85 from +:::82.125.214.201:55874 Dec 15 07:49:32 captain dropbear[20011]: exit after auth (user): Exited normally The above is from an install of logcheck 1.2.69 and dropbear 0.51-1 on an installation of lenny. I have looked at the package files in wheezy for logcheck (1.3.14) and it appears dropbear remains unaccounted for (although note that dropbear is now at 0.52). I have not yet attempted to create a ruleset to filter the above however if a fix is proposed then I will happily test it. Thanks. ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.15 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.15_all.deb to main/l/logcheck/logcheck-database_1.3.15_all.deb logcheck_1.3.15.dsc to main/l/logcheck/logcheck_1.3.15.dsc logcheck_1.3.15.tar.gz to main/l/logcheck/logcheck_1.3.15.tar.gz logcheck_1.3.15_all.deb to main/l/logcheck/logcheck_1.3.15_all.deb logtail_1.3.15_all.deb to main/l/logcheck/logtail_1.3.15_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 652...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 30 Jun 2012 16:24:49 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.15 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read (deprecated) Closes: 647622 647943 652148 Changes: logcheck (1.3.15) unstable; urgency=low . [ Hannes von Haugwitz ] * ignore.d.server/dropbear: new - ignore successful logins (closes: #652148) * src/logcheck: - fixed broken '-t' option, thanks to Jon Daley (closes: #647622, LP: #1010431) * debian/control: - bumped to Standards-Version 3.9.3 (no changes necessary) - adjusted URLs of Vcs-* fields * debian/copyright: - updated copyright year to 2012 . [ Frédéric Brière ] * ignore.d.server/postfix: - ignore offered null AUTH mechanism list - ignore lost connection while receiving the initial server greeting - fixed lost connection while sending end of data rule * ignore.d.server/proftpd: - ignore authentication failure even if ruser is provided * ignore.d.server/ssh: - ignore PAM $n more authentication failures - ignore Too many authentication failures - ignore Closed due to user request. (closes: #647943) - ignore Bye Bye - ignore Connection closed - ignore yet one more variation of invalid user - updated Postponed ... rule with [preauth] suffix - updated Postponed
[Logcheck-devel] Bug#661912: marked as done (logcheck: files with period in ignore rule dirs ignored)
Your message dated Fri, 9 Mar 2012 13:21:21 +0100 with message-id 20120309122121.ga7...@anguilla.debian.or.at and subject line Re: Bug#661912: logcheck: files with period in ignore rule dirs ignored has caused the Debian Bug report #661912, regarding logcheck: files with period in ignore rule dirs ignored to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 661912: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661912 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.3.14 Severity: normal I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run. Renaming it to local-rules got the file used during the next run. Fix: periods should be allowed in filenames, or the fact that they are forbidden expressly documented inteh logcheck README. Thanks Nils -- System Information: Debian Release: wheezy/sid APT prefers oneiric-updates APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric'), (100, 'oneiric-backports') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-16-generic (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages logcheck depends on: ii adduser3.112+nmu1ubuntu5 add and remove users and groups ii cron 3.0pl1-116ubuntu3 process scheduling daemon ii exim4-daemon-light [ma 4.76-2ubuntu1 lightweight Exim MTA (v4) daemon ii lockfile-progs 0.1.15ubuntu1 Programs for locking and unlocking ii logtail1.3.14Print log file lines that have not ii mime-construct 1.11 construct/send MIME messages from ii rsyslog [system-log-da 5.8.1-1ubuntu2reliable system and kernel logging Versions of packages logcheck recommends: ii logcheck-database 1.3.14 database of system log rules for t Versions of packages logcheck suggests: ii syslog-summary1.14-2 summarize the contents of a syslog -- Configuration Files: /etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles' -- no debconf information ---End Message--- ---BeginMessage--- Dear nils! * nils secun...@gmail.com [2012-03-02 15:24:13 CET]: I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run. This is expected behavior, and documented: , README.logcheck-database | FILES WITHIN EACH DIRECTORY | === | | Each of the rules-directories can contain pattern files of the | following kinds: | | ./packagename | | The rule filename must only contain characters compatible with | run-parts(8). As of this writing, this includes alphanumeric characters, | underscore, and hyphen. ` README.logcheck-database You can find the documentation of the package below the /usr/share/doc/logcheck-database directory (as referenced by README.logcheck of the logcheck package itself under the term RULES DIRECTORIES). Thanks, Rhonda -- Fühlst du dich mutlos, fass endlich Mut, los | Fühlst du dich hilflos, geh raus und hilf, los| Wir sind Helden Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang Fühlst du dich haltlos, such Halt und lass los| ---End Message--- ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassign 617232 to logcheck-database, reassign 621373 to logcheck-database ...
Processing commands for cont...@bugs.debian.org: reassign 617232 logcheck-database Bug #617232 [logcheck] logcheck: ignore regexes match ipv4 addresses only, causing false positives with ipv6 addresses. Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.3.13. reassign 621373 logcheck-database Bug #621373 [logcheck] avahi-daemon rule Bug reassigned from package 'logcheck' to 'logcheck-database'. reassign 652537 logcheck-database Bug #652537 [logcheck] Please add rule for inetutils-syslogd Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.2.69. reassign 652538 logcheck-database Bug #652538 [logcheck] Please add rule for log2mail Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.2.69. reassign 608574 logcheck-database Bug #608574 [logcheck] [PATCH] updated rules for dnsmasq Bug reassigned from package 'logcheck' to 'logcheck-database'. reassign 644154 logcheck-database Bug #644154 [logcheck] Untrusted connections for opportunistic TLS Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions 1.3.14. reassign 554828 logcheck-database Bug #554828 [logcheck] logcheck: Please include rules for amd (automount daemon from am-utils package) Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.3.3. reassign 592365 logcheck-database Bug #592365 [logcheck] logcheck: ignore rules for transmission-daemon Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.3.10. reassign 632825 logcheck-database Bug #632825 [logcheck] logcheck: New ignore rule for arpwatch Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.3.13. reassign 644583 logcheck-database Bug #644583 [logcheck] postfix smtpd_client_port_logging and smtpd_tls_wrappermode errors Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.3.14. reassign 652148 logcheck-database Bug #652148 [logcheck] Please add rules for dropbear Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.2.69. thanks Stopping processing here. Please contact me if you need assistance. -- 652148: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652148 632825: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632825 644154: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644154 554828: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554828 617232: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617232 652538: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652538 644583: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644583 592365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592365 621373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621373 652537: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652537 608574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608574 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#652148: Please add rules for dropbear
Processing commands for cont...@bugs.debian.org: # fixed in 20a68db tags 652148 + pending Bug #652148 [logcheck] Please add rules for dropbear Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 652148: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652148 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#648146: ignore.d.server/ssh is too aggressive
Processing commands for cont...@bugs.debian.org: reassign 648146 logcheck-database 1.3.13 Bug #648146 [logcheck-database-1.3.13] ignore.d.server/ssh is too aggressive Warning: Unknown package 'logcheck-database-1.3.13' Bug reassigned from package 'logcheck-database-1.3.13' to 'logcheck-database'. Bug No longer marked as found in versions squeeze. Bug #648146 [logcheck-database] ignore.d.server/ssh is too aggressive Bug Marked as found in versions logcheck/1.3.13. thanks Stopping processing here. Please contact me if you need assistance. -- 648146: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648146 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassign 642269 to bcfg2-server
Processing commands for cont...@bugs.debian.org: # ignore.d.server/bcfg2-server belongs to bcfg2-server reassign 642269 bcfg2-server Bug #642269 [logcheck-database] logcheck-database: bcfg2-server regular expression correction Bug reassigned from package 'logcheck-database' to 'bcfg2-server'. Bug No longer marked as found in versions 1.3.13. thanks Stopping processing here. Please contact me if you need assistance. -- 642269: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642269 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#618411: marked as done (logcheck-database: Fails to filter messages from pam-gkr at workstation level)
Your message dated Thu, 08 Sep 2011 14:48:50 +
with message-id e1r1fum-0008rb...@franck.debian.org
and subject line Bug#618411: fixed in logcheck 1.3.14
has caused the Debian Bug report #618411,
regarding logcheck-database: Fails to filter messages from pam-gkr at
workstation level
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
618411: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618411
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck-database
Version: 1.3.13
Severity: normal
Tags: patch
The rule in /etc/logcheck/ignore.d.workstation/libpam-gnome-keyring to ignore
messages like:
Mar 9 17:29:48 kaylee gnome-screensaver-dialog: gkr-pam: unlocked login
keyring
which show up when you unlock the screen from a screen saver, is
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ gnome-screensaver-dialog: gkr-pam:
unlocked 'login' keyring$
The correct rule excludes the quotes
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ gnome-screensaver-dialog: gkr-pam:
unlocked login keyring$
-- System Information:
Debian Release: 6.0.1
APT prefers squeeze-updates
APT policy: (500, 'squeeze-updates'), (500, 'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- Configuration Files:
/etc/logcheck/cracking.d/kernel [Errno 13] Permission denied:
u'/etc/logcheck/cracking.d/kernel'
/etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied:
u'/etc/logcheck/cracking.d/rlogind'
/etc/logcheck/cracking.d/rsh [Errno 13] Permission denied:
u'/etc/logcheck/cracking.d/rsh'
/etc/logcheck/cracking.d/smartd [Errno 13] Permission denied:
u'/etc/logcheck/cracking.d/smartd'
/etc/logcheck/cracking.d/tftpd [Errno 13] Permission denied:
u'/etc/logcheck/cracking.d/tftpd'
/etc/logcheck/cracking.d/uucico [Errno 13] Permission denied:
u'/etc/logcheck/cracking.d/uucico'
/etc/logcheck/ignore.d.paranoid/bind [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/bind'
/etc/logcheck/ignore.d.paranoid/cron [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/cron'
/etc/logcheck/ignore.d.paranoid/incron [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/incron'
/etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/logcheck'
/etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/postfix'
/etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/ppp'
/etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/pureftp'
/etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/qpopper'
/etc/logcheck/ignore.d.paranoid/squid [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/squid'
/etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/ssh'
/etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/stunnel'
/etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/sysklogd'
/etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/telnetd'
/etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/tripwire'
/etc/logcheck/ignore.d.paranoid/usb [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.paranoid/usb'
/etc/logcheck/ignore.d.server/acpid [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.server/acpid'
/etc/logcheck/ignore.d.server/amandad [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.server/amandad'
/etc/logcheck/ignore.d.server/amavisd-new [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.server/amavisd-new'
/etc/logcheck/ignore.d.server/anacron [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.server/anacron'
/etc/logcheck/ignore.d.server/anon-proxy [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.server/anon-proxy'
/etc/logcheck/ignore.d.server/apache [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.server/apache'
/etc/logcheck/ignore.d.server/apcupsd [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.server/apcupsd'
/etc/logcheck/ignore.d.server/arpwatch [Errno 13] Permission denied:
u'/etc/logcheck/ignore.d.server/arpwatch'
/etc/logcheck/ignore.d.server/asterisk [Errno 13] Permission
[Logcheck-devel] Bug#637923: marked as done (Tweak to ssh rules to ignore AllowGroups denial)
Your message dated Thu, 08 Sep 2011 14:48:50 +
with message-id e1r1fum-0008sa...@franck.debian.org
and subject line Bug#637923: fixed in logcheck 1.3.14
has caused the Debian Bug report #637923,
regarding Tweak to ssh rules to ignore AllowGroups denial
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
637923: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637923
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial
Package: logcheck-database
Version: 1.3.13
Severity: minor
*** Please type your report below this line ***
Similar to how AllowUsers denials are ignored, also ignore AllowGroups:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User
[-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of user's groups
are listed in AllowGroups$
-- System Information:
Debian Release: 6.0.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
-- Configuration Files:
-- no debconf information
--
Gerald Turner Email: gtur...@unzane.com JID: gtur...@unzane.com
GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5
--- ssh.orig 2010-08-10 12:48:59.0 -0700
+++ ssh 2011-08-15 12:18:25.531415667 -0700
@@ -16,6 +16,7 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because (listed in Deny|not listed in Allow)Users$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of user's groups are listed in AllowGroups$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for \[[-_.[:alnum:]]*\]$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$
pgprsLoZsdlfx.pgp
Description: PGP signature
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.14
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:
logcheck-database_1.3.14_all.deb
to main/l/logcheck/logcheck-database_1.3.14_all.deb
logcheck_1.3.14.dsc
to main/l/logcheck/logcheck_1.3.14.dsc
logcheck_1.3.14.tar.gz
to main/l/logcheck/logcheck_1.3.14.tar.gz
logcheck_1.3.14_all.deb
to main/l/logcheck/logcheck_1.3.14_all.deb
logtail_1.3.14_all.deb
to main/l/logcheck/logtail_1.3.14_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 637...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 08 Sep 2011 15:32:22 +0200
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.14
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org
Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read (deprecated)
Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030
637916 637918 637923 639839
Changes:
logcheck (1.3.14) unstable; urgency=low
.
[ martin f. krafft ]
* ignore.d.server/postfix
[Logcheck-devel] Bug#609649: marked as done (cron-apt: Insufficient logcheck patterns)
Your message dated Thu, 08 Sep 2011 14:48:49 +
with message-id e1r1ful-0008rn...@franck.debian.org
and subject line Bug#609649: fixed in logcheck 1.3.14
has caused the Debian Bug report #609649,
regarding cron-apt: Insufficient logcheck patterns
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
609649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609649
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: cron-apt
Version: 0.8.2
Severity: minor
Some patterns in /etc/logcheck/ignore.d.server/cron-apt do not allow
whitespace between value and unit meanwhile log entries contain it:
(1804 kB, 4096 B, 14.3 MB/s etc.)
A * should be added to these patterns. E.g.
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: Get:[[:digit:]]+
((ht|f)tp|file)://[.[:alnum:]/_-]+ [./[:alnum:]-]+ [-[:alnum:]_+.]+
[+.:~[:alnum:]-]+ \[[.[:digit:]]+ *[kMGTPEZY]?B\]$
Gabor
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages cron-apt depends on:
ii apt 0.8.10 Advanced front-end for dpkg
Versions of packages cron-apt recommends:
ii bsd-mailx [mailx] 8.1.2-0.20100314cvs-1 simple mail user agent
ii cron 3.0pl1-116process scheduling daemon
ii liblockfile1 1.08-4NFS-safe locking library, includes
cron-apt suggests no packages.
-- Configuration Files:
/etc/cron-apt/config changed [not included]
-- no debconf information
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.14
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:
logcheck-database_1.3.14_all.deb
to main/l/logcheck/logcheck-database_1.3.14_all.deb
logcheck_1.3.14.dsc
to main/l/logcheck/logcheck_1.3.14.dsc
logcheck_1.3.14.tar.gz
to main/l/logcheck/logcheck_1.3.14.tar.gz
logcheck_1.3.14_all.deb
to main/l/logcheck/logcheck_1.3.14_all.deb
logtail_1.3.14_all.deb
to main/l/logcheck/logtail_1.3.14_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 609...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 08 Sep 2011 15:32:22 +0200
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.14
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org
Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read (deprecated)
Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030
637916 637918 637923 639839
Changes:
logcheck (1.3.14) unstable; urgency=low
.
[ martin f. krafft ]
* ignore.d.server/postfix:
- ignore notice about verified TLS connections.
* ignore.d.server/openvpn:
- broaden filters to catch more messages.
.
[ Hanspeter Kunz ]
* ignore.d.server/dovecot:
- allow for arbitrary msgids
- ignore discarded vacation replies with precedence Bulk and list
- ignore notice about managesieve logouts (closes: #637918)
* ignore.d.server/postfix:
- ignore (temporary) rejects messages when the sender domain is not found
- ignore verify cache db cleanups
.
[ Hannes von Haugwitz ]
* src/logcheck:
- added numeric timezone information to subject line
- re-enabled globbing of logfile names (closes: #616103)
* docs/README.logcheck-database:
- mention logcheck-test in 'TESTING RULES' section
* ignore.d.workstation/wpasupplicant:
- match 5200, 5300, 5260 and 5680 MHz in 'Trying to associate' message
- allow WPA protocol in 'wpa_action: key_mgmt' message
- ignore
[Logcheck-devel] Bug#611999: marked as done (amavisd-new: logcheck Passed: CLEAN|SPAM doesn't work because mail-id can contain -)
Your message dated Thu, 08 Sep 2011 14:48:50 +
with message-id e1r1fum-0008sf...@franck.debian.org
and subject line Bug#639839: fixed in logcheck 1.3.14
has caused the Debian Bug report #639839,
regarding amavisd-new: logcheck Passed: CLEAN|SPAM doesn't work because
mail-id can contain -
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
639839: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639839
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: amavisd-new
Version: 1:2.6.4-3
Severity: normal
Tags: squeeze
As seen here:
Feb 4 12:59:00 server amavis[10256]: (10256-08) Passed SPAM, [91.187.16.183]
[91.187.16.183] xxx...@x.xx - xx...@.xx, quarantine:
spam-7UpI76jX-2a1.gz, mail_id: 7UpI76jX-2a1, Hits: 21.685, size: 1341,
queued_as: DAD2C16400FD, 4517 ms
the mail_id can contain the '-' character but the logcheck rule doesn't acount
for that:
s/[[:space:]]*$//' /root/test | egrep '^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (CLEAN|SPAM),( LOCAL)?(
\[(IPv6:)?[[[:xdigit:].:]{3,39}\]){0,2} [^]* - [^]*(,[^]*)*,(
Message-ID: [^]+( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,)?(
Resent-Message-ID: [^]+,)? mail_id: [-+[:alnum:]]+, Hits:
((-)?[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK
id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
-- System Information:
Debian Release: 6.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages amavisd-new depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii debconf [debconf-2.0]1.5.36.1Debian configuration management sy
ii file 5.04-5 Determines file type using magic
ii libarchive-zip-perl 1.30-3 Perl module for manipulation of ZI
ii libberkeleydb-perl 0.42-1~squeeze1 use Berkeley DB 4 databases from P
ii libcompress-raw-zlib-per 2.026-1 low-level interface to zlib compre
ii libconvert-tnef-perl 0.17-9 Perl module to read TNEF files
ii libconvert-uulib-perl1.12-1 Perl interface to the uulib librar
pn libdigest-md5-perl none (no description available)
ii libio-stringy-perl 2.110-4 Perl modules for IO from scalars a
ii libmail-dkim-perl0.38-1 cryptographically identify the sen
ii libmailtools-perl2.06-1 Manipulate email in perl programs
pn libmime-base64-perl none (no description available)
ii libmime-tools-perl 5.428-1 Perl5 modules for MIME-compliant m
ii libnet-server-perl 0.97-1 An extensible, general perl server
ii libunix-syslog-perl 1.1-2 Perl interface to the UNIX syslog(
ii pax 1:20090728-1Portable Archive Interchange
ii perl [libtime-hires-perl 5.10.1-17 Larry Wall's Practical Extraction
ii perl-modules [libarchive 5.10.1-17 Core Perl modules
amavisd-new recommends no packages.
Versions of packages amavisd-new suggests:
pn apt-listchanges none (no description available)
ii arj 3.10.22-9 archiver for .arj files
ii cabextract 1.3-1 a program to extract Microsoft Cab
ii clamav 0.96.5+dfsg-1.1 anti-virus utility for Unix - comm
ii clamav-daemon0.96.5+dfsg-1.1 anti-virus utility for Unix - scan
ii cpio 2.11-4 GNU cpio -- a program to manage ar
pn dspamnone (no description available)
ii lha 1.14i-10.3 lzh archiver
pn libauthen-sasl-perl none (no description available)
ii libdbi-perl 1.612-1 Perl Database Interface (DBI)
ii libmail-dkim-perl0.38-1 cryptographically identify the sen
pn libnet-ldap-perl none (no description available)
pn libsnmp-perl none (no description available)
ii lzop 1.02~rc1-2 fast compression program
ii nomarch 1.4-3 Unpacks .ARC and .ARK MS-DOS archi
pn p7zipnone (no description available)
pn rpm none (no description available)
ii spamassassin 3.3.1-1 Perl-based spam filter using text
ii unrar1:3.9.10-1 Unarchiver for .rar files
[Logcheck-devel] Bug#616616: marked as done (TLS fingerpring log message out of date)
Your message dated Thu, 08 Sep 2011 14:48:49 +
with message-id e1r1ful-0008ry...@franck.debian.org
and subject line Bug#616616: fixed in logcheck 1.3.14
has caused the Debian Bug report #616616,
regarding TLS fingerpring log message out of date
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
616616: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616616
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck-database
Version: 1.3.13
Severity: normal
Tags: patch
Hey
I'm getting reports of log lines like:
Mar 5 22:06:54 xyz postfix/smtpd[20492]: some.host.name[88.166.229.232]:
Trusted: subject_CN=some.host.name, issuer=Some Signing Authority,
fingerprint=12:34:56:78:90:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67
reported; this is with postfix 2.7.0-1.
Only src/tls/tls_server.c in recent Postfix versions uses fingerprint=
in logs; I've looked at the source history, and the upstream log
message was changed from:
msg_info(fingerprint=%s, TLScontext-peer_fingerprint);
to:
msg_info(%s: %s: subject_CN=%s, issuer=%s, fingerprint=%s,
props-namaddr,
TLS_CERT_IS_TRUSTED(TLScontext) ? Trusted : Untrusted,
TLScontext-peer_CN, TLScontext-issuer_CN,
TLScontext-peer_fingerprint);
between 2.4.6 and 2.5.1-RC1.
I don't know what policy you follow for logcheck for older version of
logged strings, but this seems to have happened a long time ago, hence
I suggest just updating the regexp rather than keeping both versions:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
[._[:alnum:]-]+(\[[[:xdigit:].:]{3,39}\](:[[:digit:]]+)?)?: Trusted:
subject_CN=.*, issuer=.*,
fingerprint=([[:digit:]A-F]{2}:){15,19}[[:digit:]A-F]{2}$
For props-namaddr, I used the same snippet as for the setting up TLS
connection message which uses the same var; then I added Trusted; this
could also be Untrusted, but I decided this should be logged; then for
subject_CN= and issuer= I wasn't too sure what to allow as this could
be anything really, but I saw other places which had subject_CN=.*,
issuer=.*; finally, fingerprint= can be different types of
fingerprints, in my case it's SHA1 so 20 pairs of hex digits.
Cheers,
--
Loïc Minier
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.14
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:
logcheck-database_1.3.14_all.deb
to main/l/logcheck/logcheck-database_1.3.14_all.deb
logcheck_1.3.14.dsc
to main/l/logcheck/logcheck_1.3.14.dsc
logcheck_1.3.14.tar.gz
to main/l/logcheck/logcheck_1.3.14.tar.gz
logcheck_1.3.14_all.deb
to main/l/logcheck/logcheck_1.3.14_all.deb
logtail_1.3.14_all.deb
to main/l/logcheck/logtail_1.3.14_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 616...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 08 Sep 2011 15:32:22 +0200
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.14
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org
Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read (deprecated)
Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030
637916 637918 637923 639839
Changes:
logcheck (1.3.14) unstable; urgency=low
.
[ martin f. krafft ]
* ignore.d.server/postfix:
- ignore notice about verified TLS connections.
* ignore.d.server/openvpn:
- broaden filters to catch more messages.
.
[ Hanspeter Kunz ]
* ignore.d.server/dovecot:
- allow for arbitrary msgids
- ignore discarded vacation replies with precedence Bulk and list
- ignore notice about managesieve
[Logcheck-devel] Bug#632471: marked as done (logcheck-database: spamd child cleanup message broken after upgrade to squeeze)
Your message dated Thu, 08 Sep 2011 14:48:50 + with message-id e1r1fum-0008rk...@franck.debian.org and subject line Bug#632471: fixed in logcheck 1.3.14 has caused the Debian Bug report #632471, regarding logcheck-database: spamd child cleanup message broken after upgrade to squeeze to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 632471: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632471 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch After upgrading to debian squeeze I get several messages a day in the form of: Jul 2 15:05:15 hostname spamd[21286]: spamd: handled cleanup of child pid [28609] due to SIGCHLD: exit 0 This is due to an update in spamd, that makes the message more detailed (includes exit code)[1]. Therefore messages including exit code 0 should be ignored as the whole message without exit code would have been ignored before. I include a patch. With my patch the new version of the ignore rule ignores the old and the new message version. [1] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6304#c1 -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.36.4-vs2.3.0.36.39-netcup (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Configuration Files: /etc/logcheck/cracking.d/kernel [Errno 13] Keine Berechtigung: u'/etc/logcheck/cracking.d/kernel' /etc/logcheck/cracking.d/rlogind [Errno 13] Keine Berechtigung: u'/etc/logcheck/cracking.d/rlogind' /etc/logcheck/cracking.d/rsh [Errno 13] Keine Berechtigung: u'/etc/logcheck/cracking.d/rsh' /etc/logcheck/cracking.d/smartd [Errno 13] Keine Berechtigung: u'/etc/logcheck/cracking.d/smartd' /etc/logcheck/cracking.d/tftpd [Errno 13] Keine Berechtigung: u'/etc/logcheck/cracking.d/tftpd' /etc/logcheck/cracking.d/uucico [Errno 13] Keine Berechtigung: u'/etc/logcheck/cracking.d/uucico' /etc/logcheck/ignore.d.paranoid/bind [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/bind' /etc/logcheck/ignore.d.paranoid/cron [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/cron' /etc/logcheck/ignore.d.paranoid/incron [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/incron' /etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/logcheck' /etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/postfix' /etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/ppp' /etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/pureftp' /etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/qpopper' /etc/logcheck/ignore.d.paranoid/squid [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/squid' /etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/ssh' /etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/stunnel' /etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/sysklogd' /etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/telnetd' /etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/tripwire' /etc/logcheck/ignore.d.paranoid/usb [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/usb' /etc/logcheck/ignore.d.server/acpid [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/acpid' /etc/logcheck/ignore.d.server/amandad [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/amandad' /etc/logcheck/ignore.d.server/amavisd-new [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/amavisd-new' /etc/logcheck/ignore.d.server/anacron [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/anacron' /etc/logcheck/ignore.d.server/anon-proxy [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/anon-proxy' /etc/logcheck/ignore.d.server/apache [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/apache' /etc/logcheck/ignore.d.server/apcupsd [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/apcupsd' /etc/logcheck/ignore.d.server/arpwatch [Errno 13
[Logcheck-devel] Bug#613124: marked as done (logcheck: snmpd output changed - rule needs updating)
Your message dated Thu, 08 Sep 2011 14:48:49 +
with message-id e1r1ful-0008rq...@franck.debian.org
and subject line Bug#613124: fixed in logcheck 1.3.14
has caused the Debian Bug report #613124,
regarding logcheck: snmpd output changed - rule needs updating
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
613124: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613124
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck
Version: 1.3.13
Severity: normal
Tags: patch
SNMP output has change from:
Feb 12 06:30:02 server snmpd[3370]: Connection from UDP: [127.0.0.1]:35564
to:
Feb 13 00:05:01 server snmpd[4922]: Connection from UDP:
[127.0.0.1]:55048-[127.0.0.1]
I've change the snmpd rule file to read:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from
[.0-9]{7,15}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from UDP:
\[[.0-9]{7,15}\]:[0-9]{4,5}-\[[.0-9]{7,15}\]$
Which seems to have done the trick
-- System Information:
Debian Release: 6.0
APT prefers squeeze-updates
APT policy: (500, 'squeeze-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages logcheck depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii cron 3.0pl1-116 process scheduling daemon
ii exim4-daemon-heavy [mail-tran 4.72-6 Exim MTA (v4) daemon with extended
ii lockfile-progs0.1.15 Programs for locking and unlocking
ii logtail 1.3.13 Print log file lines that have not
ii mime-construct1.11 construct/send MIME messages from
ii syslog-ng [system-log-daemon] 3.1.3-3Next generation logging daemon
Versions of packages logcheck recommends:
ii logcheck-database 1.3.13 database of system log rules for t
Versions of packages logcheck suggests:
ii syslog-summary1.14-2 summarize the contents of a syslog
-- Configuration Files:
/etc/logcheck/logcheck.conf [Errno 13] Permission denied:
u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied:
u'/etc/logcheck/logcheck.logfiles'
-- debconf information:
logcheck/changes:
* logcheck/install-note:
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.14
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:
logcheck-database_1.3.14_all.deb
to main/l/logcheck/logcheck-database_1.3.14_all.deb
logcheck_1.3.14.dsc
to main/l/logcheck/logcheck_1.3.14.dsc
logcheck_1.3.14.tar.gz
to main/l/logcheck/logcheck_1.3.14.tar.gz
logcheck_1.3.14_all.deb
to main/l/logcheck/logcheck_1.3.14_all.deb
logtail_1.3.14_all.deb
to main/l/logcheck/logtail_1.3.14_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 613...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 08 Sep 2011 15:32:22 +0200
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.14
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org
Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read (deprecated)
Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030
637916 637918 637923 639839
Changes:
logcheck (1.3.14) unstable; urgency=low
.
[ martin f. krafft ]
* ignore.d.server/postfix:
- ignore notice about verified TLS connections.
* ignore.d.server/openvpn:
- broaden filters to catch more messages.
.
[ Hanspeter Kunz ]
* ignore.d.server/dovecot:
- allow for arbitrary msgids
[Logcheck-devel] Bug#616103: marked as done (logcheck: (re)enable globbing of logfile names)
Your message dated Thu, 08 Sep 2011 14:48:49 +
with message-id e1r1ful-0008rv...@franck.debian.org
and subject line Bug#616103: fixed in logcheck 1.3.14
has caused the Debian Bug report #616103,
regarding logcheck: (re)enable globbing of logfile names
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
616103: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616103
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck
Version: 1.3.13
Severity: minor
Tags: patch
In Lenny it was possible to use wildcards in logcheck.logfiles. For
example, I used: /var/log/HOSTS/*/*.log
root@durer:~# su -s /bin/bash -c bash -x /usr/sbin/logcheck logcheck
cut
+ read file
+ logoutput '/var/log/HOSTS/*/*.log'
+ file='/var/log/HOSTS/*/*.log'
+ debug 'logoutput called with file: /var/log/HOSTS/*/*.log'
+ '[' 0 -eq 1 ']'
+ '[' -f '/var/log/HOSTS/*/*.log' ']'
+ echo 'E: File could not be read: /var/log/HOSTS/*/*.log'
cut
The wildcards in the path are not expanded. I've attached a patch that does so.
-- System Information:
Debian Release: wheezy/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to nl_NL.UTF-8)
Shell: /bin/sh linked to /bin/bash
--- logcheck2010-09-03 10:25:15.0 +0200
+++ /usr/sbin/logcheck 2011-03-02 15:39:49.097878736 +0100
@@ -436,6 +436,12 @@
fi
}
+# Expand wildcards
+# eg: /dev/n*ll - /dev/null
+glob() {
+xargs -i ls {}
+}
+
# Show all the cli options to our users.
usage() {
debug usage: Printing usage and exiting
@@ -658,7 +664,7 @@
mkdir $TMPDIR/logoutput \
|| error Could not mkdir for log files
if [ ! $LOGFILE ] [ -r $LOGFILES_LIST ]; then
-egrep --text -v (^#|^[[:space:]]*$) $LOGFILES_LIST | while read file;
do
+egrep --text -v (^#|^[[:space:]]*$) $LOGFILES_LIST | glob | while read
file; do
logoutput $file
done
elif [ $LOGFILE ]; then
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.14
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:
logcheck-database_1.3.14_all.deb
to main/l/logcheck/logcheck-database_1.3.14_all.deb
logcheck_1.3.14.dsc
to main/l/logcheck/logcheck_1.3.14.dsc
logcheck_1.3.14.tar.gz
to main/l/logcheck/logcheck_1.3.14.tar.gz
logcheck_1.3.14_all.deb
to main/l/logcheck/logcheck_1.3.14_all.deb
logtail_1.3.14_all.deb
to main/l/logcheck/logtail_1.3.14_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 616...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 08 Sep 2011 15:32:22 +0200
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.14
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org
Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read (deprecated)
Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030
637916 637918 637923 639839
Changes:
logcheck (1.3.14) unstable; urgency=low
.
[ martin f. krafft ]
* ignore.d.server/postfix:
- ignore notice about verified TLS connections.
* ignore.d.server/openvpn:
- broaden filters to catch more messages.
.
[ Hanspeter Kunz ]
* ignore.d.server/dovecot:
- allow for arbitrary msgids
- ignore discarded vacation replies with precedence Bulk and list
- ignore notice about managesieve logouts (closes: #637918)
* ignore.d.server/postfix:
- ignore (temporary) rejects messages when the sender domain is not found
- ignore verify cache db cleanups
.
[ Hannes
[Logcheck-devel] Bug#637916: marked as done (logcheck-database: Tweak to dovecot rules to match IPv6 addresses)
Your message dated Thu, 08 Sep 2011 14:48:50 +
with message-id e1r1fum-0008s1...@franck.debian.org
and subject line Bug#637916: fixed in logcheck 1.3.14
has caused the Debian Bug report #637916,
regarding logcheck-database: Tweak to dovecot rules to match IPv6 addresses
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
637916: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637916
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Subject: logcheck-database: Tweak to dovecot rules to match IPv6 addresses
Package: logcheck-database
Version: 1.3.13
Severity: minor
*** Please type your report below this line ***
There is a rule in /etc/logcheck/ignore.d.server/dovecot that almost
works for IPv6 addresses but it uses [:digit:] instead of [:xdigit:]:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: managesieve-login: Login:
user=[._[:alnum:]-]+, method=[[:alnum:]-]+, rip=[.:[:digit:]]+,
lip=[.:[:digit:]]+, (TLS( handshake)?|secured)$
Fixed with:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: managesieve-login: Login:
user=[._[:alnum:]-]+, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+,
lip=[.:[:xdigit:]]+, (TLS( handshake)?|secured)$
-- System Information:
Debian Release: 6.0.2
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
-- Configuration Files:
-- no debconf information
--
Gerald Turner Email: gtur...@unzane.com JID: gtur...@unzane.com
GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5
--- dovecot.orig 2011-08-15 11:51:48.775348529 -0700
+++ dovecot 2011-08-15 11:52:06.707075441 -0700
@@ -22,5 +22,5 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth\([[:alnum:]]+\): client in: CONThidden
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth\([[:alnum:]]+\): client out: CONT[[:space:]]+[[:digit:]]+[[:space:]]+[[:alnum:]]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: ssl-build-param: SSL parameters regeneration completed$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: managesieve-login: Login: user=[._[:alnum:]-]+, method=[[:alnum:]-]+, rip=[.:[:digit:]]+, lip=[.:[:digit:]]+, (TLS( handshake)?|secured)$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: managesieve-login: Login: user=[._[:alnum:]-]+, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS( handshake)?|secured)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: MANAGESIEVE\([._[:alnum:]-]+\): Connection closed( bytes=[[:digit:]]+/[[:digit:]]+)?$
pgpOTFdbat9Vq.pgp
Description: PGP signature
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.14
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:
logcheck-database_1.3.14_all.deb
to main/l/logcheck/logcheck-database_1.3.14_all.deb
logcheck_1.3.14.dsc
to main/l/logcheck/logcheck_1.3.14.dsc
logcheck_1.3.14.tar.gz
to main/l/logcheck/logcheck_1.3.14.tar.gz
logcheck_1.3.14_all.deb
to main/l/logcheck/logcheck_1.3.14_all.deb
logtail_1.3.14_all.deb
to main/l/logcheck/logtail_1.3.14_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 637...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Format: 1.8
Date: Thu, 08 Sep 2011 15:32:22 +0200
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.14
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org
Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read (deprecated)
Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030
[Logcheck-devel] Bug#552134: marked as done (amavisd-new: supplied logcheck ignore rules let everything through)
Your message dated Thu, 8 Sep 2011 19:53:14 +0200
with message-id 20110908174626.ga7...@carbon.vonhaugwitz.com
and subject line Re: Bug#552134: amavisd-new: supplied logcheck ignore rules
let, everything through
has caused the Debian Bug report #552134,
regarding amavisd-new: supplied logcheck ignore rules let everything through
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
552134: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552134
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: amavisd-new
Version: 1:2.6.1.dfsg-1
Severity: minor
Tags: patch
I use postfix, amavisd-new, clamav, spamassassin.
And logcheck (with default, server setting)
Logcheck sends me a lot of reports from the logfile about amavisd-new results.
As I see in the /etc/logcheck/ignore.d.server file, an attempt was made to
filter out some of the unnecessary reports.
However, the 'Passed CLEAN' rule does not match. And the 'WARN: address
modified' rule doesn't match either.
Here is a sample log line that got through:
Oct 23 14:02:37 spark amavis[1199]: (01199-02) Passed CLEAN,
logch...@uvill.hu - logch...@uvill.hu, Message-ID:
20091023120233.4c1dd25...@mail.uvill.hu, mail_id: Sjiu0FmRJKMZ, Hits: -2.593,
size: 2739, queued_as: 13C0923693, 3797 ms
this changed rule seem to work for me:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
\([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} [^]* -
[^]*(,[^]*)*, Message-ID: [^]+( \((added
by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: [^]+,)? mail_id:
[-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as:
[[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
also please create rules to ignore 'Passed BAD-HEADER', 'Passed SPAMMY',
'Blocked SPAM', and some others.
Rationale: With a small mailserver I have so many amavis reports from logcheck
that logcheck is not useful at all, and these lines only show that amavis is
working as expected, there is nothing to warn about.
examples:
Oct 23 14:15:32 moto amavis[21170]: (21170-16) Passed BAD-HEADER,
[84.1.230.188] [80.249.168.77] nore...@kvizpart.hu - pi...@moto.hu,
quarantine: S/badh-S1hyDigHfMDw, Message-ID:
20091023_121512_040313.nore...@kvizpart.hu, mail_id: S1hyDigHfMDw, Hits:
1.103, size: 16511, queued_as: B18A947C10, 5824 ms
Sep 5 20:14:01 spark amavis[9254]: (09254-02) Blocked SPAM, [85.186.127.160]
[85.186.127.160] mouzerij_1...@metal-attack.org - gabor.ujh...@spark.hu,
quarantine: spam-YomiQ3CnmC61.gz, mail_id: YomiQ3CnmC61, Hits: 18.677, 8520 ms
Sep 5 21:01:57 spark amavis[10967]: (10967-04) WARN: address modified
(sender): pcrips@sisnaa-...@aerospacesw.com -
pcrips@sisnaa-key@aerospacesw.com
Oct 22 20:07:19 spark amavis[30821]: (30821-16) Passed SPAMMY, [84.2.39.149]
[81.182.240.90] - i...@spark.hu, Message-ID:
4ae09675.4040...@ringcsoport.hu, mail_id: gKqeGve+At5F, Hits: 3.976, size:
193674, queued_as: 96D7419A41, 15663 ms
-- System Information:
Debian Release: 5.0.3
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages amavisd-new depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf-2.0]1.5.24 Debian configuration management sy
ii file 4.26-1 Determines file type using magic
ii libarchive-zip-perl 1.18-1 Module for manipulation of ZIP arc
ii libberkeleydb-perl 0.34-1+b1 use Berkeley DB 4 databases from P
ii libcompress-zlib-perl2.012-1 Perl module for creation and manip
ii libconvert-tnef-perl 0.17-8 Perl module to read TNEF files
ii libconvert-uulib-perl1.11-1 Perl interface to the uulib librar
pn libdigest-md5-perl none (no description available)
ii libio-stringy-perl 2.110-4 Perl modules for IO from scalars a
ii libmailtools-perl2.03-1 Manipulate email in perl programs
pn libmime-base64-perl none (no description available)
ii libmime-tools-perl 5.427-1 Perl5 modules for MIME-compliant m
ii libnet-server-perl 0.97-1 An extensible, general perl server
ii libunix-syslog-perl 1.1-2 Perl interface to the UNIX syslog(
ii perl [libtime-hires-perl 5.10.0-19lenny2 Larry Wall's Practical Extraction
ii perl-modules [libarchive 5.10.0-19lenny2 Core Perl modules
amavisd-new
[Logcheck-devel] Processed: tagging 633030
Processing commands for cont...@bugs.debian.org: # fixed in 52b3428 tags 633030 + pending Bug #633030 [src:logcheck] logcheck: /run transition: Please switch to /run/sendsigs.omit.d Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 633030: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633030 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 639839
Processing commands for cont...@bugs.debian.org: # fixed in cf21d54 tags 639839 + pending Bug #639839 [logcheck-database] please update amavisd-new rules Bug #611999 [logcheck-database] amavisd-new: logcheck Passed: CLEAN|SPAM doesn't work because mail-id can contain - Added tag(s) pending. Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 639839: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Processed (with 1 errors): same bug
Processing commands for cont...@bugs.debian.org: reassign 611999 logcheck-database Bug #611999 [logcheck] amavisd-new: logcheck Passed: CLEAN|SPAM doesn't work because mail-id can contain - Bug reassigned from package 'logcheck' to 'logcheck-database'. merge 611999 639839 Bug#611999: amavisd-new: logcheck Passed: CLEAN|SPAM doesn't work because mail-id can contain - Bug#639839: please update amavisd-new rules Merged 611999 639839. End of message, stopping processing here. Please contact me if you need assistance. -- 611999: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611999 639839: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed (with 1 errors): same bug
Processing commands for cont...@bugs.debian.org: severity 639839 normal Bug #639839 [logcheck-database] please update amavisd-new rules Severity set to 'normal' from 'wishlist' merge 611999 639839 Bug#611999: amavisd-new: logcheck Passed: CLEAN|SPAM doesn't work because mail-id can contain - Bug#639839: please update amavisd-new rules Mismatch - only Bugs in same state can be merged: Values for `package' don't match: #611999 has `logcheck'; #639839 has `logcheck-database' thanks Stopping processing here. Please contact me if you need assistance. -- 639839: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#608574: [PATCH] updated rules for dnsmasq
Processing commands for cont...@bugs.debian.org: tags 608574 - pending + moreinfo Bug #608574 [logcheck] [PATCH] updated rules for dnsmasq Removed tag(s) pending. Bug #608574 [logcheck] [PATCH] updated rules for dnsmasq Added tag(s) moreinfo. thanks Stopping processing here. Please contact me if you need assistance. -- 608574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608574 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 637918
Processing commands for cont...@bugs.debian.org: # fixed in 6b0c4445 by Hanspeter tags 637918 +pending Bug #637918 [logcheck-database] Tweak to dovecot rules to ignore managesieve logout Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 637918: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637918 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#623298: marked as done (logcheck: excessive CPU use by egrep)
Your message dated Fri, 8 Jul 2011 15:46:49 +0200 with message-id 20110708134649.ga5...@carbon.vonhaugwitz.com and subject line Re: [Logcheck-devel] Bug#623298: Acknowledgement (logcheck: excessive CPU use by egrep) has caused the Debian Bug report #623298, regarding logcheck: excessive CPU use by egrep to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 623298: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623298 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.3.13 Severity: normal Currently I have an egrep sitting on 64 minutes cpu time that was run from the logcheck process. On other logcheck runs, some of the data finally appearing has been due to fetchnews (part of the leafnode package) and the kernel. Have any of the developers been looking at which rules use the most cpu time and how than can be minimised? -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.38.2 (SMP w/1 CPU core) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages logcheck depends on: ii adduser 3.112+nmu2 add and remove users and groups ii cron 3.0pl1-116 process scheduling daemon ii exim4-daemon-light [mail-tran 4.75-2 lightweight Exim MTA (v4) daemon ii lockfile-progs0.1.15 Programs for locking and unlocking ii logtail 1.3.13 Print log file lines that have not ii mime-construct1.11 construct/send MIME messages from ii sysklogd [system-log-daemon] 1.5-6 System Logging Daemon Versions of packages logcheck recommends: ii logcheck-database 1.3.13 database of system log rules for t Versions of packages logcheck suggests: ii syslog-summary1.14-2 summarize the contents of a syslog -- Configuration Files: /etc/cron.d/logcheck changed: PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root @reboot logcheckif [ -x /usr/sbin/logcheck ]; then ionice -c3 nice -n10 /usr/sbin/logcheck -R; fi 2 * * * * logcheckif [ -x /usr/sbin/logcheck ]; then ionice -c3 nice -n10 /usr/sbin/logcheck; fi /etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles' -- debconf-show failed ---End Message--- ---BeginMessage--- On Tue, Apr 19, 2011 at 10:56:39PM +0930, Arthur Marsh wrote: This bug is due to leafnode even at minimal logging creating about 100 MiB of log entries like reported in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623302 These entries were of the form: Apr 19 00:03:09 victoria fetchnews[3335]: gmane.linux.kernel: killed 79950 (200212181942.gbijgp418...@devserv.devel.redhat.com), too old (3043 15) days As this was the largest proportion of junk log entries, perhaps logcheck should filter these entries out before performing other filtering? As mentioned in README.logcheck-database.gz[0] we don't add rules for temporary messages which are due to a bug in the package. Hence I close this bug now. Greetings Hannes [0] http://anonscm.debian.org/gitweb/?p=logcheck/logcheck.git;a=blob;f=docs/README.logcheck-database;h=540d6328348a9bcdff2e14f1f2e6ff3ff55a5744;hb=HEAD ---End Message--- ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#624197: logcheck-database: update for amavisd-new SPAMMY log entries
Processing commands for cont...@bugs.debian.org: # fixed in 82f86001 tags 624197 + pending Bug #624197 [logcheck-database] logcheck-database: update for amavisd-new SPAMMY log entries Added tag(s) pending. -- Stopping processing here. Please contact me if you need assistance. -- 624197: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624197 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: logcheck ignore rules for rsyslogd
Processing commands for cont...@bugs.debian.org: reassign 623058 rsyslog Bug #623058 [logcheck] logcheck: tweak 'rsyslogd was HUPed' filter Bug reassigned from package 'logcheck' to 'rsyslog'. Bug No longer marked as found in versions logcheck/1.3.13. thanks Stopping processing here. Please contact me if you need assistance. -- 623058: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623058 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: RE: updated rules for webmin
Processing commands for cont...@bugs.debian.org: # fixed in 5f7da056 tag 590559 + pending Bug #590559 [logcheck-database] updated rules for webmin Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 590559: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590559 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 608574
Processing commands for cont...@bugs.debian.org: # fixed in d4a97c55 tags 608574 + pending Bug #608574 [logcheck] [PATCH] updated rules for dnsmasq Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 608574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608574 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 616616
Processing commands for cont...@bugs.debian.org: # fixed in 6a4bf69b tags 616616 + pending Bug #616616 [logcheck-database] TLS fingerpring log message out of date Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 616616: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616616 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 618411
Processing commands for cont...@bugs.debian.org: # fixed in 6cb523e tags 618411 + pending Bug #618411 [logcheck-database] logcheck-database: Fails to filter messages from pam-gkr at workstation level Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 618411: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618411 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassign 617484 to rsyslog, forcibly merging 617484 612829
Processing commands for cont...@bugs.debian.org: reassign 617484 rsyslog Bug #617484 [logcheck] logcheck: Empty report generated each hour Bug reassigned from package 'logcheck' to 'rsyslog'. Bug No longer marked as found in versions logcheck/1.3.13. forcemerge 617484 612829 Bug#617484: logcheck: Empty report generated each hour Bug#612829: no longer cleans up trailing whitespace (causes logcheck to send empty reports) Bug#614318: no longer cleans up trailing whitespace (causes logcheck to send empty reports) Bug#615610: no longer cleans up trailing whitespace (causes logcheck to send empty reports) Forcibly Merged 612829 614318 615610 617484. thanks Stopping processing here. Please contact me if you need assistance. -- 614318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614318 615610: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615610 612829: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612829 617484: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617484 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#615610: logcheck: Sends empty reports
Processing commands for cont...@bugs.debian.org: reassign 615610 rsyslog Bug #615610 [logcheck] logcheck: Sends empty reports Bug reassigned from package 'logcheck' to 'rsyslog'. Bug No longer marked as found in versions logcheck/1.3.13. forcemerge 612829 615610 Bug#612829: no longer cleans up trailing whitespace Bug#615610: logcheck: Sends empty reports Bug#614318: logcheck sends an email even when there are no entries after filtering Forcibly Merged 612829 614318 615610. thanks Stopping processing here. Please contact me if you need assistance. -- 614318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614318 615610: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615610 612829: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612829 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 613124
Processing commands for cont...@bugs.debian.org: # fixed in fdb9b97 tags 613124 + pending Bug #613124 [logcheck] logcheck: snmpd output changed - rule needs updating Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 613124: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613124 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 609649
Processing commands for cont...@bugs.debian.org: # fixed in bfdc9bb tags 609649 + pending Bug #609649 [logcheck-database] cron-apt: Insufficient logcheck patterns Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 609649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609649 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 608256
Processing commands for cont...@bugs.debian.org: # fixed in 96bfce9 tags 608256 + pending Bug #608256 [logcheck-database] /etc/logcheck/ignore.d.server/dnsmasq: dnsmasq: interface names are allowed to have a dash (-) please add this to the filter Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 608256: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608256 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: change submitter
://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548481 471208: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471208 601882: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601882 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#612046: marked as done (RE-patterns in logcheck rules is contain unescaped point char (any symbol) in many places)
Your message dated Sun, 6 Feb 2011 22:05:15 +0100
with message-id 20110206210515.ga31...@df7cb.de
and subject line Re: Bug#612046: RE-patterns in logcheck rules is contain
unescaped point char (any symbol) in many places
has caused the Debian Bug report #612046,
regarding RE-patterns in logcheck rules is contain unescaped point char (any
symbol) in many places
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
612046: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612046
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck
Version: 1.2.69
Severity: normal
Many, very many logcheck rules is contain the point character (.) without
escaping character
(\).
Example: /etc/logcheck/ignore.d.server/sendmail contain following line (1st
line in file):
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]:
starting daemon
^
This point is unescaped and treated as any character. Because this point
enclosed into
square brackets, all another RE elements in these brackets does nothing, and
specified
RE-line is equivalented with following RE:
^\w{3} [ :0-9]{11} .+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: starting daemon
To fix, it is needed to escape point char:
^\w{3} [ :0-9]{11} [\._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]:
starting daemon
Errors like this discovered in each logcheck rules file!
-- System Information:
Debian Release: 5.0.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages logcheck depends on:
ii adduser3.110 add and remove users and groups
ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-3 A simple mail user agent
ii cron 3.0pl1-105management of regular background p
ii lockfile-progs 0.1.11-0.1Programs for locking and unlocking
ii logtail1.2.69Print log file lines that have not
ii rsyslog [system-lo 3.18.6-4 enhanced multi-threaded syslogd
ii sendmail-bin [mail 8.14.3-5 powerful, efficient, and scalable
Versions of packages logcheck recommends:
ii logcheck-database 1.2.69 database of system log rules for t
Versions of packages logcheck suggests:
pn syslog-summarynone (no description available)
-- no debconf information
---End Message---
---BeginMessage---
Re: Stas Degteff 2011-02-05
20110205084850.17615.91109.report...@srv.grumbler.org
Many, very many logcheck rules is contain the point character (.) without
escaping character
(\).
Example: /etc/logcheck/ignore.d.server/sendmail contain following line (1st
line in file):
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]:
starting daemon
^
This point is unescaped and treated as any character. Because this point
enclosed into
square brackets, all another RE elements in these brackets does nothing, and
specified
Hi,
this is wrong. Dots enclosed in [] are literals.
Christoph
--
c...@df7cb.de | http://www.df7cb.de/
signature.asc
Description: Digital signature
---End Message---
___
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#609649: cron-apt: Insufficient logcheck patterns
Processing commands for cont...@bugs.debian.org: reassign 609649 logcheck-database Bug #609649 [logcheck-database] cron-apt: Insufficient logcheck patterns Ignoring request to reassign bug #609649 to the same package thanks Stopping processing here. Please contact me if you need assistance. -- 609649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609649 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: your mail
=582153 586585: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586585 532669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532669 576398: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576398 600954: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600954 408377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408377 555129: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555129 515901: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515901 564252: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564252 592398: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592398 522604: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522604 420992: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420992 516080: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516080 413217: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413217 518909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518909 584768: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584768 516081: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516081 506246: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506246 600754: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600754 539579: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539579 549541: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549541 516471: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516471 573040: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573040 563401: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563401 485018: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485018 535336: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535336 600435: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600435 519663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519663 512942: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512942 519103: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519103 378362: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378362 568754: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568754 570615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570615 522645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522645 471025: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471025 450800: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450800 479778: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479778 407586: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407586 592799: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592799 522547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522547 465306: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465306 598953: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598953 586805: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586805 544467: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544467 517489: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517489 445602: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445602 578415: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578415 544456: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544456 576490: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576490 508817: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508817 468932: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468932 599498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599498 554822: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554822 526681: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526681 562817: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=562817 586584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586584 445527: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445527 594511: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594511 538674: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538674 596433: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596433 550454: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550454 594554: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594554 480255: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480255 527459: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527459 458048: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458048 529156: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529156 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#598550: marked as done (Perms on /etc/logcheck/*)
Your message dated Thu, 30 Sep 2010 09:45:35 +0200 with message-id 20100930074535.gh31...@fishbowl.rw.madduck.net and subject line Re: Bug#598550: Perms on /etc/logcheck/* has caused the Debian Bug report #598550, regarding Perms on /etc/logcheck/* to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 598550: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598550 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.2.69 Severity: wishlist Hi. Thanks for your efforts. drwxr-s--- 2 root logcheck 1024 2009-11-17 11:32 cracking.d/ drwxr-s--- 2 root logcheck 1024 2009-11-17 11:32 cracking.ignore.d/ -rw-r--r-- 1 root logcheck 188 2008-12-09 02:37 header.txt drwxr-s--- 2 root logcheck 1024 2010-06-23 12:21 ignore.d.paranoid/ drwxr-s--- 2 root logcheck 3072 2010-06-23 12:21 ignore.d.server/ drwxr-s--- 2 root logcheck 1024 2010-06-23 12:21 ignore.d.workstation/ -rw-r- 1 root logcheck 2580 2010-07-01 22:08 logcheck.conf -rw-r- 1 root root 2581 2009-11-22 08:02 logcheck.conf~ -rw-r- 1 root logcheck 131 2009-02-11 04:57 logcheck.logfiles drwxr-s--- 2 root logcheck 1024 2009-11-17 11:32 violations.d/ drwxr-s--- 2 root logcheck 2048 2009-11-17 11:32 violations.ignore.d/ I'm primary user on this box: (0) infidel /home/keeling_ id uid=1000(keeling) gid=1000(keeling) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),50(staff),108(netdev),1000(keeling) As member of adm, I can read /etc/log/messages, et al. However, I'm not allowed to view /etc/logcheck/logcheck.conf, yet I'm the one logcheck is sending reports to. Uh, ... Should I add keeling to group logcheck? What's the downside? Again, thanks. -- System Information: Debian Release: 5.0.6 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (x86_64) Kernel: Linux 2.6.32-bpo.5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages logcheck depends on: ii adduser3.110 add and remove users and groups ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-3 A simple mail user agent ii cron 3.0pl1-105management of regular background p ii lockfile-progs 0.1.11-0.1Programs for locking and unlocking ii logtail1.2.69Print log file lines that have not ii mailx 1:20071201-3 Transitional package for mailx ren ii postfix [mail-tran 2.5.5-1.1 High-performance mail transport ag ii rsyslog [system-lo 3.18.6-4 enhanced multi-threaded syslogd Versions of packages logcheck recommends: ii logcheck-database 1.2.69 database of system log rules for t Versions of packages logcheck suggests: pn syslog-summarynone (no description available) -- no debconf information ---End Message--- ---BeginMessage--- also sprach s. keeling keel...@nucleus.com [2010.09.30.0253 +0200]: As member of adm, I can read /etc/log/messages, et al. However, I'm not allowed to view /etc/logcheck/logcheck.conf, yet I'm the one logcheck is sending reports to. Uh, ... Should I add keeling to group logcheck? Yes, if you trust the user (yourself). What's the downside? None, if you trust the user. If you don't trust the user, s/he could probably manipulate the files in /var/lib/logcheck and hide log messages that way. But logcheck is not supposed to be used as a security tool anyway, as it's way too unreliable for that. -- .''`. martin f. krafft madd...@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems ---End Message--- ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#593482: marked as done (Please update violations.ignore.d/logcheck-sudo to ignore regular messages)
Your message dated Fri, 03 Sep 2010 08:48:27 +
with message-id e1orrwh-0005gl...@franck.debian.org
and subject line Bug#593482: fixed in logcheck 1.3.13
has caused the Debian Bug report #593482,
regarding Please update violations.ignore.d/logcheck-sudo to ignore regular
messages
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
593482: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593482
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck
Version: 1.3.11
Severity: normal
Tags: patch
logcheck does not filter some sudo log messages that I consider false
positives.
One message is caused by executing sudo -l:
Aug 18 16:14:24 rio sudo: mic : TTY=pts/1 ; PWD=/home/mic ; USER=root ;
COMMAND=list
The other message is caused by system shutdown through slim:
Aug 17 14:24:26 rio sudo: root : TTY=console ; PWD=/ ; USER=root ;
COMMAND=/sbin/shutdown -h now SliM F11 initiated system shutdown
This change works for me:
--- logcheck/violations.ignore.d/logcheck-sudo (revision 286)
+++ logcheck/violations.ignore.d/logcheck-sudo (working copy)
@@ -1,5 +1,5 @@
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user
[[:alnum:]-]+ authenticated as [[:alnum:]...@[.a-z]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ :
TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ;
COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ :
TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ;
USER=[._[:alnum:]-]+ ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ :
\(command continued\).*$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\):
session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\):
session closed for user [[:alnum:]-]+$
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1,
'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-vserver-686 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages logcheck depends on:
ii adduser 3.112 add and remove users and groups
ii cron 3.0pl1-113 process scheduling daemon
ii exim4-daemon-light [mail-tran 4.72-1 lightweight Exim MTA (v4) daemon
ii lockfile-progs0.1.15 Programs for locking and unlocking
ii logtail 1.3.11 Print log file lines that have not
ii mime-construct1.11 construct/send MIME messages from
ii rsyslog [system-log-daemon] 4.6.4-1enhanced multi-threaded syslogd
Versions of packages logcheck recommends:
ii logcheck-database 1.3.11 database of system log rules for t
Versions of packages logcheck suggests:
pn syslog-summarynone (no description available)
-- Configuration Files:
/etc/logcheck/logcheck.conf [Errno 13] Permission denied:
u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied:
u'/etc/logcheck/logcheck.logfiles'
-- no debconf information
signature.asc
Description: Digital signature
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.13
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:
logcheck-database_1.3.13_all.deb
to main/l/logcheck/logcheck-database_1.3.13_all.deb
logcheck_1.3.13.dsc
to main/l/logcheck/logcheck_1.3.13.dsc
logcheck_1.3.13.tar.gz
to main/l/logcheck/logcheck_1.3.13.tar.gz
logcheck_1.3.13_all.deb
to main/l/logcheck/logcheck_1.3.13_all.deb
logtail_1.3.13_all.deb
to main/l/logcheck/logtail_1.3.13_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 593...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
[Logcheck-devel] Processed: tagging 593482
Processing commands for cont...@bugs.debian.org: # fixed in 388daab tags 593482 + pending Bug #593482 [logcheck] Please update violations.ignore.d/logcheck-sudo to ignore regular messages Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 593482: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593482 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#589981: marked as done (logcheck-database: add sender delay rules for bounce)
Your message dated Thu, 29 Jul 2010 07:47:08 +
with message-id e1oenpc-0005ao...@franck.debian.org
and subject line Bug#589981: fixed in logcheck 1.3.11
has caused the Debian Bug report #589981,
regarding logcheck-database: add sender delay rules for bounce
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
589981: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589981
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
---BeginMessage---
Package: logcheck-database
Version: 1.2.69
Severity: wishlist
Please add the rule
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/bounce\[[[:digit:]]+\]:
[:alnum:]+: sender delay notification: [:alnum:]+$
-- System Information:
Debian Release: 5.0.5
APT prefers stable
APT policy: (700, 'stable'), (650, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-- no debconf information
---End Message---
---BeginMessage---
Source: logcheck
Source-Version: 1.3.11
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:
logcheck-database_1.3.11_all.deb
to main/l/logcheck/logcheck-database_1.3.11_all.deb
logcheck_1.3.11.dsc
to main/l/logcheck/logcheck_1.3.11.dsc
logcheck_1.3.11.tar.gz
to main/l/logcheck/logcheck_1.3.11.tar.gz
logcheck_1.3.11_all.deb
to main/l/logcheck/logcheck_1.3.11_all.deb
logtail_1.3.11_all.deb
to main/l/logcheck/logtail_1.3.11_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 589...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Format: 1.8
Date: Thu, 29 Jul 2010 08:37:19 +0200
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source all
Version: 1.3.11
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org
Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail- Print log file lines that have not been read (deprecated)
Closes: 585802 588285 589981
Changes:
logcheck (1.3.11) unstable; urgency=low
.
[ Hannes von Haugwitz ]
* ignore.d.server/smartd:
- ignore scheduled Offline Immediate Test (closes: #585802)
* ignore.d.workstation/slim: new
- ignore session opened/closed messages
* debian/control:
- bumped to Standards-Version 3.9.1 (no changes necessary)
- depend on default-mta instead of exim4
* ignore.d.workstation/wpasupplicant:
- match 5660 MHz in 'Trying to associate' message
* ignore.d.server/libpam-krb5: new
- ignore successful kerberos authentication, thanks to
Russ Allbery (closes: #588285)
* violations.ignore.d/logcheck-sudo:
- ignore successful kerberos authentication, thanks to
Michel Messerschmidt (see: #588285)
* logcheck-database.preinst:
- deleting ignore.d.workstation/xscreensaver, rule is covered
by i.d.s/libpam-krb5
- deleting ignore.d.server/cracklib, rules maintained in cracklib-runtime
* ignore.d.workstation/login:
- removed successful krb auth rule, rule is covered by i.d.s/libpam-krb5
* violations.ignore.d/logcheck-su:
- ignore successful kerberos authentication
* ignore.d.server/smartd
- ignore 'state read' and 'state written' messages
* debian/copyright:
- updated copyright year to 2010
- added Marc, Hanspeter and myself as team members
* ignore.d.server/dhclient:
- allow '-' in version string
.
[ martin f. krafft ]
* ignore.d.server/postfix:
- patch from Mathias Krause to address changes in policy-weightd log
message format.
* ignore.d.server/ssh:
- messages about invalid users can contain zero-length usernames.
* ignore.d.server/postfix:
- ignore delay notification log entries (closes: #589981).
.
[ Hanspeter Kunz ]
* ignore.d.server/dhcp
