[Logcheck-devel] Processed: [PATCH] Let mime-construct pick an encoding (closes: #860052)
Processing commands for cont...@bugs.debian.org: > tags 860052 + patch Bug #860052 [logcheck] can generate illegal and thus lost e-mail messages due to long lines Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 860052: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860052 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#825170: marked as done (logcheck: Ignore DNSSEC rekeying)
Your message dated Wed, 25 Jan 2017 22:05:37 + with message-id <e1cwvhb-0002ww...@fasolo.debian.org> and subject line Bug#825170: fixed in logcheck 1.3.18 has caused the Debian Bug report #825170, regarding logcheck: Ignore DNSSEC rekeying to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 825170: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825170 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Version: 1.3.17 Severity: minor Tags: patch After enabling bind inline-signing the logfile sees every hour a 'reconfiguring zone keys' and 'next key event' line. These could be ignored. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Init: systemd (via /run/systemd/system) Versions of packages logcheck depends on: ii adduser3.114 ii cron 3.0pl1-128 ii exim4-daemon-heavy [mail-transport-agent] 4.87-3 ii lockfile-progs 0.1.17 ii logtail1.3.17 ii mime-construct 1.11+nmu2 ii rsyslog [system-log-daemon]8.16.0-1+b3 Versions of packages logcheck recommends: ii logcheck-database 1.3.17 Versions of packages logcheck suggests: pn syslog-summary -- Configuration Files: /etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles' -- debconf information: * logcheck/install-note: logcheck/changes: >From d3450966f68a2221a4155868a9beed524478feca Mon Sep 17 00:00:00 2001 From: Philipp Kolmann <phil...@kolmann.at> Date: Tue, 24 May 2016 11:27:19 +0200 Subject: [PATCH] commit d180391d2a0f71f4f91a39a8b2b55fb676fdb3bc Author: Philipp Kolmann <phil...@kolmann.at> Date: Tue May 24 11:25:10 2016 +0200 After enabling bind inline-signing the logfile sees every hour a 'reconfiguring zone keys' and 'next key event' line. These could be ignored. Signed-off-by: Philipp Kolmann <phil...@kolmann.at> --- rulefiles/linux/ignore.d.server/bind | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rulefiles/linux/ignore.d.server/bind b/rulefiles/linux/ignore.d.server/bind index 88e1989..6e7e2ae 100644 --- a/rulefiles/linux/ignore.d.server/bind +++ b/rulefiles/linux/ignore.d.server/bind @@ -11,3 +11,5 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [-._[:alnum:]]+/IN: notify from [.:[:xdigit:]]+#[[:digit:]]+: zone is up to date$ ^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[0-9]+\]: success resolving '[^[:space:]]+' \(in '[.[:alnum:]-]+'\?\) after (disabling EDNS|reducing the advertised EDNS UDP packet size to 512 octets)$ ^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: error \((FORMERR|connection refused|unexpected RCODE (REFUSED|SERVFAIL)|(network|host) unreachable)\) resolving '[^[:space:]]+': [.:[:xdigit:]]+#[[:digit:]]+$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [._[:alnum:]-]+/IN (signed): reconfiguring zone keys$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [._[:alnum:]-]+/IN (signed): next key event: [:digit:]]{3}-\w{3}-[:digit:]{4} [.:[:digit:]]{12}$ -- 2.8.1 --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 825...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-data
[Logcheck-devel] Bug#786815: marked as done (please add alternate dependency on cron-daemon)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002wa...@fasolo.debian.org> and subject line Bug#786815: fixed in logcheck 1.3.18 has caused the Debian Bug report #786815, regarding please add alternate dependency on cron-daemon to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 786815: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=786815 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Severity: minor Tags: patch Currently logcheck only depends on cron but systemd-cron only Provides: cron-daemon but not cron. So these 2 can't be used together. diff --git a/debian/control b/debian/control index 808dec5..33a76bb 100644 --- a/debian/control +++ b/debian/control @@ -12,7 +12,7 @@ Homepage: http://www.logcheck.org/ Package: logcheck Architecture: all -Depends: adduser, default-mta | mail-transport-agent, cron, rsyslog | system-log-daemon, mime-construct, logtail (>= 1.2.59), lockfile-progs, ${misc:Depends} +Depends: adduser, default-mta | mail-transport-agent, cron | cron-daemon, rsyslog | system-log-daemon, mime-construct, logtail (>= 1.2.59), lockfile-progs, ${misc:Depends} Recommends: logcheck-database (>= ${source:Version}) Suggests: syslog-summary Description: mails anomalies in the system logfiles to the administrator --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 786...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore
[Logcheck-devel] Bug#815114: marked as done (Please whitelist sudo -g nogroup (not just sudo -u nobody))
Your message dated Wed, 25 Jan 2017 22:05:37 + with message-id <e1cwvhb-0002we...@fasolo.debian.org> and subject line Bug#815114: fixed in logcheck 1.3.18 has caused the Debian Bug report #815114, regarding Please whitelist sudo -g nogroup (not just sudo -u nobody) to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 815114: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815114 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Version: 1.3.17 Severity: wishlist Tags: patch Currently logcheck thinks "sudo -u nobodypwd" is OK, "sudo -g nogroup pwd" is scary; and "sudo -u nobody -g nogroup pwd" is scary. IMO either these are all OK, or all scary --- probably the former. Here is an (untested) patch against current logcheck; I've been using a variation on oldoldstable systems for a while. diff --git a/rulefiles/linux/violations.ignore.d/logcheck-sudo b/rulefiles/linux/violations.ignore.d/logcheck-sudo index 92c3dd4..274ed83 100644 --- a/rulefiles/linux/violations.ignore.d/logcheck-sudo +++ b/rulefiles/linux/violations.ignore.d/logcheck-sudo @@ -1,5 +1,5 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]-]+@[.A-Z]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ (; (USER|GROUP)=[._[:alnum:]-]+ )+; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$ --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 815...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #
[Logcheck-devel] Bug#481353: marked as done (Please add support for logcheck.logfiles.d)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002va...@fasolo.debian.org> and subject line Bug#481353: fixed in logcheck 1.3.18 has caused the Debian Bug report #481353, regarding Please add support for logcheck.logfiles.d to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 481353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Version: 1.2.63 Severity: wishlist Please add support for logcheck.logfiles.d so packages can put files there and add new logfiles for reviewing. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.24-1-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 481...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore DNSSEC rekeying (closes: #825170) * ignore.d.server/openvpn: - match arbitrary mtu sizes (closes: #815755) * ignore.d.server/snmpd: - match optional port (closes: #644886) * ignore.d.server/postfix: - remove obsolete rule (closes: #822165) * ignore.d.server/systemd-timesyncd: new - match 'interval/delta/delay/jitter/drift' message * ignore.d.server/kernel: - 'TCP: ' prefix is optional, thanks to Xavier Mehrenberg
[Logcheck-devel] Bug#799304: marked as done (logcheck-database: rule for sshd accepted key rule is obsolete)
Your message dated Wed, 25 Jan 2017 22:05:37 + with message-id <e1cwvhb-0002ws...@fasolo.debian.org> and subject line Bug#799304: fixed in logcheck 1.3.18 has caused the Debian Bug report #799304, regarding logcheck-database: rule for sshd accepted key rule is obsolete to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 799304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799304 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.17 Severity: normal The following rule in ignore.d.server/ssh: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Accepted (gssapi(-with-mic|-keyex)?|rsa|dsa|password|publickey|keyboard-interactive/pam|hostbased) for [^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2))?(: (RSA|ECDSA) ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2})?$ is not working with version 6.9 of openssh. Log entries in my system are like this now: Sep 16 10:35:04 rlaboiss sshd[17173]: Accepted publickey for xx from 000.000.000.000 port 000 ssh2: RSA SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY The problem is that the key hash at the end: SHA256:JZNBRCNIMW8ghcZp1zDcWRjWcJm5N/1hFkV8pVlDWXY does not match the end of the rule: ([[:xdigit:]]{2}:){15}[[:xdigit:]]{2}) Please, fix it. Thanks, Rafael Laboissiere --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 799...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore DNSSEC r
[Logcheck-devel] Bug#418147: marked as done (logcheck: Does not complain if rules are unreadable)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002vu...@fasolo.debian.org> and subject line Bug#418147: fixed in logcheck 1.3.18 has caused the Debian Bug report #418147, regarding logcheck: Does not complain if rules are unreadable to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 418147: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=418147 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Version: 1.2.39 Severity: normal Hello, Due to the incorrect group ownership bug (which has already been fixed) I ended up with logcheck not being able to read any files in /etc/logcheck/ignore.d.paranoid. However, instead of complaining that some files were unreadable, logcheck just sent the *complete* logfiles by mail, without any filtering. If logcheck cannot read some of its rule files, it should mention that in its mail. Additionally, it may be worth considering to not include any logfile contents in this case, since for me this generated a 10 MB mail. Best, Nikolaus -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.9-023stab039.1-smp Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages logcheck depends on: ii adduser 3.63Add and remove users and groups ii cron 3.0pl1-86 management of regular background p ii debconf [debconf 1.4.30.13 Debian configuration management sy ii debianutils 2.8.4 Miscellaneous utilities specific t ii exim44.50-8sarge2metapackage to ease exim MTA (v4) ii exim4-daemon-hea 4.50-8sarge2exim MTA (v4) daemon with extended ii lockfile-progs 0.1.10 Programs for locking and unlocking ii logcheck-databas 1.2.39 A database of system log rules for ii logtail 1.2.39 Print log file lines that have not ii mailx1:8.1.2-0.20040524cvs-4 A simple mail user agent ii sysklogd [system 1.4.1-17System Logging Daemon -- debconf information excluded --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 418...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow
[Logcheck-devel] Bug#775090: marked as done (logcheck-database: Should filter shh preauth disconnect ok messages)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002vs...@fasolo.debian.org> and subject line Bug#775090: fixed in logcheck 1.3.18 has caused the Debian Bug report #775090, regarding logcheck-database: Should filter shh preauth disconnect ok messages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 775090: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775090 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.17 Severity: normal Tags: patch I get tons of messages for sshd like these: Received disconnect from [IP]: 11: ok [preauth] `Bye Bye [preauth]` is already filtered out. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) >From fc9a190720510e14039505229c9e6c0803ebde3f Mon Sep 17 00:00:00 2001 From: Adrian Heine <m...@adrianheine.de> Date: Sun, 11 Jan 2015 08:34:07 +0100 Subject: [PATCH] server/ssh: Better match for preauth disconnect --- rulefiles/linux/ignore.d.server/ssh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/rulefiles/linux/ignore.d.server/ssh b/rulefiles/linux/ignore.d.server/ssh index 890d20a..9c6ec96 100644 --- a/rulefiles/linux/ignore.d.server/ssh +++ b/rulefiles/linux/ignore.d.server/ssh @@ -14,7 +14,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Postponed keyboard-interactive(/pam)? for (invalid user )?[^[:space:]]+ from [^[:space:]]+ port [[:digit:]]+( (ssh|ssh2)( \[preauth\])?)?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: [12]: Timeout, server not responding\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (disconnected by user|Closed due to user request\.)$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: Bye Bye \[preauth\]$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:.[:xdigit:]]+: 11: (Bye Bye|ok) \[preauth\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Client disconnect$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Connection closed by [:.[:xdigit:]]+ \[preauth\]$ -- 2.1.4 --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 775...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp
[Logcheck-devel] Bug#799041: marked as done (Updated rules for isc-dhcp-server)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002wm...@fasolo.debian.org> and subject line Bug#799041: fixed in logcheck 1.3.18 has caused the Debian Bug report #799041, regarding Updated rules for isc-dhcp-server to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 799041: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799041 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.17 Severity: normal Tags: patch isc-dhcp-server has added the PID to the log output since version 4.3.3-2: * Enable pid file logging (closes: #792928). This spams logcheck output. Attached is a new version of /etc/logcheck/ignore.d.server/dhcp which matches the new log output. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Internet (Software|Systems) Consortium DHCP Server [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Copyright [0-9-]+ Internet (Software|Systems) Consortium\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): All rights reserved\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): For info, please visit http(://www\.isc\.org/(products/DHCP|sw/dhcp/)|s://www\.isc\.org/software/dhcp/)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): Wrote [0-9]+ (leases|(class|group|deleted host|new dynamic host) decls) to leases file\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): (BOOTREQUEST|DHCPDISCOVER) from [:[:alnum:]]+ (\([\(\):._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): BOOTREPLY (for|on) [.0-9]{7,15} to [:[:alnum:]]+ (\([:._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) )?from [:._[:alnum:]-]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: unknown lease [.0-9]{7,15}\.)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([\(\)._[:alnum:]-]+\) )?via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2\.2\.x|): DHCP(NAK|RELEASE|INFORM) (on|from) ([.0-9]{7,15}|[:[:alnum:].]+)$ #Added for dhcp 3 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPDISCOVER from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPOFFER on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPREQUEST for [.0-9]{7,15} (\([.0-9]{7,15}\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\) )?via [._[:alnum:]-]+(: load balance to peer [._[:alnum:]-]+\.?|: lease owned by peer\.?|: wrong network\.?|: lease [.0-9]{7,15} unavailable\.?)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPNAK on [.0-9]{7,15} to [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPINFORM from [.0-9]{7,15} via [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPRELEASE of [.0-9]{7,15} from [:[:alnum:]]+ (\([._[:alnum:]-]+\) |)via [._[:alnum:]-]+ \((not |)found\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: DHCPACK to [.0-9]{7,15}( \(([:[:xdigit:]]+|)\) via [._[:alnum:]-]+)?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ((balancing|balanced) )?pool [0-9a-f]{6,7} [.0-9]{7,15}/[:[:alnum:]]+ ? total [:[:alnum:]]+ free [:[:alnum:]]+ backup [:[:alnum:]]+ lts [:[:alnum:]-]+.*( max-(own \(\+/-\)[[:digit:]]+|misbal [[:digit:]]+))?$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: ICMP Echo reply while lease [.[:digit:]]{7,15} valid\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: uid lease [.0-9]{7,15} for client [:[:xdigit:]]+ is duplicate on [.0-9]{7,15}/[[:digit:]]+$ # Dyndns support ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: [Aa]dded (new )?(forward|reverse) map from [._[:alnum:]-]+ to [._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: removed reverse map on [._[:alnum:]-]+\.$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd[[[:digit:]]+]: Can't update forward map [._[:alnum:]-]+ to [.0-9]{7,15}: no such RRset$ # udhcpd support ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ udhcpd\[[0-9]+\]: s
[Logcheck-devel] Bug#644886: marked as done (logcheck-database: snmpd ruleset needs update)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002vg...@fasolo.debian.org> and subject line Bug#644886: fixed in logcheck 1.3.18 has caused the Debian Bug report #644886, regarding logcheck-database: snmpd ruleset needs update to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 644886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644886 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.13 Severity: normal Rule ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from UDP: \[[.0-9]{7,15}\]:[0-9]{4,5}$ does not cover log entries like Oct 10 07:05:04 foobar snmpd[19089]: Connection from UDP: [192.0.2.61]:34180->[198.51.100.163] Gabor -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Related package versions: snmpd 5.4.3~dfsg-2 -- no debconf information --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 644...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore DNSSEC rekeying (closes: #825170) * ignore.d.server/openvpn: - match arbitrary mtu sizes (closes: #815755) * ignore.d.server/snmpd: - match optional port (closes: #644886) * ignore.d.server/postfix: - remove obs
[Logcheck-devel] Bug#780441: marked as done (logcheck/PAM interaction ignore domain names as user)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002vy...@fasolo.debian.org> and subject line Bug#780441: fixed in logcheck 1.3.18 has caused the Debian Bug report #780441, regarding logcheck/PAM interaction ignore domain names as user to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780441 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck Severity: normal Dear Maintainer, the default "/etc/logcheck/ignore.d.server/su" has the following ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for [[:alnum:]-]+ by [[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_[[:alnum:]]+\(su:session\): session closed for user [[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root:[_[:alnum:]-]+$ but sometimes the session closed for user is the hostname and has "." inside like these Mar 13 07:16:01 api su[57408]: Successful su for mydomain.com by root Mar 13 01:52:01 api su[47132]: + ??? root:mydomain.com Mar 13 01:52:01 api su[47132]: pam_unix(su:session): session opened for user mydomain.com by (uid=0) Mar 13 01:52:01 api su[47132]: pam_unix(su:session): session closed for user mydomain.com so think it must be changed like the following ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: Successful su for [[:alnum:].-]+ by [[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_[[:alnum:]]+\(su:session\): session closed for user [[:alnum:].-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: pam_[[:alnum:]]+\(su:session\): session opened for user [[:alnum:].-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root:[_[:alnum:].-]+$ -- System Information: Debian Release: 7.8 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/12 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'E
[Logcheck-devel] Bug#783633: marked as done (logcheck-database: Please add rules for systemd)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002w4...@fasolo.debian.org> and subject line Bug#783633: fixed in logcheck 1.3.18 has caused the Debian Bug report #783633, regarding logcheck-database: Please add rules for systemd to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 783633: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783633 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.17 Severity: wishlist Tags: patch I was quite surprised that after a dist-upgrade I was flooded with systemd messages from logcheck. The appropriate rules are already available at https://wiki.debian.org/systemd/logcheck See also https://lists.debian.org/debian-devel/2014/08/msg00923.html -- System Information: Debian Release: 8.0 APT prefers stable APT policy: (990, 'stable'), (400, 'testing'), (300, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) -- Configuration Files: /etc/logcheck/cracking.d/kernel [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/kernel' /etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/rlogind' /etc/logcheck/cracking.d/rsh [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/rsh' /etc/logcheck/cracking.d/smartd [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/smartd' /etc/logcheck/cracking.d/tftpd [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/tftpd' /etc/logcheck/cracking.d/uucico [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/uucico' /etc/logcheck/ignore.d.paranoid/bind [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/bind' /etc/logcheck/ignore.d.paranoid/cron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/cron' /etc/logcheck/ignore.d.paranoid/incron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/incron' /etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/logcheck' /etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/postfix' /etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/ppp' /etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/pureftp' /etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/qpopper' /etc/logcheck/ignore.d.paranoid/squid [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/squid' /etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/ssh' /etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/stunnel' /etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/sysklogd' /etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/telnetd' /etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/tripwire' /etc/logcheck/ignore.d.paranoid/usb [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/usb' /etc/logcheck/ignore.d.server/acpid [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/acpid' /etc/logcheck/ignore.d.server/amandad [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/amandad' /etc/logcheck/ignore.d.server/amavisd-new [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/amavisd-new' /etc/logcheck/ignore.d.server/anacron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/anacron' /etc/logcheck/ignore.d.server/anon-proxy [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/anon-proxy' /etc/logcheck/ignore.d.server/apache [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/apache' /etc/logcheck/ignore.d.server/apcupsd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/apcupsd' /etc/logcheck/ignore.d.server/arpwatch [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/arpwatch' /etc/logcheck/ignore.d.server/asterisk [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/asterisk' /etc/logcheck/ignore.d.server/automount [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/automount' /etc/logcheck/ignore.d.server/bind [Errno 13] Permission deni
[Logcheck-devel] Bug#797512: marked as done (logcheck-database: Updated regex for kernel "unexpectedly shrunk window")
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002wg...@fasolo.debian.org> and subject line Bug#797512: fixed in logcheck 1.3.18 has caused the Debian Bug report #797512, regarding logcheck-database: Updated regex for kernel "unexpectedly shrunk window" to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 797512: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797512 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.17 Severity: wishlist Dear Maintainer, You will find a patch for logcheck server kernel rules to reflect message changes in net/ipv4/tcp_timer.c. -- System Information: Architecture: amd64 (x86_64) Kernel: 3.16.0-4-amd64 Best regards -- Xavier Mehrenberger PGP: 0xFD3D563AEBC0307E Fingerprint: 8847 CDED F0AF 19DA 61D6 892F FD3D 563A EBC0 307E diff --git a/logcheck/ignore.d.server/kernel b/logcheck/ignore.d.server/kernel index 682943d..12ed3fc 100644 --- a/logcheck/ignore.d.server/kernel +++ b/logcheck/ignore.d.server/kernel @@ -28,7 +28,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? PCI: Setting latency timer of device [[:alnum:]:.]+ to [[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? SCSI device [[:alnum:]]+: drive cache: write (through|back)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? SCSI subsystem initialized$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? TCP: (Treason uncloaked! )?Peer [:.[:xdigit:]]+:[[:digit:]]{1,5}/[[:digit:]]{1,5} (shrinks|unexpectedly shrunk) window [[:digit:]]+:[[:digit:]]+\.? (Repaired\.|\(repaired\))$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? (TCP: )?(Treason uncloaked! )?Peer [:.[:xdigit:]]+:[[:digit:]]{1,5}/[[:digit:]]{1,5} (shrinks|unexpectedly shrunk) window [[:digit:]]+:[[:digit:]]+\.? (Repaired\.|\(repaired\))$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? XFS mounting filesystem [[:alnum:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:][:space:]]+: probe of [:.[:xdigit:]]+ failed with error [-[:digit:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:alnum:]]+: link up\.$ --- End Message --- --- Begin Message --- Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 797...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org> Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identific
[Logcheck-devel] Bug#703936: marked as done (logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete)
Your message dated Wed, 25 Jan 2017 22:05:36 + with message-id <e1cwvha-0002vm...@fasolo.debian.org> and subject line Bug#703936: fixed in logcheck 1.3.18 has caused the Debian Bug report #703936, regarding logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 703936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems --- Begin Message --- Package: logcheck-database Version: 1.3.13 Severity: normal The rule for SSH ignoring "Bad protocol version identification" assumes there are no single quotes inside the version string ('[^']'). I am however getting mails including those lines: Mar 25 22:57:04 Debian-60-squeeze-64-minimal sshd[12144]: Bad protocol version identification '\004\241\031\a\232k\273#\203J\223\030\246\354t\260n\346q\004*\231\264q&\035\321.l5\260)r\224!\030C\f#ytS8\344\343\363\334'{_D\033\317[e\006\362\327\344\006-pH\356\0205\271\306\360\002\217\325y\023~\026\3412dc\021u\354\004\353m\225\210\272\030\311w\030I)\031\016\206\345\342' from 119.78.236.189 Mar 25 16:21:14 Debian-60-squeeze-64-minimal sshd[4015]: Bad protocol version identification '\354\035\371^\277\376\323\332{0\016Dd\351\237\356\302\252\275\331\315w\306\343\246m\377@waj\231\374C\236\234\207\210p\363C9}\366\2532xiM\255f\232!\376\335[\363'\b\217!Zp(\314\266\253?' from 210.73.57.141 Mar 25 13:18:36 Debian-60-squeeze-64-minimal sshd[317]: Bad protocol version identification '\301h\355\243\375\2106\005/H\256\001\362\250\365d\333Hd\235\353\322\232\335\003\274\353JB\374\353\263\272>#\337\020\250\376\247\344\\\v\301\336\036\236\t\235\026\273\003/\021C\307\264\2338>E7\341\303'B\246\357\321^\366\200Q\364\234G\374\302\207\3113\016\306\222\244\217\216\216\177\351\212j\325\255;' from 122.206.34.166 -- System Information: Debian Release: 6.0.7 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Configuration Files: /etc/logcheck/cracking.d/kernel [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/kernel' /etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/rlogind' /etc/logcheck/cracking.d/rsh [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/rsh' /etc/logcheck/cracking.d/smartd [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/smartd' /etc/logcheck/cracking.d/tftpd [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/tftpd' /etc/logcheck/cracking.d/uucico [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/uucico' /etc/logcheck/ignore.d.paranoid/bind [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/bind' /etc/logcheck/ignore.d.paranoid/cron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/cron' /etc/logcheck/ignore.d.paranoid/incron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/incron' /etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/logcheck' /etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/postfix' /etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/ppp' /etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/pureftp' /etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/qpopper' /etc/logcheck/ignore.d.paranoid/squid [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/squid' /etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/ssh' /etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/stunnel' /etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/sysklogd' /etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/telnetd' /etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/tripwire' /etc/logcheck/ignore.d.paranoid/usb [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/usb' /etc/logcheck/ignore.d.server/acpid [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/acpid' /etc/logcheck/ignore.d.server/amandad [Errno 13] Permissio
[Logcheck-devel] Processed: Re: Bug#808429: systemd: Please add logcheck rules
Processing control commands: > reassign -1 logcheck-database Bug #808429 [systemd] systemd: Please add logcheck rules Bug reassigned from package 'systemd' to 'logcheck-database'. No longer marked as found in versions systemd/228-2. Ignoring request to alter fixed versions of bug #808429 to the same values previously set -- 808429: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=808429 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 825170
Processing commands for cont...@bugs.debian.org: > tags 825170 + pending Bug #825170 [logcheck] logcheck: Ignore DNSSEC rekeying Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 825170: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825170 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 822165
Processing commands for cont...@bugs.debian.org: > tags 822165 + pending Bug #822165 [logcheck-database] logcheck-database: regex wrong in linux/ignore.d.server/postfix Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 822165: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822165 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 644886
Processing commands for cont...@bugs.debian.org: > tags 644886 + pending Bug #644886 [logcheck-database] logcheck-database: snmpd ruleset needs update Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 644886: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644886 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 815755
Processing commands for cont...@bugs.debian.org: > tags 815755 + pending Bug #815755 [logcheck-database] logcheck-database: error in openvpn rules Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 815755: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815755 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 481353
Processing commands for cont...@bugs.debian.org: > tags 481353 + pending Bug #481353 [logcheck] Please add support for logcheck.logfiles.d Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 481353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 799041
Processing commands for cont...@bugs.debian.org: > tags 799041 + pending Bug #799041 [logcheck-database] Updated rules for isc-dhcp-server Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 799041: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799041 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 799304
Processing commands for cont...@bugs.debian.org: > tags 799304 + pending Bug #799304 [logcheck-database] logcheck-database: rule for sshd accepted key rule is obsolete Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 799304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799304 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 703936
Processing commands for cont...@bugs.debian.org: > tags 703936 + pending Bug #703936 [logcheck-database] logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 703936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 780441
Processing commands for cont...@bugs.debian.org: > tags 780441 + pending Bug #780441 [logcheck] logcheck/PAM interaction ignore domain names as user Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 780441: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780441 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 775090
Processing commands for cont...@bugs.debian.org: > tags 775090 + pending Bug #775090 [logcheck-database] logcheck-database: Should filter shh preauth disconnect ok messages Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 775090: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775090 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 809605
Processing commands for cont...@bugs.debian.org: > tags 809605 + pending Bug #809605 [logcheck] logcheck: dhclient rules do not match because of [pid] Added tag(s) pending. > thanks Stopping processing here. Please contact me if you need assistance. -- 809605: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809605 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassign 816685 to logcheck-database
Processing commands for cont...@bugs.debian.org: > reassign 816685 logcheck-database Bug #816685 [postfix] postfix: logcheck (maybe something else) Bug reassigned from package 'postfix' to 'logcheck-database'. No longer marked as found in versions postfix/3.0.4-5. Ignoring request to alter fixed versions of bug #816685 to the same values previously set > thanks Stopping processing here. Please contact me if you need assistance. -- 816685: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=816685 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Add patch tag
Processing commands for cont...@bugs.debian.org: > tags 481353 +patch Bug #481353 [logcheck] Please add support for logcheck.logfiles.d Added tag(s) patch. > thanks Stopping processing here. Please contact me if you need assistance. -- 481353: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=481353 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Fwd: re: logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete
Processing commands for cont...@bugs.debian.org: tags 703936 + patch Bug #703936 [logcheck-database] logcheck-database: SSH Bad Protocol Version Idenitifcation Rule is incomplete Added tag(s) patch. thanks Stopping processing here. Please contact me if you need assistance. -- 703936: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=703936 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassigning to the package containing the bug
Processing commands for cont...@bugs.debian.org: reassign 750973 logcheck-database Bug #750973 [cron-apt] /etc/logcheck/ignore.d.server/cron-apt does not match some syslog message format Bug reassigned from package 'cron-apt' to 'logcheck-database'. No longer marked as found in versions cron-apt/0.8.2. Ignoring request to alter fixed versions of bug #750973 to the same values previously set thanks Stopping processing here. Please contact me if you need assistance. -- 750973: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=750973 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#744205: marked as done (logcheck-database: rule for dhcp)
Your message dated Fri, 24 Oct 2014 22:52:12 + with message-id e1xhnio-0006fl...@franck.debian.org and subject line Bug#744205: fixed in logcheck 1.3.17 has caused the Debian Bug report #744205, regarding logcheck-database: rule for dhcp to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 744205: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744205 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck-database Version: 1.3.15 Severity: normal Dear Maintainer, isc-dhcp-server startup message now refers to https url: s{For info, please visit http://www}{For info, please visit https://www} -- System Information: Debian Release: 7.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_NZ.UTF-8, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Configuration Files: [deleted - my user can't read them, and I didn't run reportbug as root ...] -- no debconf information ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.17 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 744...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 24 Oct 2014 23:54:14 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.17 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 743000 743378 744205 764336 Changes: logcheck (1.3.17) unstable; urgency=low . [ Hannes von Haugwitz ] * debian/control: - dropped obsolete Replaces fields - removed 'deprecated' notice from logtail's short description - bumped to Standards-Version 3.9.6 (no changes necessary) * Migrated to dh7 style debian/rules file * debian/compat: - bumped to dh compatibility level 9 - updated copyright year to 2014 * debian/README.backports: removed (obsolete) * src/logcheck: - changed '#!/bin/bash' to '#!/usr/bin/env bash' - use '/run/lock/logcheck' instead of '/var/lock/logcheck' - set VERSION to the current version, thanks to Pascal Wittmann * ignore.d.workstation/wpasupplicant: - adjusted 'Group rekeying' rule and ignore 'CTRL-EVENT-SCAN-STARTED' message (LP: #1325349) * ignore.d.server/dhcp: - adjust rule to match new URL (closes: #744205) * debian/copyright: - removed obsolete 'fork' notice * docs/README.Maintainer: - fixed typo (closes: #764336) * ignore.d.server/ssh: - match key fingerprint when using key exchange auth (closes: #743000) * ignore.d.server/dkim-filter: removed - package has been removed from debian . [ Alberto Gonzalez Iniesta ] * ignore.d.workstation/kernel: - fixed reworded Caching mode page message, thanks to Hagen Fuchs for the patch (closes: #743378) Checksums-Sha1: 61ac7312506a9fb9a933c245bc324c71aa6fc5d0 1834 logcheck_1.3.17.dsc adb54e75f8a17e3aff4abb3066122c0dfdde21e3 130956 logcheck_1.3.17.tar.xz 7d7fa098eac52f563f2a0c128379e88ec65c71a3 75482 logcheck_1.3.17_all.deb 468760ac83bcd7ab4151f7af46cf5550e8e34ad5 110672 logcheck-database_1.3.17_all.deb 4768dca652eec641c6065e4039174e2cfc07f62b 60966 logtail_1.3.17_all.deb Checksums-Sha256: 1213ee55a9730ed6866ddcc915bcfea7d087b5550a0953f9d39dee8ec8785304 1834 logcheck_1.3.17.dsc c2d3fc323e8c6555e91d956385dbfd0f67b55872ed0f6a7ad8ad2526a9faf03a 130956 logcheck_1.3.17.tar.xz f190a482f7f0dd5836c0ee391c932fb0d6821f9e267f70743a4178a79de6411b 75482 logcheck_1.3.17_all.deb
[Logcheck-devel] Bug#764336: marked as done (logcheck: small typo: confilcts - conflicts)
Your message dated Fri, 24 Oct 2014 22:52:12 + with message-id e1xhnio-0006fr...@franck.debian.org and subject line Bug#764336: fixed in logcheck 1.3.17 has caused the Debian Bug report #764336, regarding logcheck: small typo: confilcts - conflicts to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 764336: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764336 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.3.16 Severity: minor Tags: patch diff --git a/debian/changelog b/debian/changelog index bb0511a..768302a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2724,7 +2724,7 @@ logcheck (1.2.27) unstable; urgency=low (Closes: #268277) * Remove qmail rules because they have been added to qmail package. * Rule updates for spamd (Closes: #269318) - * Add note about avoiding file name confilcts in README.Maintainer + * Add note about avoiding file name conflicts in README.Maintainer * Add violations ignore for courier-pop3d-ssl (Closes: #269959) * Add anon-proxy rules (Closes: #269310) * Add perdition rules thanks to ja...@silverdream.org (Closes: #270191) diff --git a/docs/README.Maintainer b/docs/README.Maintainer index 6e7dc7c..ddc1790 100644 --- a/docs/README.Maintainer +++ b/docs/README.Maintainer @@ -51,7 +51,7 @@ any files to be parsed. If you are planning on adding rules for your package, please check to see if we have included them first. If we already have rules and you would like to maintain your own, please let us know before you upload -so we can avoid filename confilcts. +so we can avoid filename conflicts. -- Debian Logcheck Team logcheck-devel@lists.alioth.debian.org Thanks. ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.17 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 764...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 24 Oct 2014 23:54:14 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.17 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 743000 743378 744205 764336 Changes: logcheck (1.3.17) unstable; urgency=low . [ Hannes von Haugwitz ] * debian/control: - dropped obsolete Replaces fields - removed 'deprecated' notice from logtail's short description - bumped to Standards-Version 3.9.6 (no changes necessary) * Migrated to dh7 style debian/rules file * debian/compat: - bumped to dh compatibility level 9 - updated copyright year to 2014 * debian/README.backports: removed (obsolete) * src/logcheck: - changed '#!/bin/bash' to '#!/usr/bin/env bash' - use '/run/lock/logcheck' instead of '/var/lock/logcheck' - set VERSION to the current version, thanks to Pascal Wittmann * ignore.d.workstation/wpasupplicant: - adjusted 'Group rekeying' rule and ignore 'CTRL-EVENT-SCAN-STARTED' message (LP: #1325349) * ignore.d.server/dhcp: - adjust rule to match new URL (closes: #744205) * debian/copyright: - removed obsolete 'fork' notice * docs/README.Maintainer: - fixed typo (closes: #764336) * ignore.d.server/ssh: - match key fingerprint when using key exchange auth (closes: #743000) * ignore.d.server/dkim-filter: removed - package has been removed from debian . [ Alberto Gonzalez Iniesta ] * ignore.d.workstation/kernel: - fixed reworded Caching mode page message, thanks to Hagen Fuchs for the patch (closes: #743378) Checksums-Sha1
[Logcheck-devel] Bug#743378: marked as done (workstation.d/kernel: trivial fix for reworded Caching mode page messages)
Your message dated Fri, 24 Oct 2014 22:52:12 + with message-id e1xhnio-0006ff...@franck.debian.org and subject line Bug#743378: fixed in logcheck 1.3.17 has caused the Debian Bug report #743378, regarding workstation.d/kernel: trivial fix for reworded Caching mode page messages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 743378: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743378 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck-database Version: 1.3.16 Severity: normal Tags: patch Hello, Attached you'll find a trivial patch that enables 'ignore.d.workstation/kernel' to capture the recently reworded message No Caching mode page present (nowadays its present - found). Thanks, Hagen diff --git a/logcheck/ignore.d.workstation/kernel b/logcheck/ignore.d.workstation/kernel index 53cd1dc..2bc9f80 100644 --- a/logcheck/ignore.d.workstation/kernel +++ b/logcheck/ignore.d.workstation/kernel @@ -61,7 +61,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] [[:digit:]]+-byte physical blocks$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] Write Protect is (off|on)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] Mode Sense: [[:xdigit:]]+ [[:xdigit:]]+ [[:xdigit:]]+ [[:xdigit:]]+$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] No Caching mode page present$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] No Caching mode page (present|found)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] Assuming drive cache: write through$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? sd [:[:digit:]]+: \[sd[a-z]\] Spinning up disk\.\.\.\.ready$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? [[:space:]]*sd[a-z]:( sd[a-z][[:digit:]]+)*$ ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.17 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 743...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Fri, 24 Oct 2014 23:54:14 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.17 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read Closes: 743000 743378 744205 764336 Changes: logcheck (1.3.17) unstable; urgency=low . [ Hannes von Haugwitz ] * debian/control: - dropped obsolete Replaces fields - removed 'deprecated' notice from logtail's short description - bumped to Standards-Version 3.9.6 (no changes necessary) * Migrated to dh7 style debian/rules file * debian/compat: - bumped to dh compatibility level 9 - updated copyright year to 2014 * debian/README.backports: removed (obsolete) * src/logcheck: - changed '#!/bin/bash' to '#!/usr/bin/env bash' - use '/run/lock/logcheck' instead of '/var/lock/logcheck' - set VERSION to the current version, thanks to Pascal Wittmann * ignore.d.workstation/wpasupplicant: - adjusted 'Group rekeying' rule and ignore 'CTRL-EVENT-SCAN-STARTED' message (LP: #1325349) * ignore.d.server/dhcp: - adjust rule to match new URL (closes: #744205) * debian/copyright: - removed obsolete 'fork' notice * docs
[Logcheck-devel] Processed: tagging 743000
Processing commands for cont...@bugs.debian.org: #fixed in bf39340 tags 743000 + pending Bug #743000 [logcheck] logcheck: i.d.s/ssh regex doesn't match when using key exchange authentication Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 743000: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743000 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 743378
Processing commands for cont...@bugs.debian.org: tags 743378 - fixed Bug #743378 [logcheck-database] workstation.d/kernel: trivial fix for reworded Caching mode page messages Removed tag(s) fixed. thanks Stopping processing here. Please contact me if you need assistance. -- 743378: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=743378 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#748247: logcheck-database: wrong ssmtp ignore regex triggers mail every hour
Processing commands for cont...@bugs.debian.org: reassign 748247 ssmtp Bug #748247 [logcheck-database] logcheck-database: wrong ssmtp ignore regex triggers mail every hour Bug reassigned from package 'logcheck-database' to 'ssmtp'. No longer marked as found in versions logcheck/1.3.16. Ignoring request to alter fixed versions of bug #748247 to the same values previously set thanks Stopping processing here. Please contact me if you need assistance. -- 748247: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748247 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 764336
Processing commands for cont...@bugs.debian.org: #fixed in 0cb3882 tags 764336 + pending Bug #764336 [logcheck] logcheck: small typo: confilcts - conflicts Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 764336: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=764336 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#647457: marked as done (logcheck-database: fix qpopper related filter rules)
Your message dated Mon, 27 Jan 2014 16:58:15 + with message-id 52e69027.5050...@tiger-computing.co.uk and subject line Re: logcheck-database: fix qpopper related filter rules has caused the Debian Bug report #647457, regarding logcheck-database: fix qpopper related filter rules to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 647457: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647457 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch On Debian Squeeze the rules installed with logcheck for the qpopper POP3 service seem to be incomplete and outdated. First line connect from needs to accept an IP-address after the host name. Also I needed to add two more rules: one to ignore the message Servicing request when clients connect, and one to ignore the bogus error message Unable to open bulletin directory '/var/spool/popbull' when mail is read by clients. The version of qpopper installed here is 4.0.9.dfsg-1.2. Patch attached. cheers, David -- System Information: Debian Release: 6.0.3 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: mipsel (mips64) Kernel: Linux 2.6.39.4-dk1 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- GnuPG public key: http://dvdkhlng.users.sourceforge.net/dk.gpg Fingerprint: B17A DC95 D293 657B 4205 D016 7DEF 5323 C174 7D40 Index: logcheck.ignore/qpopper === --- logcheck.ignore.orig/qpopper 2011-11-02 21:58:04.409495461 +0100 +++ logcheck.ignore/qpopper 2011-11-02 21:58:54.757714318 +0100 @@ -1,6 +1,8 @@ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: connect from [._[:alnum:]-]+$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: connect from [._[:alnum:]-]+ \([.[:digit:]]{7,15}\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \(v[.[:digit:]]+\) POP login by user \[@._[:alnum:]-]+\ at \([._[:alnum:]-]+\) [.[:digit:]]+ \[pop_log.c:244\]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \[drac\]: login by [@._[:alnum:]-]+ from host [._[:alnum:]-]+ \([.[:digit:]]+\) \[drac.c:[0-9]+\]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: [@._[:alnum:]-]+ at [._[:alnum:]-]+ \([.[:digit:]]+\): -ERR Message [[:digit:]]+ does not exist. \[pop_send.c:289\]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: ([@._[:alnum:]-]+|\(null\)) at [._[:alnum:]-]+ \([.[:digit:]]+\): -ERR Unknown command: \[[:alnum:]]+\. \[pop_get_command.c:152\]$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \(v[.[:digit:]]+\) Unable to get canonical name of client [.[:digit:]]+: Name or service not known \(-2\) \[pop_init.c:1196\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: \(v[.[:digit:]]+\) Servicing request from [^]+ at [.[:digit:]]{7,15} \[pop_init.c:[0-9]+\]$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.qpopper\[[0-9]+\]: Unable to open bulletin directory '/var/spool/popbull': No such file or directory \(2\) \[pop_bull.c:[0-9]+\]$ pgpVIqx2c3lRF.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Control: user debian-rele...@lists.debian.org Control: usertag -1 bsp-2014-01-gb-Monmouth Package qpopper is no longer in the archive, so the rules are no longer required. They will be removed in a future update to logcheck. Best regards, Chris -- Chris Boot Tiger Computing Ltd Linux for Business Tel: 01600 483 484 Web: http://www.tiger-computing.co.uk Follow us on Facebook: http://www.facebook.com/TigerComputing Registered in England. Company number: 3389961 Registered address: Wyastone Business Park, Wyastone Leys, Monmouth, NP25 3SR---End Message--- ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed (with 2 errors): Re: Bug#564063: logcheck-database: heartbeat daily informational stats report
Processing control commands: reassign -1 src:heartbeat Bug #564063 [logcheck-database] logcheck-database: heartbeat daily informational stats report Bug reassigned from package 'logcheck-database' to 'src:heartbeat'. No longer marked as found in versions logcheck/1.3.5. Ignoring request to alter fixed versions of bug #564063 to the same values previously set retitle -1 incorporate logcheck snippets Bug #564063 [src:heartbeat] logcheck-database: heartbeat daily informational stats report Changed Bug title to 'incorporate logcheck snippets' from 'logcheck-database: heartbeat daily informational stats report' user debian-rele...@lists.debian.org Unknown command or malformed arguments to command. usertag -1 bsp-2014-01-gb-Monmouth Unknown command or malformed arguments to command. -- 564063: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564063 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed (with 2 errors): Re: Bug#732298: logcheck-database: dhclient diag message changed; updated rule to ignore it
Processing control commands: reassign -1 src:isc-dhcp-client Bug #732298 [logcheck-database] logcheck-database: dhclient diag message changed; updated rule to ignore it Bug reassigned from package 'logcheck-database' to 'src:isc-dhcp-client'. Warning: Unknown package 'src:isc-dhcp-client' Warning: Unknown package 'src:isc-dhcp-client' No longer marked as found in versions logcheck/1.3.15. Warning: Unknown package 'src:isc-dhcp-client' Warning: Unknown package 'src:isc-dhcp-client' Ignoring request to alter fixed versions of bug #732298 to the same values previously set Warning: Unknown package 'src:isc-dhcp-client' retitle -1 incorporate logcheck snippets Bug #732298 [src:isc-dhcp-client] logcheck-database: dhclient diag message changed; updated rule to ignore it Warning: Unknown package 'src:isc-dhcp-client' Changed Bug title to 'incorporate logcheck snippets' from 'logcheck-database: dhclient diag message changed; updated rule to ignore it' Warning: Unknown package 'src:isc-dhcp-client' user debian-rele...@lists.debian.org Unknown command or malformed arguments to command. usertag -1 bsp-2014-01-gb-Monmouth Unknown command or malformed arguments to command. -- 732298: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732298 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#732771: ignore subversion message DIGEST-MD5 common mech free
Processing control commands: reassign -1 libsasl2-modules Bug #732771 [logcheck-database] ignore subversion message DIGEST-MD5 common mech free Bug reassigned from package 'logcheck-database' to 'libsasl2-modules'. No longer marked as found in versions logcheck/1.3.15. Ignoring request to alter fixed versions of bug #732771 to the same values previously set retitle -1 incorporate logcheck snippets Bug #732771 [libsasl2-modules] ignore subversion message DIGEST-MD5 common mech free Changed Bug title to 'incorporate logcheck snippets' from 'ignore subversion message DIGEST-MD5 common mech free' -- 732771: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732771 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#580260: marked as done (logcheck-database: dkim-filter needs tweak)
Your message dated Mon, 27 Jan 2014 18:15:59 + with message-id 52e6a25f.2010...@tiger-computing.co.uk and subject line Re: logcheck-database: dkim-filter needs tweak has caused the Debian Bug report #580260, regarding logcheck-database: dkim-filter needs tweak to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 580260: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=580260 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck-database Version: 1.3.8 11 hex digits, and no diff -ur logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter --- logcheck-1.3.8.orig/rulefiles/linux/ignore.d.server/dkim-filter 2008-05-22 04:20:58.0 -0400 +++ logcheck-1.3.8/rulefiles/linux/ignore.d.server/dkim-filter 2010-05-04 16:32:31.0 -0400 @@ -1,2 +1,2 @@ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dkim-filter\[[[:digit:]]+\]: [[:xdigit:]]{10} SSL error:04077068:rsa routines:RSA_verify:bad signature$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dkim-filter\[[[:digit:]]+\]: [[:xdigit:]]{10}: bad signature data$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dkim-filter\[[[:digit:]]+\]: [[:xdigit:]]{11} SSL error:04077068:rsa routines:RSA_verify:bad signature$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dkim-filter\[[[:digit:]]+\]: [[:xdigit:]]{11}: (no|bad) signature data$ ---End Message--- ---BeginMessage--- Package src:dkim-milter (which produced dkim-filter) is no longer in the archive, so the rules are no longer required. They will be removed in a future update to logcheck. Best regards, Chris -- Chris Boot Tiger Computing Ltd Linux for Business Tel: 01600 483 484 Web: http://www.tiger-computing.co.uk Follow us on Facebook: http://www.facebook.com/TigerComputing Registered in England. Company number: 3389961 Registered address: Wyastone Business Park, Wyastone Leys, Monmouth, NP25 3SR---End Message--- ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#653444: marked as done (Some rules in ignore.d.server/smartd lacks optinal [SAT] mark)
Your message dated Sun, 26 Jan 2014 19:03:37 + with message-id e1w7uzz-00022w...@franck.debian.org and subject line Bug#653444: fixed in logcheck 1.3.16 has caused the Debian Bug report #653444, regarding Some rules in ignore.d.server/smartd lacks optinal [SAT] mark to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 653444: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653444 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck-database Version: 1.3.13 Tags: patch Fixed ones: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Device: /dev/[^[:space:]]+( \[[_/[:alnum:][:space:]]+\])?( \[SAT\])?, SMART (Prefailure|Usage) Attribute: [[:digit:]]+ [_[:alnum:]]+ changed from [[:digit:]]+( \[Raw [[:digit:]]+\])? to [[:digit:]]+( \[Raw [[:digit:]]+\])?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Device: /dev/[^[:space:]]+( \[[_/[:alnum:][:space:]]+\])?( \[SAT\])?, starting scheduled (Offline Immediate |(Long|Short) Self-)Test\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ smartd\[[[:digit:]]+\]: Device: /dev/[^[:space:]]+( \[[_/[:alnum:][:space:]]+\])?( \[SAT\])?, previous self-test completed without error$ Example entires from syslog: Dec 28 08:36:22 censored smartd[10775]: Device: /dev/sda [megaraid_disk_00] [SAT], SMART Usage Attribute: 194 Temperature_Celsius changed from 206 to 200 Dec 28 01:06:22 censored smartd[10775]: Device: /dev/sda [megaraid_disk_00] [SAT], starting scheduled Short Self-Test. Dec 28 01:36:22 censored smartd[10775]: Device: /dev/sda [megaraid_disk_00] [SAT], previous self-test completed without error Dec 28 02:36:22 censored smartd[10775]: Device: /dev/sda [megaraid_disk_01] [SAT], SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 100 to 99 ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.16 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 653...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 26 Jan 2014 17:43:32 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.16 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read (deprecated) Closes: 645588 653444 706085 717247 722312 Changes: logcheck (1.3.16) unstable; urgency=low . * ignore.d.server/ssh: - updated subsystem request for sftp rule (closes: #706085) * debian/control: - removed obsolete DM-Upload-Allowed field - build-depend on debhelper (= 9) - bumped to Standards-Version 3.9.5 (no changes necessary) * ignore.d.server/smartd: - allow additional '[SAT]' field after controller pattern (closes: #653444) * ignore.d.server/exim4: - removed 'gluck.debian.org' specific rule (closes: #722312) * debian/logcheck-database.postinst, debian/logcheck.postinst: - applied patches by Loïc Minier (closes: #645588): - add logcheck alias on install not on upgrade - use [ -z ... ] rather than [ ! -n ... ] - fix indentation and whitespaces in postinsts - merge two tests into a single lt-nl comparison * ignore.d.server/cron-apt: - allow '-o quiet=1' in dist-upgrade rule (closes: #717247) * debian/logcheck-database.maintscript: added debian/logcheck-database.preinst: removed - use dpkg-maintscript-helper to remove obsolete config files - dropped handling of config files removed before squeeze release * ignore.d.server/puppetd: removed - rules are part of puppet-common package Checksums-Sha1: 67fd6f01c426ca62c2d132da32916cdd298f319d 1828
[Logcheck-devel] Bug#645588: marked as done (Shouldn't recreate alias on upgrades)
Your message dated Sun, 26 Jan 2014 19:03:37 + with message-id e1w7uzz-00022o...@franck.debian.org and subject line Bug#645588: fixed in logcheck 1.3.16 has caused the Debian Bug report #645588, regarding Shouldn't recreate alias on upgrades to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 645588: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=645588 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.3.14 Severity: normal Tags: patch Hi I don't want the logcheck email alias because I configure logcheck to send email to a different address, but it keeps getting re-added on upgrades. I've prepared a patch to only add the alias on install, not on upgrades, but I've noticed some small issues with the rest of the postinst (tests which could be simplified and tabs with different size expectations depending on the code block you're looking at), so I'm attaching a series of patches on top of current git to fix these. Thanks, -- Loïc Minier From 0bb0adbaa4e2a84ad16b1871efa729cfd90eff2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Minier?= l...@debian.org Date: Mon, 17 Oct 2011 09:22:36 +0200 Subject: [PATCH 1/4] Add logcheck alias on install not on upgrade --- debian/logcheck.postinst | 14 -- 1 files changed, 8 insertions(+), 6 deletions(-) diff --git a/debian/logcheck.postinst b/debian/logcheck.postinst index 849ad98..7032323 100644 --- a/debian/logcheck.postinst +++ b/debian/logcheck.postinst @@ -47,13 +47,15 @@ case $1 in adduser --quiet logcheck adm || true fi - # add logcheck to /etc/aliases - if [ -f /etc/aliases ] || [ -L /etc/aliases ]; then -if ! grep -qi ^logcheck[[:space:]]*: /etc/aliases; then - echo logcheck: root /etc/aliases - test -x $(command -v newaliases) newaliases || : + # add logcheck to /etc/aliases on install; not on upgrade + if [ -z $2 ]; then +if [ -f /etc/aliases ] || [ -L /etc/aliases ]; then + if ! grep -qi ^logcheck[[:space:]]*: /etc/aliases; then +echo logcheck: root /etc/aliases +test -x $(command -v newaliases) newaliases || : + fi fi - fi + fi # give logcheck system user a real name unless it has one. if [ -z $(getent passwd logcheck | cut -d: -f5) ]; then -- 1.7.5.4 From d2e57486d3197297388494ed210e90b68d8fe23b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Minier?= l...@debian.org Date: Mon, 17 Oct 2011 09:23:15 +0200 Subject: [PATCH 2/4] Use [ -z ... ] rather than [ ! -n ... ] --- debian/logcheck.postinst |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/debian/logcheck.postinst b/debian/logcheck.postinst index 7032323..d3dfbfc 100644 --- a/debian/logcheck.postinst +++ b/debian/logcheck.postinst @@ -63,7 +63,7 @@ case $1 in fi # Add logcheck mail header on install -if [ ! -n $2 ] [ ! -f /etc/logcheck/header.txt ]; then +if [ -z $2 ] [ ! -f /etc/logcheck/header.txt ]; then cp -p /usr/share/logcheck/header.txt /etc/logcheck fi @@ -72,7 +72,7 @@ case $1 in chgrp -R logcheck /etc/logcheck || true # Set Permissions on install, not upgrade - if [ ! -n $2 ]; then + if [ -z $2 ]; then chmod 2750 /etc/logcheck/ignore.d.paranoid || true chmod 2750 /etc/logcheck/ignore.d.workstation || true chmod 2750 /etc/logcheck/ignore.d.server || true -- 1.7.5.4 From 11a96a81ec8bade1d4855495611452552cdfbe67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Minier?= l...@debian.org Date: Mon, 17 Oct 2011 09:28:49 +0200 Subject: [PATCH 3/4] Fix indentation and whitespaces in postinsts Also, call : in empty case statements. --- debian/logcheck-database.postinst | 60 debian/logcheck.postinst | 138 ++-- 2 files changed, 99 insertions(+), 99 deletions(-) diff --git a/debian/logcheck-database.postinst b/debian/logcheck-database.postinst index 4ff4888..c8f5337 100644 --- a/debian/logcheck-database.postinst +++ b/debian/logcheck-database.postinst @@ -29,39 +29,39 @@ set -e confdir=/etc/logcheck case $1 in -configure) - # Remove old sarge mv logcheck-data configfiles if unchanged - if [ -n $2 ] dpkg --compare-versions $2 lt 1.2.48; then - proftpd_sum=$(sha1sum '/etc/logcheck/ignore.d.paranoid/proftpd' 2/dev/null \ - | awk '{print $1}') - imap_sum=$(sha1sum '/etc/logcheck/ignore.d.paranoid/imap' 2/dev/null \ - | awk '{print $1}') - anacron_sum=$(sha1sum '/etc/logcheck/ignore.d.workstation/anacron' 2/dev/null \ - | awk '{print $1
[Logcheck-devel] Bug#722312: marked as done (exim4 rulefile contains match for gluck.debian.org)
Your message dated Sun, 26 Jan 2014 19:03:37 + with message-id e1w7uzz-00023i...@franck.debian.org and subject line Bug#722312: fixed in logcheck 1.3.16 has caused the Debian Bug report #722312, regarding exim4 rulefile contains match for gluck.debian.org to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 722312: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722312 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck-database Version: 1.3.15 Severity: minor Hi, The final line of rulefiles/linux/ignore.d.server/exim4 contains a rule matching only on gluck.debian.org. That seems maybe too specific for a general purpose package and may also be obsolete. ^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ SMTP error from remote mailer after initial connection: host [._[:alnum:]-]+ \[[.0-9]{7,15}\]: 421 gluck.debian.org: Too many concurrent SMTP connections; please try again later\.$ Cheers, Thijs -- System Information: Debian Release: 7.1 APT prefers stable APT policy: (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.16 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 722...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 26 Jan 2014 17:43:32 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.16 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read (deprecated) Closes: 645588 653444 706085 717247 722312 Changes: logcheck (1.3.16) unstable; urgency=low . * ignore.d.server/ssh: - updated subsystem request for sftp rule (closes: #706085) * debian/control: - removed obsolete DM-Upload-Allowed field - build-depend on debhelper (= 9) - bumped to Standards-Version 3.9.5 (no changes necessary) * ignore.d.server/smartd: - allow additional '[SAT]' field after controller pattern (closes: #653444) * ignore.d.server/exim4: - removed 'gluck.debian.org' specific rule (closes: #722312) * debian/logcheck-database.postinst, debian/logcheck.postinst: - applied patches by Loïc Minier (closes: #645588): - add logcheck alias on install not on upgrade - use [ -z ... ] rather than [ ! -n ... ] - fix indentation and whitespaces in postinsts - merge two tests into a single lt-nl comparison * ignore.d.server/cron-apt: - allow '-o quiet=1' in dist-upgrade rule (closes: #717247) * debian/logcheck-database.maintscript: added debian/logcheck-database.preinst: removed - use dpkg-maintscript-helper to remove obsolete config files - dropped handling of config files removed before squeeze release * ignore.d.server/puppetd: removed - rules are part of puppet-common package Checksums-Sha1: 67fd6f01c426ca62c2d132da32916cdd298f319d 1828 logcheck_1.3.16.dsc 27892a6abf3822d285efbb26f935d80762134679 131832 logcheck_1.3.16.tar.xz dcb358c06b51a54aa8a2b896a3fa1beee6b875ba 75992 logcheck_1.3.16_all.deb aa6c1d5714732236dfd8ad3988a9a7248b54dd16 111388 logcheck-database_1.3.16_all.deb e93b57bbc066224c73191b223c55d0fad330c047 61052 logtail_1.3.16_all.deb Checksums-Sha256: ed6f07c5e86b2beb8ca3cec7c3ebfe40d3539697d639035dad452bb1df08ab2a 1828 logcheck_1.3.16.dsc 3eea6f4d25b5cba59d30b8edd35e392389b8e4966d0aceac11c220e98426b8e6 131832 logcheck_1.3.16.tar.xz
[Logcheck-devel] Bug#717247: marked as done (cron-apt: addition of -o quiet does not match logcheck rules)
Your message dated Sun, 26 Jan 2014 19:03:37 + with message-id e1w7uzz-00023c...@franck.debian.org and subject line Bug#717247: fixed in logcheck 1.3.16 has caused the Debian Bug report #717247, regarding cron-apt: addition of -o quiet does not match logcheck rules to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 717247: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717247 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: cron-apt Version: 0.9.1 Severity: normal Tags: patch cron-apt apparently now uses -o quiet=1, but the logcheck rule was not updated to match. the following adjustment is needed: --- a/logcheck/ignore.d.server/cron-apt 2012-06-30 10:52:33.0 -0400 +++ b/logcheck/ignore.d.server/cron-apt 2013-07-18 06:51:02.0 -0400 @@ -5,6 +5,6 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT ACTION: (0-update|3-download)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT LINE: (/usr/bin/apt-get )?autoclean -y$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT LINE: (/usr/bin/apt-get )?dist-upgrade -d -y -o APT::Get::Show-Upgraded=true$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT LINE: (/usr/bin/apt-get )?-o quiet=1 dist-upgrade -d -y -o APT::Get::Show-Upgraded=true$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT LINE: (/usr/bin/apt-get )?update -o quiet=2$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT RUN \[[-[:alnum:]/]+\]: \w{3} \w{3} [ [:digit:]]+ [:[:digit:]]{8} \w{3,4} [[:digit:]]{4}$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: CRON-APT SLEEP: [[:digit:]]+, \w{3} \w{3} [ [:digit:]]+ [:[:digit:]]{8} \w{3,4} [[:digit:]]{4}$ Regards, --dkg -- System Information: Debian Release: 7.1 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages cron-apt depends on: ii apt 0.9.7.9 Versions of packages cron-apt recommends: ii bsd-mailx [mailx] 8.1.2-0.2006cvs-1 ii cron 3.0pl1-124 ii liblockfile1 1.09-5 cron-apt suggests no packages. -- no debconf information ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.16 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 717...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sun, 26 Jan 2014 17:43:32 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.16 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read (deprecated) Closes: 645588 653444 706085 717247 722312 Changes: logcheck (1.3.16) unstable; urgency=low . * ignore.d.server/ssh: - updated subsystem request for sftp rule (closes: #706085) * debian/control: - removed obsolete DM-Upload-Allowed field - build-depend on debhelper (= 9) - bumped to Standards-Version 3.9.5 (no changes necessary) * ignore.d.server/smartd: - allow additional '[SAT]' field after controller pattern (closes: #653444) * ignore.d.server/exim4: - removed 'gluck.debian.org' specific rule (closes: #722312) * debian/logcheck-database.postinst, debian/logcheck.postinst: - applied patches by Loïc Minier (closes: #645588): - add logcheck alias on install not on upgrade - use [ -z ... ] rather than [ ! -n ... ] - fix indentation and whitespaces in postinsts - merge two
[Logcheck-devel] Bug#590682: marked as done ([logcheck-database] rules for puppetd)
Your message dated Wed, 25 Dec 2013 11:37:15 +0100 with message-id 20131225103713.ga18...@carbon.vonhaugwitz.com and subject line Re: Bug#590682: [logcheck-database] rules for puppetd has caused the Debian Bug report #590682, regarding [logcheck-database] rules for puppetd to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 590682: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590682 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck-database Severity: wishlist Tags: patch Hi, some more rules for puppetd: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Caching configuration at [\/._[:alnum:]-]+$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Calling puppetmaster.getconfig$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Caught (TERM|INT); shutting down$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: \(/File\[/var/lib/puppet/lib\]/checksum\) checksum changed '{mtime}\w{3} \w{3} [ :0-9]{11} \+[ 0-9]{9}' to '{mtime}\w{3} \w{3} [ :0-9]{11} \+[ 0-9]{9}'$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Finished catalog run in [.0-9]+ seconds$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Finished configuration run in [.0-9]+ seconds$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: getting config$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Ignoring cache$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Ignoring --listen on onetime run$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Loaded state in [.0-9]+ seconds$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Loading fact .*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Other end went away; restarting connection and retrying$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Restarting with .*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Retrieved configuration in [.0-9]+ seconds$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Retrieving plugins$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Shutting down$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Starting catalog run$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Starting configuration run$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ puppetd\[[0-9]+\]: Starting Puppet client version [.0-9]+$ Hendrik -- Hendrik Jaeger Linux Systemadministrator Init Seven AG Elias-Canetti-Strasse 7 CH-8050 Zürich phone: +41 44 315 44 00 fax: +41 44 315 44 01 http://www.init7.net/ signature.asc Description: PGP signature ---End Message--- ---BeginMessage--- On Wed, Jul 28, 2010 at 02:23:42PM +0200, Hendrik Jaeger wrote: some more rules for puppetd: The rules for puppet are included in the puppet-common binary package and maintained in the puppet source package. Most of your rules are already included in the puppet-common rules file, hence I close this bug report now. If there are still missing rules, please fill a new bug report against the puppet-common package. Best regards Hannes---End Message--- ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: your mail
Processing commands for cont...@bugs.debian.org: reassign 732655 logcheck Bug #732655 [dnsmasq] dnsmasq: logcheck doesnt match on eth1.2 style interfaces Bug reassigned from package 'dnsmasq' to 'logcheck'. No longer marked as found in versions dnsmasq/2.68-1. Ignoring request to alter fixed versions of bug #732655 to the same values previously set End of message, stopping processing here. Please contact me if you need assistance. -- 732655: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732655 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 722312
Processing commands for cont...@bugs.debian.org: #fixed in 0c5e0a0 tags 722312 + pending Bug #722312 [logcheck-database] exim4 rulefile contains match for gluck.debian.org Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 722312: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=722312 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 653444
Processing commands for cont...@bugs.debian.org: #fixed in 83ac233 tags 653444 + pending Bug #653444 [logcheck-database] Some rules in ignore.d.server/smartd lacks optinal [SAT] mark Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 653444: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=653444 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassign 717247 to logcheck-database
Processing commands for cont...@bugs.debian.org: reassign 717247 logcheck-database 1.3.15 Bug #717247 [cron-apt] cron-apt: addition of -o quiet does not match logcheck rules Bug reassigned from package 'cron-apt' to 'logcheck-database'. No longer marked as found in versions cron-apt/0.9.1. Ignoring request to alter fixed versions of bug #717247 to the same values previously set Bug #717247 [logcheck-database] cron-apt: addition of -o quiet does not match logcheck rules Marked as found in versions logcheck/1.3.15. thanks Stopping processing here. Please contact me if you need assistance. -- 717247: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717247 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#712941: logcheck-database: logcheck triggers a fatal error in egrep
Processing commands for cont...@bugs.debian.org: tags 712941 unreproducible moreinfo Bug #712941 [logcheck-database] logcheck-database: logcheck triggers a fatal error in egrep Added tag(s) unreproducible and moreinfo. thanks Stopping processing here. Please contact me if you need assistance. -- 712941: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712941 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassign 712785 to logcheck-database
Processing commands for cont...@bugs.debian.org: reassign 712785 logcheck-database 1.3.15 Bug #712785 [logcheck] logcheck: SSH subsystem request rule incomplete Bug reassigned from package 'logcheck' to 'logcheck-database'. No longer marked as found in versions logcheck/1.3.15. Ignoring request to alter fixed versions of bug #712785 to the same values previously set Bug #712785 [logcheck-database] logcheck: SSH subsystem request rule incomplete Marked as found in versions logcheck/1.3.15. thanks Stopping processing here. Please contact me if you need assistance. -- 712785: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712785 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: change e-mail address in Debian bugs
Processing commands for cont...@bugs.debian.org: submitter 695075 ! Bug #695075 [logcheck-database] logcheck-database: new filter rules for nfs (for Wheezy) Changed Bug submitter to 'Paul Muster p...@muster.net' from 'Paul Muster p...@muster.dyndns.info' submitter 702116 ! Bug #702116 [exim4-daemon-heavy] exim4-daemon-heavy: resolv.conf not respected when connecting to LDAP server Changed Bug submitter to 'Paul Muster p...@muster.net' from 'Paul Muster p...@muster.dyndns.info' submitter 687990 ! Bug #687990 [logcheck-database] logcheck-database: bind: updating zone...PTR and signer...approved Changed Bug submitter to 'Paul Muster p...@muster.net' from 'Paul Muster p...@muster.dyndns.info' submitter 698531 ! Bug #698531 [src:linux] xhci_hcd fails to set up USB devices on NEC uPD720200 Changed Bug submitter to 'Paul Muster p...@muster.net' from 'Paul Muster p...@muster.dyndns.info' submitter 688048 ! Bug #688048 [bind9] Subject: bind9: logs different for adding and deleting RR Changed Bug submitter to 'Paul Muster p...@muster.net' from 'Paul Muster p...@muster.dyndns.info' thanks Stopping processing here. Please contact me if you need assistance. -- 687990: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=687990 688048: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688048 695075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695075 698531: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698531 702116: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702116 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: change e-mail address in Debian bugs
Processing commands for cont...@bugs.debian.org: submitter 688339 ! Bug #688339 [logcheck-database] logcheck-database: dhcp: match IPv6-aware records, too Changed Bug submitter to 'Paul Muster p...@muster.net' from 'Paul Muster p...@muster.dyndns.info' thanks Stopping processing here. Please contact me if you need assistance. -- 688339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688339 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 706085
Processing commands for cont...@bugs.debian.org: #fixed in bfa2699 tags 706085 + pending Bug #706085 [logcheck-database] logcheck-database: update ssh rules for new subsystem request for sftp messages Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 706085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706085 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#656314: marked as done (logcheck.logfiles * pattern does not work)
Your message dated Sat, 4 May 2013 07:53:33 +0200 with message-id 20130504055333.ga22...@carbon.vonhaugwitz.com and subject line Re: Bug#656314: Debian Bug report logs - #656314, logcheck.logfiles * pattern does not work has caused the Debian Bug report #656314, regarding logcheck.logfiles * pattern does not work to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 656314: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656314 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.3.13 Severity: important Lenny, /usr/sbin/logcheck: if [ ! $LOGFILE ] [ -r $LOGFILES_LIST ]; then for file in $(egrep --text -v (^#|^[[:space:]]*$) $LOGFILES_LIST); do logoutput $file done Squeeze, /usr/sbin/logcheck: if [ ! $LOGFILE ] [ -r $LOGFILES_LIST ]; then egrep --text -v (^#|^[[:space:]]*$) $LOGFILES_LIST | while read file; do logoutput $file done Therefore does not work the * pattern in /etc/logcheck/logcheck.logfiles: /var/log/MACHINE/*/syslog -- System Information: Debian Release: 6.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=hu_HU.utf8, LC_CTYPE=hu_HU.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages logcheck depends on: ii adduser 3.112+nmu2 add and remove users and groups ii cron3.0pl1-116 process scheduling daemon ii lockfile-progs 0.1.15 Programs for locking and unlocking ii logtail 1.3.13 Print log file lines that have not ii mime-construct 1.11 construct/send MIME messages from ii postfix [mail-transport 2.7.1-1+squeeze1 High-performance mail transport ag ii syslog-ng [system-log-d 3.1.3-3 Next generation logging daemon Versions of packages logcheck recommends: ii logcheck-database 1.3.13 database of system log rules for t Versions of packages logcheck suggests: pn syslog-summarynone (no description available) -- Configuration Files: /etc/logcheck/logcheck.conf [Errno 13] Engedély megtagadva: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Engedély megtagadva: u'/etc/logcheck/logcheck.logfiles' -- no debconf information ---End Message--- ---BeginMessage--- Version: 1.3.14 On Thu, Aug 02, 2012 at 07:00:07PM -0700, Kevin Ross wrote: I believe this is fixed in 1.3.14. Yes, it is. So I close this bug as fixed in 1.3.14. Best regards Hannes---End Message--- ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#688339: Acknowledgement (logcheck-database: dhcp: match IPv6-aware records, too)
Processing commands for cont...@bugs.debian.org: reassign 688339 logcheck-database 1.3.15 Bug #688339 [logcheck] logcheck-database: dhcp: match IPv6-aware records, too Bug reassigned from package 'logcheck' to 'logcheck-database'. No longer marked as found in versions logcheck/1.3.13. Ignoring request to alter fixed versions of bug #688339 to the same values previously set Bug #688339 [logcheck-database] logcheck-database: dhcp: match IPv6-aware records, too Marked as found in versions logcheck/1.3.15. thanks Stopping processing here. Please contact me if you need assistance. -- 688339: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=688339 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#652148: marked as done (Please add rules for dropbear)
Your message dated Sat, 30 Jun 2012 16:38:37 + with message-id e1sl0gv-su...@franck.debian.org and subject line Bug#652148: fixed in logcheck 1.3.15 has caused the Debian Bug report #652148, regarding Please add rules for dropbear to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 652148: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652148 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.2.69 dropbear is a lightweight ssh server which can be installed in place of openssh-server. Log entries for dropbear are not currently filtered by logcheck resulting in a System Events email for each and every ssh login as below: This email is sent by logcheck. If you no longer wish to receive such mails, you can either deinstall the logcheck package or modify its configuration file (/etc/logcheck/logcheck.conf). System Events =-=-=-=-=-=-= Dec 15 07:48:24 captain dropbear[20011]: Child connection from :::82.125.214.201:55874 Dec 15 07:48:27 captain dropbear[20011]: pubkey auth succeeded for 'user' with key md5 68:07:18:0a:d8:4a:8b:61:2d:a6:15:94:1e:cb:b9:85 from +:::82.125.214.201:55874 Dec 15 07:49:32 captain dropbear[20011]: exit after auth (user): Exited normally The above is from an install of logcheck 1.2.69 and dropbear 0.51-1 on an installation of lenny. I have looked at the package files in wheezy for logcheck (1.3.14) and it appears dropbear remains unaccounted for (although note that dropbear is now at 0.52). I have not yet attempted to create a ruleset to filter the above however if a fix is proposed then I will happily test it. Thanks. ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.15 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.15_all.deb to main/l/logcheck/logcheck-database_1.3.15_all.deb logcheck_1.3.15.dsc to main/l/logcheck/logcheck_1.3.15.dsc logcheck_1.3.15.tar.gz to main/l/logcheck/logcheck_1.3.15.tar.gz logcheck_1.3.15_all.deb to main/l/logcheck/logcheck_1.3.15_all.deb logtail_1.3.15_all.deb to main/l/logcheck/logtail_1.3.15_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 652...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Sat, 30 Jun 2012 16:24:49 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.15 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read (deprecated) Closes: 647622 647943 652148 Changes: logcheck (1.3.15) unstable; urgency=low . [ Hannes von Haugwitz ] * ignore.d.server/dropbear: new - ignore successful logins (closes: #652148) * src/logcheck: - fixed broken '-t' option, thanks to Jon Daley (closes: #647622, LP: #1010431) * debian/control: - bumped to Standards-Version 3.9.3 (no changes necessary) - adjusted URLs of Vcs-* fields * debian/copyright: - updated copyright year to 2012 . [ Frédéric Brière ] * ignore.d.server/postfix: - ignore offered null AUTH mechanism list - ignore lost connection while receiving the initial server greeting - fixed lost connection while sending end of data rule * ignore.d.server/proftpd: - ignore authentication failure even if ruser is provided * ignore.d.server/ssh: - ignore PAM $n more authentication failures - ignore Too many authentication failures - ignore Closed due to user request. (closes: #647943) - ignore Bye Bye - ignore Connection closed - ignore yet one more variation of invalid user - updated Postponed ... rule with [preauth] suffix - updated Postponed
[Logcheck-devel] Bug#661912: marked as done (logcheck: files with period in ignore rule dirs ignored)
Your message dated Fri, 9 Mar 2012 13:21:21 +0100 with message-id 20120309122121.ga7...@anguilla.debian.or.at and subject line Re: Bug#661912: logcheck: files with period in ignore rule dirs ignored has caused the Debian Bug report #661912, regarding logcheck: files with period in ignore rule dirs ignored to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 661912: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661912 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.3.14 Severity: normal I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run. Renaming it to local-rules got the file used during the next run. Fix: periods should be allowed in filenames, or the fact that they are forbidden expressly documented inteh logcheck README. Thanks Nils -- System Information: Debian Release: wheezy/sid APT prefers oneiric-updates APT policy: (500, 'oneiric-updates'), (500, 'oneiric-security'), (500, 'oneiric'), (100, 'oneiric-backports') Architecture: amd64 (x86_64) Kernel: Linux 3.0.0-16-generic (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages logcheck depends on: ii adduser3.112+nmu1ubuntu5 add and remove users and groups ii cron 3.0pl1-116ubuntu3 process scheduling daemon ii exim4-daemon-light [ma 4.76-2ubuntu1 lightweight Exim MTA (v4) daemon ii lockfile-progs 0.1.15ubuntu1 Programs for locking and unlocking ii logtail1.3.14Print log file lines that have not ii mime-construct 1.11 construct/send MIME messages from ii rsyslog [system-log-da 5.8.1-1ubuntu2reliable system and kernel logging Versions of packages logcheck recommends: ii logcheck-database 1.3.14 database of system log rules for t Versions of packages logcheck suggests: ii syslog-summary1.14-2 summarize the contents of a syslog -- Configuration Files: /etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles' -- no debconf information ---End Message--- ---BeginMessage--- Dear nils! * nils secun...@gmail.com [2012-03-02 15:24:13 CET]: I added a local.rules file to ignore.d.server and then ran logcheck. The file was not used during the run. This is expected behavior, and documented: , README.logcheck-database | FILES WITHIN EACH DIRECTORY | === | | Each of the rules-directories can contain pattern files of the | following kinds: | | ./packagename | | The rule filename must only contain characters compatible with | run-parts(8). As of this writing, this includes alphanumeric characters, | underscore, and hyphen. ` README.logcheck-database You can find the documentation of the package below the /usr/share/doc/logcheck-database directory (as referenced by README.logcheck of the logcheck package itself under the term RULES DIRECTORIES). Thanks, Rhonda -- Fühlst du dich mutlos, fass endlich Mut, los | Fühlst du dich hilflos, geh raus und hilf, los| Wir sind Helden Fühlst du dich machtlos, geh raus und mach, los | 23.55: Alles auf Anfang Fühlst du dich haltlos, such Halt und lass los| ---End Message--- ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassign 617232 to logcheck-database, reassign 621373 to logcheck-database ...
Processing commands for cont...@bugs.debian.org: reassign 617232 logcheck-database Bug #617232 [logcheck] logcheck: ignore regexes match ipv4 addresses only, causing false positives with ipv6 addresses. Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.3.13. reassign 621373 logcheck-database Bug #621373 [logcheck] avahi-daemon rule Bug reassigned from package 'logcheck' to 'logcheck-database'. reassign 652537 logcheck-database Bug #652537 [logcheck] Please add rule for inetutils-syslogd Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.2.69. reassign 652538 logcheck-database Bug #652538 [logcheck] Please add rule for log2mail Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.2.69. reassign 608574 logcheck-database Bug #608574 [logcheck] [PATCH] updated rules for dnsmasq Bug reassigned from package 'logcheck' to 'logcheck-database'. reassign 644154 logcheck-database Bug #644154 [logcheck] Untrusted connections for opportunistic TLS Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions 1.3.14. reassign 554828 logcheck-database Bug #554828 [logcheck] logcheck: Please include rules for amd (automount daemon from am-utils package) Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.3.3. reassign 592365 logcheck-database Bug #592365 [logcheck] logcheck: ignore rules for transmission-daemon Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.3.10. reassign 632825 logcheck-database Bug #632825 [logcheck] logcheck: New ignore rule for arpwatch Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.3.13. reassign 644583 logcheck-database Bug #644583 [logcheck] postfix smtpd_client_port_logging and smtpd_tls_wrappermode errors Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.3.14. reassign 652148 logcheck-database Bug #652148 [logcheck] Please add rules for dropbear Bug reassigned from package 'logcheck' to 'logcheck-database'. Bug No longer marked as found in versions logcheck/1.2.69. thanks Stopping processing here. Please contact me if you need assistance. -- 652148: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652148 632825: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632825 644154: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644154 554828: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554828 617232: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617232 652538: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652538 644583: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=644583 592365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592365 621373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621373 652537: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652537 608574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608574 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#652148: Please add rules for dropbear
Processing commands for cont...@bugs.debian.org: # fixed in 20a68db tags 652148 + pending Bug #652148 [logcheck] Please add rules for dropbear Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 652148: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=652148 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#648146: ignore.d.server/ssh is too aggressive
Processing commands for cont...@bugs.debian.org: reassign 648146 logcheck-database 1.3.13 Bug #648146 [logcheck-database-1.3.13] ignore.d.server/ssh is too aggressive Warning: Unknown package 'logcheck-database-1.3.13' Bug reassigned from package 'logcheck-database-1.3.13' to 'logcheck-database'. Bug No longer marked as found in versions squeeze. Bug #648146 [logcheck-database] ignore.d.server/ssh is too aggressive Bug Marked as found in versions logcheck/1.3.13. thanks Stopping processing here. Please contact me if you need assistance. -- 648146: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=648146 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassign 642269 to bcfg2-server
Processing commands for cont...@bugs.debian.org: # ignore.d.server/bcfg2-server belongs to bcfg2-server reassign 642269 bcfg2-server Bug #642269 [logcheck-database] logcheck-database: bcfg2-server regular expression correction Bug reassigned from package 'logcheck-database' to 'bcfg2-server'. Bug No longer marked as found in versions 1.3.13. thanks Stopping processing here. Please contact me if you need assistance. -- 642269: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642269 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#618411: marked as done (logcheck-database: Fails to filter messages from pam-gkr at workstation level)
Your message dated Thu, 08 Sep 2011 14:48:50 + with message-id e1r1fum-0008rb...@franck.debian.org and subject line Bug#618411: fixed in logcheck 1.3.14 has caused the Debian Bug report #618411, regarding logcheck-database: Fails to filter messages from pam-gkr at workstation level to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 618411: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618411 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch The rule in /etc/logcheck/ignore.d.workstation/libpam-gnome-keyring to ignore messages like: Mar 9 17:29:48 kaylee gnome-screensaver-dialog: gkr-pam: unlocked login keyring which show up when you unlock the screen from a screen saver, is ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ gnome-screensaver-dialog: gkr-pam: unlocked 'login' keyring$ The correct rule excludes the quotes ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ gnome-screensaver-dialog: gkr-pam: unlocked login keyring$ -- System Information: Debian Release: 6.0.1 APT prefers squeeze-updates APT policy: (500, 'squeeze-updates'), (500, 'proposed-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Configuration Files: /etc/logcheck/cracking.d/kernel [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/kernel' /etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/rlogind' /etc/logcheck/cracking.d/rsh [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/rsh' /etc/logcheck/cracking.d/smartd [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/smartd' /etc/logcheck/cracking.d/tftpd [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/tftpd' /etc/logcheck/cracking.d/uucico [Errno 13] Permission denied: u'/etc/logcheck/cracking.d/uucico' /etc/logcheck/ignore.d.paranoid/bind [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/bind' /etc/logcheck/ignore.d.paranoid/cron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/cron' /etc/logcheck/ignore.d.paranoid/incron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/incron' /etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/logcheck' /etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/postfix' /etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/ppp' /etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/pureftp' /etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/qpopper' /etc/logcheck/ignore.d.paranoid/squid [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/squid' /etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/ssh' /etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/stunnel' /etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/sysklogd' /etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/telnetd' /etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/tripwire' /etc/logcheck/ignore.d.paranoid/usb [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.paranoid/usb' /etc/logcheck/ignore.d.server/acpid [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/acpid' /etc/logcheck/ignore.d.server/amandad [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/amandad' /etc/logcheck/ignore.d.server/amavisd-new [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/amavisd-new' /etc/logcheck/ignore.d.server/anacron [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/anacron' /etc/logcheck/ignore.d.server/anon-proxy [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/anon-proxy' /etc/logcheck/ignore.d.server/apache [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/apache' /etc/logcheck/ignore.d.server/apcupsd [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/apcupsd' /etc/logcheck/ignore.d.server/arpwatch [Errno 13] Permission denied: u'/etc/logcheck/ignore.d.server/arpwatch' /etc/logcheck/ignore.d.server/asterisk [Errno 13] Permission
[Logcheck-devel] Bug#637923: marked as done (Tweak to ssh rules to ignore AllowGroups denial)
Your message dated Thu, 08 Sep 2011 14:48:50 + with message-id e1r1fum-0008sa...@franck.debian.org and subject line Bug#637923: fixed in logcheck 1.3.14 has caused the Debian Bug report #637923, regarding Tweak to ssh rules to ignore AllowGroups denial to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 637923: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637923 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Subject: logcheck-database: Tweak to ssh rules to ignore AllowGroups denial Package: logcheck-database Version: 1.3.13 Severity: minor *** Please type your report below this line *** Similar to how AllowUsers denials are ignored, also ignore AllowGroups: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of user's groups are listed in AllowGroups$ -- System Information: Debian Release: 6.0.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash -- Configuration Files: -- no debconf information -- Gerald Turner Email: gtur...@unzane.com JID: gtur...@unzane.com GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5 --- ssh.orig 2010-08-10 12:48:59.0 -0700 +++ ssh 2011-08-15 12:18:25.531415667 -0700 @@ -16,6 +16,7 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [:[:xdigit:].]+: [[:digit:]]+: Disconnect requested by Windows SSH Client\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Server listening on [:[:xdigit:].]+ port [[:digit:]]+\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because (listed in Deny|not listed in Allow)Users$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: User [-_.[:alnum:]]+ from [-_.[:alnum:]]+ not allowed because none of user's groups are listed in AllowGroups$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_[[:alnum:]]+\) session opened for user [^[:space:]]+( by ([[:alnum:]-]+)?\(uid=[[:digit:]]+\))?$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) auth could not identify password for \[[-_.[:alnum:]]*\]$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: \(pam_unix\) check pass; user unknown$ pgprsLoZsdlfx.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.14 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.14_all.deb to main/l/logcheck/logcheck-database_1.3.14_all.deb logcheck_1.3.14.dsc to main/l/logcheck/logcheck_1.3.14.dsc logcheck_1.3.14.tar.gz to main/l/logcheck/logcheck_1.3.14.tar.gz logcheck_1.3.14_all.deb to main/l/logcheck/logcheck_1.3.14_all.deb logtail_1.3.14_all.deb to main/l/logcheck/logtail_1.3.14_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 637...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 08 Sep 2011 15:32:22 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.14 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read (deprecated) Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030 637916 637918 637923 639839 Changes: logcheck (1.3.14) unstable; urgency=low . [ martin f. krafft ] * ignore.d.server/postfix
[Logcheck-devel] Bug#609649: marked as done (cron-apt: Insufficient logcheck patterns)
Your message dated Thu, 08 Sep 2011 14:48:49 + with message-id e1r1ful-0008rn...@franck.debian.org and subject line Bug#609649: fixed in logcheck 1.3.14 has caused the Debian Bug report #609649, regarding cron-apt: Insufficient logcheck patterns to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 609649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609649 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: cron-apt Version: 0.8.2 Severity: minor Some patterns in /etc/logcheck/ignore.d.server/cron-apt do not allow whitespace between value and unit meanwhile log entries contain it: (1804 kB, 4096 B, 14.3 MB/s etc.) A * should be added to these patterns. E.g. ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ cron-apt: Get:[[:digit:]]+ ((ht|f)tp|file)://[.[:alnum:]/_-]+ [./[:alnum:]-]+ [-[:alnum:]_+.]+ [+.:~[:alnum:]-]+ \[[.[:digit:]]+ *[kMGTPEZY]?B\]$ Gabor -- System Information: Debian Release: 6.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages cron-apt depends on: ii apt 0.8.10 Advanced front-end for dpkg Versions of packages cron-apt recommends: ii bsd-mailx [mailx] 8.1.2-0.20100314cvs-1 simple mail user agent ii cron 3.0pl1-116process scheduling daemon ii liblockfile1 1.08-4NFS-safe locking library, includes cron-apt suggests no packages. -- Configuration Files: /etc/cron-apt/config changed [not included] -- no debconf information ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.14 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.14_all.deb to main/l/logcheck/logcheck-database_1.3.14_all.deb logcheck_1.3.14.dsc to main/l/logcheck/logcheck_1.3.14.dsc logcheck_1.3.14.tar.gz to main/l/logcheck/logcheck_1.3.14.tar.gz logcheck_1.3.14_all.deb to main/l/logcheck/logcheck_1.3.14_all.deb logtail_1.3.14_all.deb to main/l/logcheck/logtail_1.3.14_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 609...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 08 Sep 2011 15:32:22 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.14 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read (deprecated) Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030 637916 637918 637923 639839 Changes: logcheck (1.3.14) unstable; urgency=low . [ martin f. krafft ] * ignore.d.server/postfix: - ignore notice about verified TLS connections. * ignore.d.server/openvpn: - broaden filters to catch more messages. . [ Hanspeter Kunz ] * ignore.d.server/dovecot: - allow for arbitrary msgids - ignore discarded vacation replies with precedence Bulk and list - ignore notice about managesieve logouts (closes: #637918) * ignore.d.server/postfix: - ignore (temporary) rejects messages when the sender domain is not found - ignore verify cache db cleanups . [ Hannes von Haugwitz ] * src/logcheck: - added numeric timezone information to subject line - re-enabled globbing of logfile names (closes: #616103) * docs/README.logcheck-database: - mention logcheck-test in 'TESTING RULES' section * ignore.d.workstation/wpasupplicant: - match 5200, 5300, 5260 and 5680 MHz in 'Trying to associate' message - allow WPA protocol in 'wpa_action: key_mgmt' message - ignore
[Logcheck-devel] Bug#611999: marked as done (amavisd-new: logcheck Passed: CLEAN|SPAM doesn't work because mail-id can contain -)
Your message dated Thu, 08 Sep 2011 14:48:50 + with message-id e1r1fum-0008sf...@franck.debian.org and subject line Bug#639839: fixed in logcheck 1.3.14 has caused the Debian Bug report #639839, regarding amavisd-new: logcheck Passed: CLEAN|SPAM doesn't work because mail-id can contain - to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 639839: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: amavisd-new Version: 1:2.6.4-3 Severity: normal Tags: squeeze As seen here: Feb 4 12:59:00 server amavis[10256]: (10256-08) Passed SPAM, [91.187.16.183] [91.187.16.183] xxx...@x.xx - xx...@.xx, quarantine: spam-7UpI76jX-2a1.gz, mail_id: 7UpI76jX-2a1, Hits: 21.685, size: 1341, queued_as: DAD2C16400FD, 4517 ms the mail_id can contain the '-' character but the logcheck rule doesn't acount for that: s/[[:space:]]*$//' /root/test | egrep '^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (CLEAN|SPAM),( LOCAL)?( \[(IPv6:)?[[[:xdigit:].:]{3,39}\]){0,2} [^]* - [^]*(,[^]*)*,( Message-ID: [^]+( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,)?( Resent-Message-ID: [^]+,)? mail_id: [-+[:alnum:]]+, Hits: ((-)?[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$ -- System Information: Debian Release: 6.0 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages amavisd-new depends on: ii adduser 3.112+nmu2 add and remove users and groups ii debconf [debconf-2.0]1.5.36.1Debian configuration management sy ii file 5.04-5 Determines file type using magic ii libarchive-zip-perl 1.30-3 Perl module for manipulation of ZI ii libberkeleydb-perl 0.42-1~squeeze1 use Berkeley DB 4 databases from P ii libcompress-raw-zlib-per 2.026-1 low-level interface to zlib compre ii libconvert-tnef-perl 0.17-9 Perl module to read TNEF files ii libconvert-uulib-perl1.12-1 Perl interface to the uulib librar pn libdigest-md5-perl none (no description available) ii libio-stringy-perl 2.110-4 Perl modules for IO from scalars a ii libmail-dkim-perl0.38-1 cryptographically identify the sen ii libmailtools-perl2.06-1 Manipulate email in perl programs pn libmime-base64-perl none (no description available) ii libmime-tools-perl 5.428-1 Perl5 modules for MIME-compliant m ii libnet-server-perl 0.97-1 An extensible, general perl server ii libunix-syslog-perl 1.1-2 Perl interface to the UNIX syslog( ii pax 1:20090728-1Portable Archive Interchange ii perl [libtime-hires-perl 5.10.1-17 Larry Wall's Practical Extraction ii perl-modules [libarchive 5.10.1-17 Core Perl modules amavisd-new recommends no packages. Versions of packages amavisd-new suggests: pn apt-listchanges none (no description available) ii arj 3.10.22-9 archiver for .arj files ii cabextract 1.3-1 a program to extract Microsoft Cab ii clamav 0.96.5+dfsg-1.1 anti-virus utility for Unix - comm ii clamav-daemon0.96.5+dfsg-1.1 anti-virus utility for Unix - scan ii cpio 2.11-4 GNU cpio -- a program to manage ar pn dspamnone (no description available) ii lha 1.14i-10.3 lzh archiver pn libauthen-sasl-perl none (no description available) ii libdbi-perl 1.612-1 Perl Database Interface (DBI) ii libmail-dkim-perl0.38-1 cryptographically identify the sen pn libnet-ldap-perl none (no description available) pn libsnmp-perl none (no description available) ii lzop 1.02~rc1-2 fast compression program ii nomarch 1.4-3 Unpacks .ARC and .ARK MS-DOS archi pn p7zipnone (no description available) pn rpm none (no description available) ii spamassassin 3.3.1-1 Perl-based spam filter using text ii unrar1:3.9.10-1 Unarchiver for .rar files
[Logcheck-devel] Bug#616616: marked as done (TLS fingerpring log message out of date)
Your message dated Thu, 08 Sep 2011 14:48:49 + with message-id e1r1ful-0008ry...@franck.debian.org and subject line Bug#616616: fixed in logcheck 1.3.14 has caused the Debian Bug report #616616, regarding TLS fingerpring log message out of date to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 616616: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616616 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch Hey I'm getting reports of log lines like: Mar 5 22:06:54 xyz postfix/smtpd[20492]: some.host.name[88.166.229.232]: Trusted: subject_CN=some.host.name, issuer=Some Signing Authority, fingerprint=12:34:56:78:90:AB:CD:EF:01:23:45:67:89:AB:CD:EF:01:23:45:67 reported; this is with postfix 2.7.0-1. Only src/tls/tls_server.c in recent Postfix versions uses fingerprint= in logs; I've looked at the source history, and the upstream log message was changed from: msg_info(fingerprint=%s, TLScontext-peer_fingerprint); to: msg_info(%s: %s: subject_CN=%s, issuer=%s, fingerprint=%s, props-namaddr, TLS_CERT_IS_TRUSTED(TLScontext) ? Trusted : Untrusted, TLScontext-peer_CN, TLScontext-issuer_CN, TLScontext-peer_fingerprint); between 2.4.6 and 2.5.1-RC1. I don't know what policy you follow for logcheck for older version of logged strings, but this seems to have happened a long time ago, hence I suggest just updating the regexp rather than keeping both versions: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: [._[:alnum:]-]+(\[[[:xdigit:].:]{3,39}\](:[[:digit:]]+)?)?: Trusted: subject_CN=.*, issuer=.*, fingerprint=([[:digit:]A-F]{2}:){15,19}[[:digit:]A-F]{2}$ For props-namaddr, I used the same snippet as for the setting up TLS connection message which uses the same var; then I added Trusted; this could also be Untrusted, but I decided this should be logged; then for subject_CN= and issuer= I wasn't too sure what to allow as this could be anything really, but I saw other places which had subject_CN=.*, issuer=.*; finally, fingerprint= can be different types of fingerprints, in my case it's SHA1 so 20 pairs of hex digits. Cheers, -- Loïc Minier ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.14 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.14_all.deb to main/l/logcheck/logcheck-database_1.3.14_all.deb logcheck_1.3.14.dsc to main/l/logcheck/logcheck_1.3.14.dsc logcheck_1.3.14.tar.gz to main/l/logcheck/logcheck_1.3.14.tar.gz logcheck_1.3.14_all.deb to main/l/logcheck/logcheck_1.3.14_all.deb logtail_1.3.14_all.deb to main/l/logcheck/logtail_1.3.14_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 616...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 08 Sep 2011 15:32:22 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.14 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read (deprecated) Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030 637916 637918 637923 639839 Changes: logcheck (1.3.14) unstable; urgency=low . [ martin f. krafft ] * ignore.d.server/postfix: - ignore notice about verified TLS connections. * ignore.d.server/openvpn: - broaden filters to catch more messages. . [ Hanspeter Kunz ] * ignore.d.server/dovecot: - allow for arbitrary msgids - ignore discarded vacation replies with precedence Bulk and list - ignore notice about managesieve
[Logcheck-devel] Bug#632471: marked as done (logcheck-database: spamd child cleanup message broken after upgrade to squeeze)
Your message dated Thu, 08 Sep 2011 14:48:50 + with message-id e1r1fum-0008rk...@franck.debian.org and subject line Bug#632471: fixed in logcheck 1.3.14 has caused the Debian Bug report #632471, regarding logcheck-database: spamd child cleanup message broken after upgrade to squeeze to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 632471: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632471 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck-database Version: 1.3.13 Severity: normal Tags: patch After upgrading to debian squeeze I get several messages a day in the form of: Jul 2 15:05:15 hostname spamd[21286]: spamd: handled cleanup of child pid [28609] due to SIGCHLD: exit 0 This is due to an update in spamd, that makes the message more detailed (includes exit code)[1]. Therefore messages including exit code 0 should be ignored as the whole message without exit code would have been ignored before. I include a patch. With my patch the new version of the ignore rule ignores the old and the new message version. [1] https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6304#c1 -- System Information: Debian Release: 6.0.2 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Kernel: Linux 2.6.36.4-vs2.3.0.36.39-netcup (SMP w/8 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -- Configuration Files: /etc/logcheck/cracking.d/kernel [Errno 13] Keine Berechtigung: u'/etc/logcheck/cracking.d/kernel' /etc/logcheck/cracking.d/rlogind [Errno 13] Keine Berechtigung: u'/etc/logcheck/cracking.d/rlogind' /etc/logcheck/cracking.d/rsh [Errno 13] Keine Berechtigung: u'/etc/logcheck/cracking.d/rsh' /etc/logcheck/cracking.d/smartd [Errno 13] Keine Berechtigung: u'/etc/logcheck/cracking.d/smartd' /etc/logcheck/cracking.d/tftpd [Errno 13] Keine Berechtigung: u'/etc/logcheck/cracking.d/tftpd' /etc/logcheck/cracking.d/uucico [Errno 13] Keine Berechtigung: u'/etc/logcheck/cracking.d/uucico' /etc/logcheck/ignore.d.paranoid/bind [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/bind' /etc/logcheck/ignore.d.paranoid/cron [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/cron' /etc/logcheck/ignore.d.paranoid/incron [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/incron' /etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/logcheck' /etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/postfix' /etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/ppp' /etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/pureftp' /etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/qpopper' /etc/logcheck/ignore.d.paranoid/squid [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/squid' /etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/ssh' /etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/stunnel' /etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/sysklogd' /etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/telnetd' /etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/tripwire' /etc/logcheck/ignore.d.paranoid/usb [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.paranoid/usb' /etc/logcheck/ignore.d.server/acpid [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/acpid' /etc/logcheck/ignore.d.server/amandad [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/amandad' /etc/logcheck/ignore.d.server/amavisd-new [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/amavisd-new' /etc/logcheck/ignore.d.server/anacron [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/anacron' /etc/logcheck/ignore.d.server/anon-proxy [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/anon-proxy' /etc/logcheck/ignore.d.server/apache [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/apache' /etc/logcheck/ignore.d.server/apcupsd [Errno 13] Keine Berechtigung: u'/etc/logcheck/ignore.d.server/apcupsd' /etc/logcheck/ignore.d.server/arpwatch [Errno 13
[Logcheck-devel] Bug#613124: marked as done (logcheck: snmpd output changed - rule needs updating)
Your message dated Thu, 08 Sep 2011 14:48:49 + with message-id e1r1ful-0008rq...@franck.debian.org and subject line Bug#613124: fixed in logcheck 1.3.14 has caused the Debian Bug report #613124, regarding logcheck: snmpd output changed - rule needs updating to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 613124: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613124 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.3.13 Severity: normal Tags: patch SNMP output has change from: Feb 12 06:30:02 server snmpd[3370]: Connection from UDP: [127.0.0.1]:35564 to: Feb 13 00:05:01 server snmpd[4922]: Connection from UDP: [127.0.0.1]:55048-[127.0.0.1] I've change the snmpd rule file to read: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from [.0-9]{7,15}$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from UDP: \[[.0-9]{7,15}\]:[0-9]{4,5}-\[[.0-9]{7,15}\]$ Which seems to have done the trick -- System Information: Debian Release: 6.0 APT prefers squeeze-updates APT policy: (500, 'squeeze-updates'), (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core) Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/bash Versions of packages logcheck depends on: ii adduser 3.112+nmu2 add and remove users and groups ii cron 3.0pl1-116 process scheduling daemon ii exim4-daemon-heavy [mail-tran 4.72-6 Exim MTA (v4) daemon with extended ii lockfile-progs0.1.15 Programs for locking and unlocking ii logtail 1.3.13 Print log file lines that have not ii mime-construct1.11 construct/send MIME messages from ii syslog-ng [system-log-daemon] 3.1.3-3Next generation logging daemon Versions of packages logcheck recommends: ii logcheck-database 1.3.13 database of system log rules for t Versions of packages logcheck suggests: ii syslog-summary1.14-2 summarize the contents of a syslog -- Configuration Files: /etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles' -- debconf information: logcheck/changes: * logcheck/install-note: ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.14 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.14_all.deb to main/l/logcheck/logcheck-database_1.3.14_all.deb logcheck_1.3.14.dsc to main/l/logcheck/logcheck_1.3.14.dsc logcheck_1.3.14.tar.gz to main/l/logcheck/logcheck_1.3.14.tar.gz logcheck_1.3.14_all.deb to main/l/logcheck/logcheck_1.3.14_all.deb logtail_1.3.14_all.deb to main/l/logcheck/logtail_1.3.14_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 613...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 08 Sep 2011 15:32:22 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.14 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read (deprecated) Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030 637916 637918 637923 639839 Changes: logcheck (1.3.14) unstable; urgency=low . [ martin f. krafft ] * ignore.d.server/postfix: - ignore notice about verified TLS connections. * ignore.d.server/openvpn: - broaden filters to catch more messages. . [ Hanspeter Kunz ] * ignore.d.server/dovecot: - allow for arbitrary msgids
[Logcheck-devel] Bug#616103: marked as done (logcheck: (re)enable globbing of logfile names)
Your message dated Thu, 08 Sep 2011 14:48:49 + with message-id e1r1ful-0008rv...@franck.debian.org and subject line Bug#616103: fixed in logcheck 1.3.14 has caused the Debian Bug report #616103, regarding logcheck: (re)enable globbing of logfile names to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 616103: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616103 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.3.13 Severity: minor Tags: patch In Lenny it was possible to use wildcards in logcheck.logfiles. For example, I used: /var/log/HOSTS/*/*.log root@durer:~# su -s /bin/bash -c bash -x /usr/sbin/logcheck logcheck cut + read file + logoutput '/var/log/HOSTS/*/*.log' + file='/var/log/HOSTS/*/*.log' + debug 'logoutput called with file: /var/log/HOSTS/*/*.log' + '[' 0 -eq 1 ']' + '[' -f '/var/log/HOSTS/*/*.log' ']' + echo 'E: File could not be read: /var/log/HOSTS/*/*.log' cut The wildcards in the path are not expanded. I've attached a patch that does so. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to nl_NL.UTF-8) Shell: /bin/sh linked to /bin/bash --- logcheck2010-09-03 10:25:15.0 +0200 +++ /usr/sbin/logcheck 2011-03-02 15:39:49.097878736 +0100 @@ -436,6 +436,12 @@ fi } +# Expand wildcards +# eg: /dev/n*ll - /dev/null +glob() { +xargs -i ls {} +} + # Show all the cli options to our users. usage() { debug usage: Printing usage and exiting @@ -658,7 +664,7 @@ mkdir $TMPDIR/logoutput \ || error Could not mkdir for log files if [ ! $LOGFILE ] [ -r $LOGFILES_LIST ]; then -egrep --text -v (^#|^[[:space:]]*$) $LOGFILES_LIST | while read file; do +egrep --text -v (^#|^[[:space:]]*$) $LOGFILES_LIST | glob | while read file; do logoutput $file done elif [ $LOGFILE ]; then ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.14 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.14_all.deb to main/l/logcheck/logcheck-database_1.3.14_all.deb logcheck_1.3.14.dsc to main/l/logcheck/logcheck_1.3.14.dsc logcheck_1.3.14.tar.gz to main/l/logcheck/logcheck_1.3.14.tar.gz logcheck_1.3.14_all.deb to main/l/logcheck/logcheck_1.3.14_all.deb logtail_1.3.14_all.deb to main/l/logcheck/logtail_1.3.14_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 616...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 08 Sep 2011 15:32:22 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.14 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read (deprecated) Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030 637916 637918 637923 639839 Changes: logcheck (1.3.14) unstable; urgency=low . [ martin f. krafft ] * ignore.d.server/postfix: - ignore notice about verified TLS connections. * ignore.d.server/openvpn: - broaden filters to catch more messages. . [ Hanspeter Kunz ] * ignore.d.server/dovecot: - allow for arbitrary msgids - ignore discarded vacation replies with precedence Bulk and list - ignore notice about managesieve logouts (closes: #637918) * ignore.d.server/postfix: - ignore (temporary) rejects messages when the sender domain is not found - ignore verify cache db cleanups . [ Hannes
[Logcheck-devel] Bug#637916: marked as done (logcheck-database: Tweak to dovecot rules to match IPv6 addresses)
Your message dated Thu, 08 Sep 2011 14:48:50 + with message-id e1r1fum-0008s1...@franck.debian.org and subject line Bug#637916: fixed in logcheck 1.3.14 has caused the Debian Bug report #637916, regarding logcheck-database: Tweak to dovecot rules to match IPv6 addresses to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 637916: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637916 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Subject: logcheck-database: Tweak to dovecot rules to match IPv6 addresses Package: logcheck-database Version: 1.3.13 Severity: minor *** Please type your report below this line *** There is a rule in /etc/logcheck/ignore.d.server/dovecot that almost works for IPv6 addresses but it uses [:digit:] instead of [:xdigit:]: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: managesieve-login: Login: user=[._[:alnum:]-]+, method=[[:alnum:]-]+, rip=[.:[:digit:]]+, lip=[.:[:digit:]]+, (TLS( handshake)?|secured)$ Fixed with: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: managesieve-login: Login: user=[._[:alnum:]-]+, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS( handshake)?|secured)$ -- System Information: Debian Release: 6.0.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8) Shell: /bin/sh linked to /bin/dash -- Configuration Files: -- no debconf information -- Gerald Turner Email: gtur...@unzane.com JID: gtur...@unzane.com GPG: 0xFA8CD6D5 21D9 B2E8 7FE7 F19E 5F7D 4D0C 3FA0 810F FA8C D6D5 --- dovecot.orig 2011-08-15 11:51:48.775348529 -0700 +++ dovecot 2011-08-15 11:52:06.707075441 -0700 @@ -22,5 +22,5 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth\([[:alnum:]]+\): client in: CONThidden ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth\([[:alnum:]]+\): client out: CONT[[:space:]]+[[:digit:]]+[[:space:]]+[[:alnum:]]+$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: ssl-build-param: SSL parameters regeneration completed$ -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: managesieve-login: Login: user=[._[:alnum:]-]+, method=[[:alnum:]-]+, rip=[.:[:digit:]]+, lip=[.:[:digit:]]+, (TLS( handshake)?|secured)$ +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: managesieve-login: Login: user=[._[:alnum:]-]+, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS( handshake)?|secured)$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: MANAGESIEVE\([._[:alnum:]-]+\): Connection closed( bytes=[[:digit:]]+/[[:digit:]]+)?$ pgpOTFdbat9Vq.pgp Description: PGP signature ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.14 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.14_all.deb to main/l/logcheck/logcheck-database_1.3.14_all.deb logcheck_1.3.14.dsc to main/l/logcheck/logcheck_1.3.14.dsc logcheck_1.3.14.tar.gz to main/l/logcheck/logcheck_1.3.14.tar.gz logcheck_1.3.14_all.deb to main/l/logcheck/logcheck_1.3.14_all.deb logtail_1.3.14_all.deb to main/l/logcheck/logtail_1.3.14_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 637...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 08 Sep 2011 15:32:22 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.14 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read (deprecated) Closes: 608256 609649 613124 616103 616616 618411 622942 624197 632471 633030
[Logcheck-devel] Bug#552134: marked as done (amavisd-new: supplied logcheck ignore rules let everything through)
Your message dated Thu, 8 Sep 2011 19:53:14 +0200 with message-id 20110908174626.ga7...@carbon.vonhaugwitz.com and subject line Re: Bug#552134: amavisd-new: supplied logcheck ignore rules let, everything through has caused the Debian Bug report #552134, regarding amavisd-new: supplied logcheck ignore rules let everything through to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 552134: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552134 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: amavisd-new Version: 1:2.6.1.dfsg-1 Severity: minor Tags: patch I use postfix, amavisd-new, clamav, spamassassin. And logcheck (with default, server setting) Logcheck sends me a lot of reports from the logfile about amavisd-new results. As I see in the /etc/logcheck/ignore.d.server file, an attempt was made to filter out some of the unnecessary reports. However, the 'Passed CLEAN' rule does not match. And the 'WARN: address modified' rule doesn't match either. Here is a sample log line that got through: Oct 23 14:02:37 spark amavis[1199]: (01199-02) Passed CLEAN, logch...@uvill.hu - logch...@uvill.hu, Message-ID: 20091023120233.4c1dd25...@mail.uvill.hu, mail_id: Sjiu0FmRJKMZ, Hits: -2.593, size: 2739, queued_as: 13C0923693, 3797 ms this changed rule seem to work for me: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} [^]* - [^]*(,[^]*)*, Message-ID: [^]+( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: [^]+,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$ also please create rules to ignore 'Passed BAD-HEADER', 'Passed SPAMMY', 'Blocked SPAM', and some others. Rationale: With a small mailserver I have so many amavis reports from logcheck that logcheck is not useful at all, and these lines only show that amavis is working as expected, there is nothing to warn about. examples: Oct 23 14:15:32 moto amavis[21170]: (21170-16) Passed BAD-HEADER, [84.1.230.188] [80.249.168.77] nore...@kvizpart.hu - pi...@moto.hu, quarantine: S/badh-S1hyDigHfMDw, Message-ID: 20091023_121512_040313.nore...@kvizpart.hu, mail_id: S1hyDigHfMDw, Hits: 1.103, size: 16511, queued_as: B18A947C10, 5824 ms Sep 5 20:14:01 spark amavis[9254]: (09254-02) Blocked SPAM, [85.186.127.160] [85.186.127.160] mouzerij_1...@metal-attack.org - gabor.ujh...@spark.hu, quarantine: spam-YomiQ3CnmC61.gz, mail_id: YomiQ3CnmC61, Hits: 18.677, 8520 ms Sep 5 21:01:57 spark amavis[10967]: (10967-04) WARN: address modified (sender): pcrips@sisnaa-...@aerospacesw.com - pcrips@sisnaa-key@aerospacesw.com Oct 22 20:07:19 spark amavis[30821]: (30821-16) Passed SPAMMY, [84.2.39.149] [81.182.240.90] - i...@spark.hu, Message-ID: 4ae09675.4040...@ringcsoport.hu, mail_id: gKqeGve+At5F, Hits: 3.976, size: 193674, queued_as: 96D7419A41, 15663 ms -- System Information: Debian Release: 5.0.3 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/2 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages amavisd-new depends on: ii adduser 3.110 add and remove users and groups ii debconf [debconf-2.0]1.5.24 Debian configuration management sy ii file 4.26-1 Determines file type using magic ii libarchive-zip-perl 1.18-1 Module for manipulation of ZIP arc ii libberkeleydb-perl 0.34-1+b1 use Berkeley DB 4 databases from P ii libcompress-zlib-perl2.012-1 Perl module for creation and manip ii libconvert-tnef-perl 0.17-8 Perl module to read TNEF files ii libconvert-uulib-perl1.11-1 Perl interface to the uulib librar pn libdigest-md5-perl none (no description available) ii libio-stringy-perl 2.110-4 Perl modules for IO from scalars a ii libmailtools-perl2.03-1 Manipulate email in perl programs pn libmime-base64-perl none (no description available) ii libmime-tools-perl 5.427-1 Perl5 modules for MIME-compliant m ii libnet-server-perl 0.97-1 An extensible, general perl server ii libunix-syslog-perl 1.1-2 Perl interface to the UNIX syslog( ii perl [libtime-hires-perl 5.10.0-19lenny2 Larry Wall's Practical Extraction ii perl-modules [libarchive 5.10.0-19lenny2 Core Perl modules amavisd-new
[Logcheck-devel] Processed: tagging 633030
Processing commands for cont...@bugs.debian.org: # fixed in 52b3428 tags 633030 + pending Bug #633030 [src:logcheck] logcheck: /run transition: Please switch to /run/sendsigs.omit.d Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 633030: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633030 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 639839
Processing commands for cont...@bugs.debian.org: # fixed in cf21d54 tags 639839 + pending Bug #639839 [logcheck-database] please update amavisd-new rules Bug #611999 [logcheck-database] amavisd-new: logcheck Passed: CLEAN|SPAM doesn't work because mail-id can contain - Added tag(s) pending. Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 639839: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Processed (with 1 errors): same bug
Processing commands for cont...@bugs.debian.org: reassign 611999 logcheck-database Bug #611999 [logcheck] amavisd-new: logcheck Passed: CLEAN|SPAM doesn't work because mail-id can contain - Bug reassigned from package 'logcheck' to 'logcheck-database'. merge 611999 639839 Bug#611999: amavisd-new: logcheck Passed: CLEAN|SPAM doesn't work because mail-id can contain - Bug#639839: please update amavisd-new rules Merged 611999 639839. End of message, stopping processing here. Please contact me if you need assistance. -- 611999: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=611999 639839: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed (with 1 errors): same bug
Processing commands for cont...@bugs.debian.org: severity 639839 normal Bug #639839 [logcheck-database] please update amavisd-new rules Severity set to 'normal' from 'wishlist' merge 611999 639839 Bug#611999: amavisd-new: logcheck Passed: CLEAN|SPAM doesn't work because mail-id can contain - Bug#639839: please update amavisd-new rules Mismatch - only Bugs in same state can be merged: Values for `package' don't match: #611999 has `logcheck'; #639839 has `logcheck-database' thanks Stopping processing here. Please contact me if you need assistance. -- 639839: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639839 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#608574: [PATCH] updated rules for dnsmasq
Processing commands for cont...@bugs.debian.org: tags 608574 - pending + moreinfo Bug #608574 [logcheck] [PATCH] updated rules for dnsmasq Removed tag(s) pending. Bug #608574 [logcheck] [PATCH] updated rules for dnsmasq Added tag(s) moreinfo. thanks Stopping processing here. Please contact me if you need assistance. -- 608574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608574 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 637918
Processing commands for cont...@bugs.debian.org: # fixed in 6b0c4445 by Hanspeter tags 637918 +pending Bug #637918 [logcheck-database] Tweak to dovecot rules to ignore managesieve logout Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 637918: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=637918 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#623298: marked as done (logcheck: excessive CPU use by egrep)
Your message dated Fri, 8 Jul 2011 15:46:49 +0200 with message-id 20110708134649.ga5...@carbon.vonhaugwitz.com and subject line Re: [Logcheck-devel] Bug#623298: Acknowledgement (logcheck: excessive CPU use by egrep) has caused the Debian Bug report #623298, regarding logcheck: excessive CPU use by egrep to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 623298: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623298 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.3.13 Severity: normal Currently I have an egrep sitting on 64 minutes cpu time that was run from the logcheck process. On other logcheck runs, some of the data finally appearing has been due to fetchnews (part of the leafnode package) and the kernel. Have any of the developers been looking at which rules use the most cpu time and how than can be minimised? -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.38.2 (SMP w/1 CPU core) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages logcheck depends on: ii adduser 3.112+nmu2 add and remove users and groups ii cron 3.0pl1-116 process scheduling daemon ii exim4-daemon-light [mail-tran 4.75-2 lightweight Exim MTA (v4) daemon ii lockfile-progs0.1.15 Programs for locking and unlocking ii logtail 1.3.13 Print log file lines that have not ii mime-construct1.11 construct/send MIME messages from ii sysklogd [system-log-daemon] 1.5-6 System Logging Daemon Versions of packages logcheck recommends: ii logcheck-database 1.3.13 database of system log rules for t Versions of packages logcheck suggests: ii syslog-summary1.14-2 summarize the contents of a syslog -- Configuration Files: /etc/cron.d/logcheck changed: PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root @reboot logcheckif [ -x /usr/sbin/logcheck ]; then ionice -c3 nice -n10 /usr/sbin/logcheck -R; fi 2 * * * * logcheckif [ -x /usr/sbin/logcheck ]; then ionice -c3 nice -n10 /usr/sbin/logcheck; fi /etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles' -- debconf-show failed ---End Message--- ---BeginMessage--- On Tue, Apr 19, 2011 at 10:56:39PM +0930, Arthur Marsh wrote: This bug is due to leafnode even at minimal logging creating about 100 MiB of log entries like reported in: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623302 These entries were of the form: Apr 19 00:03:09 victoria fetchnews[3335]: gmane.linux.kernel: killed 79950 (200212181942.gbijgp418...@devserv.devel.redhat.com), too old (3043 15) days As this was the largest proportion of junk log entries, perhaps logcheck should filter these entries out before performing other filtering? As mentioned in README.logcheck-database.gz[0] we don't add rules for temporary messages which are due to a bug in the package. Hence I close this bug now. Greetings Hannes [0] http://anonscm.debian.org/gitweb/?p=logcheck/logcheck.git;a=blob;f=docs/README.logcheck-database;h=540d6328348a9bcdff2e14f1f2e6ff3ff55a5744;hb=HEAD ---End Message--- ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#624197: logcheck-database: update for amavisd-new SPAMMY log entries
Processing commands for cont...@bugs.debian.org: # fixed in 82f86001 tags 624197 + pending Bug #624197 [logcheck-database] logcheck-database: update for amavisd-new SPAMMY log entries Added tag(s) pending. -- Stopping processing here. Please contact me if you need assistance. -- 624197: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=624197 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: logcheck ignore rules for rsyslogd
Processing commands for cont...@bugs.debian.org: reassign 623058 rsyslog Bug #623058 [logcheck] logcheck: tweak 'rsyslogd was HUPed' filter Bug reassigned from package 'logcheck' to 'rsyslog'. Bug No longer marked as found in versions logcheck/1.3.13. thanks Stopping processing here. Please contact me if you need assistance. -- 623058: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623058 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: RE: updated rules for webmin
Processing commands for cont...@bugs.debian.org: # fixed in 5f7da056 tag 590559 + pending Bug #590559 [logcheck-database] updated rules for webmin Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 590559: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590559 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 608574
Processing commands for cont...@bugs.debian.org: # fixed in d4a97c55 tags 608574 + pending Bug #608574 [logcheck] [PATCH] updated rules for dnsmasq Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 608574: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608574 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 616616
Processing commands for cont...@bugs.debian.org: # fixed in 6a4bf69b tags 616616 + pending Bug #616616 [logcheck-database] TLS fingerpring log message out of date Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 616616: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=616616 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 618411
Processing commands for cont...@bugs.debian.org: # fixed in 6cb523e tags 618411 + pending Bug #618411 [logcheck-database] logcheck-database: Fails to filter messages from pam-gkr at workstation level Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 618411: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618411 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: reassign 617484 to rsyslog, forcibly merging 617484 612829
Processing commands for cont...@bugs.debian.org: reassign 617484 rsyslog Bug #617484 [logcheck] logcheck: Empty report generated each hour Bug reassigned from package 'logcheck' to 'rsyslog'. Bug No longer marked as found in versions logcheck/1.3.13. forcemerge 617484 612829 Bug#617484: logcheck: Empty report generated each hour Bug#612829: no longer cleans up trailing whitespace (causes logcheck to send empty reports) Bug#614318: no longer cleans up trailing whitespace (causes logcheck to send empty reports) Bug#615610: no longer cleans up trailing whitespace (causes logcheck to send empty reports) Forcibly Merged 612829 614318 615610 617484. thanks Stopping processing here. Please contact me if you need assistance. -- 614318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614318 615610: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615610 612829: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612829 617484: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=617484 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#615610: logcheck: Sends empty reports
Processing commands for cont...@bugs.debian.org: reassign 615610 rsyslog Bug #615610 [logcheck] logcheck: Sends empty reports Bug reassigned from package 'logcheck' to 'rsyslog'. Bug No longer marked as found in versions logcheck/1.3.13. forcemerge 612829 615610 Bug#612829: no longer cleans up trailing whitespace Bug#615610: logcheck: Sends empty reports Bug#614318: logcheck sends an email even when there are no entries after filtering Forcibly Merged 612829 614318 615610. thanks Stopping processing here. Please contact me if you need assistance. -- 614318: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=614318 615610: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=615610 612829: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612829 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 613124
Processing commands for cont...@bugs.debian.org: # fixed in fdb9b97 tags 613124 + pending Bug #613124 [logcheck] logcheck: snmpd output changed - rule needs updating Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 613124: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=613124 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 609649
Processing commands for cont...@bugs.debian.org: # fixed in bfdc9bb tags 609649 + pending Bug #609649 [logcheck-database] cron-apt: Insufficient logcheck patterns Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 609649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609649 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: tagging 608256
Processing commands for cont...@bugs.debian.org: # fixed in 96bfce9 tags 608256 + pending Bug #608256 [logcheck-database] /etc/logcheck/ignore.d.server/dnsmasq: dnsmasq: interface names are allowed to have a dash (-) please add this to the filter Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 608256: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=608256 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: change submitter
://bugs.debian.org/cgi-bin/bugreport.cgi?bug=548481 471208: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471208 601882: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=601882 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#612046: marked as done (RE-patterns in logcheck rules is contain unescaped point char (any symbol) in many places)
Your message dated Sun, 6 Feb 2011 22:05:15 +0100 with message-id 20110206210515.ga31...@df7cb.de and subject line Re: Bug#612046: RE-patterns in logcheck rules is contain unescaped point char (any symbol) in many places has caused the Debian Bug report #612046, regarding RE-patterns in logcheck rules is contain unescaped point char (any symbol) in many places to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 612046: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=612046 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.2.69 Severity: normal Many, very many logcheck rules is contain the point character (.) without escaping character (\). Example: /etc/logcheck/ignore.d.server/sendmail contain following line (1st line in file): ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: starting daemon ^ This point is unescaped and treated as any character. Because this point enclosed into square brackets, all another RE elements in these brackets does nothing, and specified RE-line is equivalented with following RE: ^\w{3} [ :0-9]{11} .+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: starting daemon To fix, it is needed to escape point char: ^\w{3} [ :0-9]{11} [\._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: starting daemon Errors like this discovered in each logcheck rules file! -- System Information: Debian Release: 5.0.2 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core) Locale: LANG=ru_RU.UTF-8, LC_CTYPE=ru_RU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages logcheck depends on: ii adduser3.110 add and remove users and groups ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-3 A simple mail user agent ii cron 3.0pl1-105management of regular background p ii lockfile-progs 0.1.11-0.1Programs for locking and unlocking ii logtail1.2.69Print log file lines that have not ii rsyslog [system-lo 3.18.6-4 enhanced multi-threaded syslogd ii sendmail-bin [mail 8.14.3-5 powerful, efficient, and scalable Versions of packages logcheck recommends: ii logcheck-database 1.2.69 database of system log rules for t Versions of packages logcheck suggests: pn syslog-summarynone (no description available) -- no debconf information ---End Message--- ---BeginMessage--- Re: Stas Degteff 2011-02-05 20110205084850.17615.91109.report...@srv.grumbler.org Many, very many logcheck rules is contain the point character (.) without escaping character (\). Example: /etc/logcheck/ignore.d.server/sendmail contain following line (1st line in file): ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: starting daemon ^ This point is unescaped and treated as any character. Because this point enclosed into square brackets, all another RE elements in these brackets does nothing, and specified Hi, this is wrong. Dots enclosed in [] are literals. Christoph -- c...@df7cb.de | http://www.df7cb.de/ signature.asc Description: Digital signature ---End Message--- ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: Re: Bug#609649: cron-apt: Insufficient logcheck patterns
Processing commands for cont...@bugs.debian.org: reassign 609649 logcheck-database Bug #609649 [logcheck-database] cron-apt: Insufficient logcheck patterns Ignoring request to reassign bug #609649 to the same package thanks Stopping processing here. Please contact me if you need assistance. -- 609649: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609649 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Processed: your mail
=582153 586585: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586585 532669: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=532669 576398: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576398 600954: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600954 408377: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=408377 555129: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=555129 515901: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515901 564252: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564252 592398: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592398 522604: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522604 420992: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=420992 516080: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516080 413217: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=413217 518909: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=518909 584768: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584768 516081: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516081 506246: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506246 600754: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600754 539579: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539579 549541: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=549541 516471: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=516471 573040: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=573040 563401: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=563401 485018: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=485018 535336: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535336 600435: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600435 519663: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519663 512942: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512942 519103: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519103 378362: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=378362 568754: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568754 570615: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570615 522645: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522645 471025: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471025 450800: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450800 479778: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479778 407586: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407586 592799: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=592799 522547: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=522547 465306: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=465306 598953: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598953 586805: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586805 544467: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544467 517489: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=517489 445602: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445602 578415: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=578415 544456: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544456 576490: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576490 508817: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508817 468932: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468932 599498: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=599498 554822: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=554822 526681: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526681 562817: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=562817 586584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=586584 445527: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445527 594511: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594511 538674: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538674 596433: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=596433 550454: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550454 594554: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=594554 480255: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480255 527459: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=527459 458048: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458048 529156: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=529156 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#598550: marked as done (Perms on /etc/logcheck/*)
Your message dated Thu, 30 Sep 2010 09:45:35 +0200 with message-id 20100930074535.gh31...@fishbowl.rw.madduck.net and subject line Re: Bug#598550: Perms on /etc/logcheck/* has caused the Debian Bug report #598550, regarding Perms on /etc/logcheck/* to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 598550: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598550 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.2.69 Severity: wishlist Hi. Thanks for your efforts. drwxr-s--- 2 root logcheck 1024 2009-11-17 11:32 cracking.d/ drwxr-s--- 2 root logcheck 1024 2009-11-17 11:32 cracking.ignore.d/ -rw-r--r-- 1 root logcheck 188 2008-12-09 02:37 header.txt drwxr-s--- 2 root logcheck 1024 2010-06-23 12:21 ignore.d.paranoid/ drwxr-s--- 2 root logcheck 3072 2010-06-23 12:21 ignore.d.server/ drwxr-s--- 2 root logcheck 1024 2010-06-23 12:21 ignore.d.workstation/ -rw-r- 1 root logcheck 2580 2010-07-01 22:08 logcheck.conf -rw-r- 1 root root 2581 2009-11-22 08:02 logcheck.conf~ -rw-r- 1 root logcheck 131 2009-02-11 04:57 logcheck.logfiles drwxr-s--- 2 root logcheck 1024 2009-11-17 11:32 violations.d/ drwxr-s--- 2 root logcheck 2048 2009-11-17 11:32 violations.ignore.d/ I'm primary user on this box: (0) infidel /home/keeling_ id uid=1000(keeling) gid=1000(keeling) groups=4(adm),20(dialout),24(cdrom),25(floppy),29(audio),44(video),46(plugdev),50(staff),108(netdev),1000(keeling) As member of adm, I can read /etc/log/messages, et al. However, I'm not allowed to view /etc/logcheck/logcheck.conf, yet I'm the one logcheck is sending reports to. Uh, ... Should I add keeling to group logcheck? What's the downside? Again, thanks. -- System Information: Debian Release: 5.0.6 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (x86_64) Kernel: Linux 2.6.32-bpo.5-amd64 (SMP w/2 CPU cores) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages logcheck depends on: ii adduser3.110 add and remove users and groups ii bsd-mailx [mailx] 8.1.2-0.20071201cvs-3 A simple mail user agent ii cron 3.0pl1-105management of regular background p ii lockfile-progs 0.1.11-0.1Programs for locking and unlocking ii logtail1.2.69Print log file lines that have not ii mailx 1:20071201-3 Transitional package for mailx ren ii postfix [mail-tran 2.5.5-1.1 High-performance mail transport ag ii rsyslog [system-lo 3.18.6-4 enhanced multi-threaded syslogd Versions of packages logcheck recommends: ii logcheck-database 1.2.69 database of system log rules for t Versions of packages logcheck suggests: pn syslog-summarynone (no description available) -- no debconf information ---End Message--- ---BeginMessage--- also sprach s. keeling keel...@nucleus.com [2010.09.30.0253 +0200]: As member of adm, I can read /etc/log/messages, et al. However, I'm not allowed to view /etc/logcheck/logcheck.conf, yet I'm the one logcheck is sending reports to. Uh, ... Should I add keeling to group logcheck? Yes, if you trust the user (yourself). What's the downside? None, if you trust the user. If you don't trust the user, s/he could probably manipulate the files in /var/lib/logcheck and hide log messages that way. But logcheck is not supposed to be used as a security tool anyway, as it's way too unreliable for that. -- .''`. martin f. krafft madd...@d.o Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduckhttp://vcs-pkg.org `- Debian - when you have better things to do than fixing systems ---End Message--- ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#593482: marked as done (Please update violations.ignore.d/logcheck-sudo to ignore regular messages)
Your message dated Fri, 03 Sep 2010 08:48:27 + with message-id e1orrwh-0005gl...@franck.debian.org and subject line Bug#593482: fixed in logcheck 1.3.13 has caused the Debian Bug report #593482, regarding Please update violations.ignore.d/logcheck-sudo to ignore regular messages to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 593482: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593482 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck Version: 1.3.11 Severity: normal Tags: patch logcheck does not filter some sudo log messages that I consider false positives. One message is caused by executing sudo -l: Aug 18 16:14:24 rio sudo: mic : TTY=pts/1 ; PWD=/home/mic ; USER=root ; COMMAND=list The other message is caused by system shutdown through slim: Aug 17 14:24:26 rio sudo: root : TTY=console ; PWD=/ ; USER=root ; COMMAND=/sbin/shutdown -h now SliM F11 initiated system shutdown This change works for me: --- logcheck/violations.ignore.d/logcheck-sudo (revision 286) +++ logcheck/violations.ignore.d/logcheck-sudo (working copy) @@ -1,5 +1,5 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: pam_krb5\(sudo:auth\): user [[:alnum:]-]+ authenticated as [[:alnum:]...@[.a-z]+$ -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=(/(usr|etc|bin|sbin)/|sudoedit ).*$ +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : TTY=(unknown|console|(pts/|tty|vc/)[[:digit:]]+) ; PWD=[^;]+ ; USER=[._[:alnum:]-]+ ; COMMAND=((/(usr|etc|bin|sbin)/|sudoedit ).*|list)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo:[[:space:]]+[_[:alnum:].-]+ : \(command continued\).*$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session opened for user [[:alnum:]-]+ by ([[:alnum:]-]+)?\(uid=[0-9]+\)$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: pam_[[:alnum:]]+\(sudo:session\): session closed for user [[:alnum:]-]+$ -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-5-vserver-686 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages logcheck depends on: ii adduser 3.112 add and remove users and groups ii cron 3.0pl1-113 process scheduling daemon ii exim4-daemon-light [mail-tran 4.72-1 lightweight Exim MTA (v4) daemon ii lockfile-progs0.1.15 Programs for locking and unlocking ii logtail 1.3.11 Print log file lines that have not ii mime-construct1.11 construct/send MIME messages from ii rsyslog [system-log-daemon] 4.6.4-1enhanced multi-threaded syslogd Versions of packages logcheck recommends: ii logcheck-database 1.3.11 database of system log rules for t Versions of packages logcheck suggests: pn syslog-summarynone (no description available) -- Configuration Files: /etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles' -- no debconf information signature.asc Description: Digital signature ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.13 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.13_all.deb to main/l/logcheck/logcheck-database_1.3.13_all.deb logcheck_1.3.13.dsc to main/l/logcheck/logcheck_1.3.13.dsc logcheck_1.3.13.tar.gz to main/l/logcheck/logcheck_1.3.13.tar.gz logcheck_1.3.13_all.deb to main/l/logcheck/logcheck_1.3.13_all.deb logtail_1.3.13_all.deb to main/l/logcheck/logtail_1.3.13_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 593...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive
[Logcheck-devel] Processed: tagging 593482
Processing commands for cont...@bugs.debian.org: # fixed in 388daab tags 593482 + pending Bug #593482 [logcheck] Please update violations.ignore.d/logcheck-sudo to ignore regular messages Added tag(s) pending. thanks Stopping processing here. Please contact me if you need assistance. -- 593482: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=593482 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#589981: marked as done (logcheck-database: add sender delay rules for bounce)
Your message dated Thu, 29 Jul 2010 07:47:08 + with message-id e1oenpc-0005ao...@franck.debian.org and subject line Bug#589981: fixed in logcheck 1.3.11 has caused the Debian Bug report #589981, regarding logcheck-database: add sender delay rules for bounce to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 589981: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589981 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems ---BeginMessage--- Package: logcheck-database Version: 1.2.69 Severity: wishlist Please add the rule ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/bounce\[[[:digit:]]+\]: [:alnum:]+: sender delay notification: [:alnum:]+$ -- System Information: Debian Release: 5.0.5 APT prefers stable APT policy: (700, 'stable'), (650, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash -- no debconf information ---End Message--- ---BeginMessage--- Source: logcheck Source-Version: 1.3.11 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive: logcheck-database_1.3.11_all.deb to main/l/logcheck/logcheck-database_1.3.11_all.deb logcheck_1.3.11.dsc to main/l/logcheck/logcheck_1.3.11.dsc logcheck_1.3.11.tar.gz to main/l/logcheck/logcheck_1.3.11.tar.gz logcheck_1.3.11_all.deb to main/l/logcheck/logcheck_1.3.11_all.deb logtail_1.3.11_all.deb to main/l/logcheck/logtail_1.3.11_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 589...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz han...@vonhaugwitz.com (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.8 Date: Thu, 29 Jul 2010 08:37:19 +0200 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source all Version: 1.3.11 Distribution: unstable Urgency: low Maintainer: Debian logcheck Team logcheck-devel@lists.alioth.debian.org Changed-By: Hannes von Haugwitz han...@vonhaugwitz.com Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail- Print log file lines that have not been read (deprecated) Closes: 585802 588285 589981 Changes: logcheck (1.3.11) unstable; urgency=low . [ Hannes von Haugwitz ] * ignore.d.server/smartd: - ignore scheduled Offline Immediate Test (closes: #585802) * ignore.d.workstation/slim: new - ignore session opened/closed messages * debian/control: - bumped to Standards-Version 3.9.1 (no changes necessary) - depend on default-mta instead of exim4 * ignore.d.workstation/wpasupplicant: - match 5660 MHz in 'Trying to associate' message * ignore.d.server/libpam-krb5: new - ignore successful kerberos authentication, thanks to Russ Allbery (closes: #588285) * violations.ignore.d/logcheck-sudo: - ignore successful kerberos authentication, thanks to Michel Messerschmidt (see: #588285) * logcheck-database.preinst: - deleting ignore.d.workstation/xscreensaver, rule is covered by i.d.s/libpam-krb5 - deleting ignore.d.server/cracklib, rules maintained in cracklib-runtime * ignore.d.workstation/login: - removed successful krb auth rule, rule is covered by i.d.s/libpam-krb5 * violations.ignore.d/logcheck-su: - ignore successful kerberos authentication * ignore.d.server/smartd - ignore 'state read' and 'state written' messages * debian/copyright: - updated copyright year to 2010 - added Marc, Hanspeter and myself as team members * ignore.d.server/dhclient: - allow '-' in version string . [ martin f. krafft ] * ignore.d.server/postfix: - patch from Mathias Krause to address changes in policy-weightd log message format. * ignore.d.server/ssh: - messages about invalid users can contain zero-length usernames. * ignore.d.server/postfix: - ignore delay notification log entries (closes: #589981). . [ Hanspeter Kunz ] * ignore.d.server/dhcp