Your message dated Wed, 25 Jan 2017 22:05:37 +0000 with message-id <[email protected]> and subject line Bug#809605: fixed in logcheck 1.3.18 has caused the Debian Bug report #809605, regarding logcheck: dhclient rules do not match because of [pid] to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 809605: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809605 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: logcheck Version: 1.3.17 Severity: normal I'm getting lines like this in logcheck emails: Jan 1 00:03:21 getz dhclient[27185]: DHCPREQUEST of 82.27.1.1 on enp2s0 to 62.254.1.1 port 67 despite there being lines in ignore.d.server/dhclient that are clearly intended to match it: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].-]+ to [.0-9]{7,15} port 67$ This doesn't match, clearly, since the regex doesn't take account of the [pid] following dhclient. an alternative regex might be: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?\[[1-9][0-9]*]: DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].-]+ to [.0-9]{7,15} port 67$ which would need to be done for all such lines in the dhclient ignore file. Unless, for some reason my system is syslogging the pid when it shouldn't be? thanks much, calum. -- System Information: Debian Release: stretch/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.3.0-1-amd64 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages logcheck depends on: ii adduser 3.113+nmu3 ii cron 3.0pl1-128 ii exim4-daemon-heavy [mail-transport-agent] 4.86-7 ii lockfile-progs 0.1.17 ii logtail 1.3.17 ii mime-construct 1.11+nmu1 ii rsyslog [system-log-daemon] 8.12.0-1 Versions of packages logcheck recommends: ii logcheck-database 1.3.17 Versions of packages logcheck suggests: ii syslog-summary 1.14-2.1 -- Configuration Files: /etc/cron.d/logcheck changed: PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root @reboot logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi 4 * * * * logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi /etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf' /etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles' -- no debconf information
--- End Message ---
--- Begin Message ---Source: logcheck Source-Version: 1.3.18 We believe that the bug you reported is fixed in the latest version of logcheck, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Hannes von Haugwitz <[email protected]> (supplier of updated logcheck package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 25 Jan 2017 22:08:04 +0100 Source: logcheck Binary: logcheck logcheck-database logtail Architecture: source Version: 1.3.18 Distribution: unstable Urgency: medium Maintainer: Debian logcheck Team <[email protected]> Changed-By: Hannes von Haugwitz <[email protected]> Description: logcheck - mails anomalies in the system logfiles to the administrator logcheck-database - database of system log rules for the use of log checkers logtail - Print log file lines that have not been read Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041 799304 809605 815114 815755 822165 825170 Changes: logcheck (1.3.18) unstable; urgency=medium . * src/logcheck: - fix check if rule files are unreadable, thanks to Simon Ruderich for the patch (closes: #418147) * src/logcheck-test: - make mktemp usage more portable * Makefile: - remove duplicate xargs option (thanks to Sander Bos) * ignore.d.server/dhcp: - match dhcpd PID (closes: #799041) * ignore.d.server/dhclient: - rewrite rules (LP: #1357880, closes: #809605) * ignore.d.server/ssh: - add generic preauth disconnect rule (closes: #775090) - adjust 'Bad protocol version identification' rule, thanks to Paul Brossier for the patch (closes: #703936) - allow new FingerprintHash format (closes: #799304) - match 'ED25519' key type, thanks to Ayke van Laethem for the patch - match more disconnect messages * ignore.d.server/su: - allow '.' and '_' in username (closes: #780441) * ignore.d.server/rsync: - allow comma as thousands separator (LP: #1476199) * ignore.d.workstation/wpasupplicant: - adjust CTRL-EVENT-CONNECTED rule - add another CTRL-EVENT-DISCONNECTED rule - adjust multiple rules to match added interface name - allow '.' in SSID - match 'SME: ' prefix in 'Trying to associate' message - match 'freq=', 'address=' and 'uuid=' wpa_action messages - match CTRL-EVENT-SUBNET-STATUS-UPDATE message - match predictable network interface names * violations.ignore.d/logcheck-sudo: - match 'GROUP=' field (closes: #815114) * ignore.d.server/bind: - match domain name in query message, thanks to Wojciech Nizinski for the patch - ignore DNSSEC rekeying (closes: #825170) * ignore.d.server/openvpn: - match arbitrary mtu sizes (closes: #815755) * ignore.d.server/snmpd: - match optional port (closes: #644886) * ignore.d.server/postfix: - remove obsolete rule (closes: #822165) * ignore.d.server/systemd-timesyncd: new - match 'interval/delta/delay/jitter/drift' message * ignore.d.server/kernel: - 'TCP: ' prefix is optional, thanks to Xavier Mehrenberger for the patch (closes: #797512) * ignore.d.server/systemd: new - add some generic rules (closes: #783633) * debian/control: - add alternate dependency on cron-daemon, thanks to Felix Zielcke for the patch (closes: #786815) - use secure Vcs-* fields - bump to Standards-Version 3.9.8 (no changes necessary) * debian/copyright: update copyright year to 2017 * Remove obsolete debian/logcheck-database.postinst * Add support for logcheck.logfiles.d, thanks to Vincas Dargis for the initial patch (closes: #481353) * Replace all occurrences of 'deinstall' with 'uninstall', thanks to duelle for the patch * Remove references to 'logcheck.org' Checksums-Sha1: d51fa82ab094c7273879512d3261ceab3f156640 1857 logcheck_1.3.18.dsc 361aff6d593c4056ec9e8c9aa8195e6a2476b268 131252 logcheck_1.3.18.tar.xz Checksums-Sha256: 0c19c134f86dfea6c04dd71e33fb2cf056d41019f4029c42c4f60c5633605fcb 1857 logcheck_1.3.18.dsc 077b9149ccd2b747b52785afa89da844f3d072c017c9e719925dec6acb9a9af4 131252 logcheck_1.3.18.tar.xz Files: 4e18e2b9a6f211403f5a4b86107a00ee 1857 admin optional logcheck_1.3.18.dsc 0089dd02940b3789027ec37d4d19c8c0 131252 admin optional logcheck_1.3.18.tar.xz -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAliJF9oACgkQGO6GOGAi 71fmmQv/f6JkTqLtyqvNDYGUJ7Ovhtk3HnsDMCmeY/zWy7TvBOModS3AtWOU91Aj i25mTB/ReW2W5U5Lis2v/n2iVOWBSNB6Z3uv0M50GpVE2hDHfY6YA57KAlEaeKv7 zyMMJf+nLa9a5Pz0IEtTgK5A08rTrmgyYo/q6We60XE2w5pWA3lA65to+aC2/Qr1 cHmBS/bc2nAc37DfZDqDROLS0/+VC7ziPyDqqQqxNOmkvRf8EAsivla90+pcdhmY WmUi1ib6FX7su5rXKnJxhl9GMD5l4OSPRBE+JeO8rSeIo42Jxi85xxFyJ0Gwf79p oJPEBq7EIES5JhuMFLfd+BdTa6B7SHfA6+xylv+lXhAUfldcNehM89cJHFL6VzNC 9QMJDoIz1l3pCikVo2Hx2xJXCX94MuaOvE2oLx9yU1Bztwx9aNhcQQiuSCUdeBsq +8ok1DzpaqhNCckBLb1LiZF5zkqeOo36eHQkFOaVYsSlBUO/nirxcVmnPi0L1o/h ZZ/i434i =kISm -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
