Package: logcheck-database
Version: 1.2.53
Severity: normal
logcheck is generating messages like this:
Feb 10 13:31:09 waterloo kernel: IN=ppp0 OUT= MAC= SRC=216.58.8.243
DST=239.255.67.250 LEN=176 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=34554
DPT=16680 LEN=156
the closest match to this is the following rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: BANDWIDTH_IN:IN=[[:alnum:]]+ OUT=
MAC=[:[:xdigit:]]+ SRC=[.0-9]{7,15} DST=[.0-9]{7,15} LEN=[0-9]+
TOS=0x[[:xdigit:]]+ PREC=0x[[:xdigit:]]+ TTL=[0-9]+ ID=[0-9]+ (DF )?PROTO=TCP
SPT=[0-9]+ DPT=[0-9]+ WINDOW=[0-9]+ RES=0x[[:xdigit:]]+ ACK (PSH )?URGP=[0-9]+$
but it only handles TCP/IP traffic. logcheck should filter normal UDP inbound
& outbound traffic.
thanks,
matt
-- System Information:
Debian Release: 4.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-k7
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.11 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
