** Description changed:
+ == Begin SRU Template ==
+ [Impact]
+
+ * logcheck produces noisy logs with output that should instead be
+ filtered due to a change in the way dhclient reports offers.
+
+ [Test Case]
+
+ * uvt-simplestreams-libvirt sync release=xenial arch=amd64
+ * uvt-kvm create xenial
+ * uvt-kvm ssh xenial --insecure
+ * sudo apt install logcheck -y
+ * # Determine interface name (ens3 in this example)
+ * ip a
+ * # Force dhclient, run a couple times for more output
+ * sudo rm /var/lib/dhcp/dhclient*leases; sudo dhclient ens3
+ * # Check logcheck output for dhclient output
+ * sudo -u logcheck logcheck -o
+
+ If not fixed, there will be DHCPDISCOVER, DHCPREQUEST, DHCPOFFER,
+ DHCPPACK messages that should have been filtered. When correctly working
+ there will be no messages from dhclient.
+
+ Also note that if there is a failure in DHCP there will be error
+ messages and these should be there!
+
+ [Regression Potential]
+
+ * Users currently experiencing this issue would be expecting an SRU fix to
come from us as the application is broken.
+ * The only work around it would require editing the dhclient ignore rules by
hand. If an end user had already done these same changes, then those changes
would be written over.
+ * If the end user did have custom rules they would be over written as well.
+
+ [Other Info]
+
The regex on line 12 in /etc/logcheck/ignore.d.server/dhclient needs
updating since it does not match the current output from dhclient
The current line (12) as included in version 1.3.16 of logcheck-database
looks like this:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(REQUEST|RELEASE)
(of [.0-9]{7,15} )?on [[:alnum:].-]+ to [.0-9]{7,15} port 67$
The line should look something like this is order to match the current outpt
format of dhclient:
- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?:
DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].]+ to [.0-9]{7,15} por
t 67( \(xid=0x[0-9a-f]+\))?$
-
-
- This has been observed on a fresh install of ubuntu server 14.04.1 (no
upgrades from previous versions).
-
+ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?:
DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].]+ to [.0-9]{7,15} por
t 67( \(xid=0x[0-9a-f]+\))?$
+
+ This has been observed on a fresh install of ubuntu server 14.04.1 (no
+ upgrades from previous versions).
Procedure to reproduce:
- Install system that has at least one interface running dhcpclient
- Wait for dhclient to request or renew it's ip lease
- Wait for logwatch to run and send out its notification
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: logcheck-database 1.3.16
ProcVersionSignature: Ubuntu 3.13.0-34.60-generic 3.13.11.4
Uname: Linux 3.13.0-34-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.3
Architecture: amd64
Date: Sun Aug 17 10:09:15 2014
Dependencies:
-
+
InstallationDate: Installed on 2014-08-14 (2 days ago)
InstallationMedia: Ubuntu-Server 14.04.1 LTS "Trusty Tahr" - Release amd64
(20140722.3)
PackageArchitecture: all
SourcePackage: logcheck
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.logcheck.cracking.d.kernel: [deleted]
modified.conffile..etc.logcheck.cracking.d.rlogind: [deleted]
modified.conffile..etc.logcheck.cracking.d.rsh: [deleted]
modified.conffile..etc.logcheck.cracking.d.smartd: [deleted]
modified.conffile..etc.logcheck.cracking.d.tftpd: [deleted]
modified.conffile..etc.logcheck.cracking.d.uucico: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.bind: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.cron: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.incron: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.logcheck: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.postfix: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.ppp: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.pureftp: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.qpopper: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.squid: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.ssh: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.stunnel: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.sysklogd: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.telnetd: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.tripwire: [deleted]
modified.conffile..etc.logcheck.ignore.d.paranoid.usb: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.acpid: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.amandad: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.amavisd.new: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.anacron: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.anon.proxy: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.apache: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.apcupsd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.arpwatch: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.asterisk: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.automount: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.bind: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.bluez.utils: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.courier: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.cpqarrayd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.cpufreqd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.cron: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.cron.apt: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.cups.lpd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.cvs.pserver: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.cvsd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.cyrus: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.dcc: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.ddclient: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.dhclient: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.dhcp: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.dictd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.dkfilter: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.dkim.filter: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.dnsmasq: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.dovecot: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.dropbear: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.dspam: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.epmd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.exim4: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.fcron: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.ftpd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.git.daemon: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.gnu.imap4d: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.gps: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.grinch: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.horde3: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.hplip: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.hylafax: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.ikiwiki: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.imap: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.imapproxy: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.imp: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.imp4: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.innd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.ipppd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.isdnlog: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.isdnutils: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.jabberd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.kernel: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.klogind: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.krb5.kdc: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.libpam.krb5: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.libpam.mount: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.logcheck: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.login: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.maradns: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.mldonkey.server: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.mon: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.mountd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.nagios: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.netconsole: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.nfs: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.nntpcache: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.nscd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.nslcd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.openvpn: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.otrs: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.passwd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.pdns: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.perdition: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.policyd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.popa3d: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.postfix: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.postfix.policyd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.ppp: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.pptpd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.procmail: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.proftpd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.pure.ftpd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.pureftp: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.qpopper: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.rbldnsd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.rpc.statd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.rsnapshot: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.rsync: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.sa.exim: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.samba: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.saned: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.sasl2.bin: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.saslauthd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.schroot: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.scponly: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.slapd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.smartd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.smbd.audit: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.smokeping: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.snmpd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.snort: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.spamc: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.spamd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.squid: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.ssh: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.stunnel: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.su: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.sudo: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.sympa: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.syslogd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.teapop: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.telnetd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.tftpd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.thy: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.ucd.snmp: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.upsd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.uptimed: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.userv: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.vsftpd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.watchdog: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.wu.ftpd: [deleted]
modified.conffile..etc.logcheck.ignore.d.server.xinetd: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.automount: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.bind: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.bluetooth.alsa: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.bluez.utils: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.bonobo: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.dhcpcd: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.francine: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.gconf: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.gdm: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.hald: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.hcid: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.ifplugd: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.ippl: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.kdm: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.kernel: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.laptop.mode.tools:
[deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.libmtp.runtime: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.libpam.gnome.keyring:
[deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.logcheck: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.login: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.net.acct: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.nntpcache: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.polypaudio: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.postfix: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.ppp: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.proftpd: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.pump: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.sendfile: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.slim: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.squid: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.udev: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.wdm: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.winbind: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.wpasupplicant: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.xdm: [deleted]
modified.conffile..etc.logcheck.ignore.d.workstation.xlockmore: [deleted]
modified.conffile..etc.logcheck.violations.d.kernel: [deleted]
modified.conffile..etc.logcheck.violations.d.logcheck: [deleted]
modified.conffile..etc.logcheck.violations.d.smartd: [deleted]
modified.conffile..etc.logcheck.violations.d.su: [deleted]
modified.conffile..etc.logcheck.violations.d.sudo: [deleted]
modified.conffile..etc.logcheck.violations.ignore.d.logcheck.su: [deleted]
modified.conffile..etc.logcheck.violations.ignore.d.logcheck.sudo: [deleted]
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1357880
Title:
/etc/logcheck/ignore.d.server/dhclient needs updated regex
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logcheck/+bug/1357880/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
