** Description changed: + == Begin SRU Template == + [Impact] + + * logcheck produces noisy logs with output that should instead be + filtered due to a change in the way dhclient reports offers. + + [Test Case] + + * uvt-simplestreams-libvirt sync release=xenial arch=amd64 + * uvt-kvm create xenial + * uvt-kvm ssh xenial --insecure + * sudo apt install logcheck -y + * # Determine interface name (ens3 in this example) + * ip a + * # Force dhclient, run a couple times for more output + * sudo rm /var/lib/dhcp/dhclient*leases; sudo dhclient ens3 + * # Check logcheck output for dhclient output + * sudo -u logcheck logcheck -o + + If not fixed, there will be DHCPDISCOVER, DHCPREQUEST, DHCPOFFER, + DHCPPACK messages that should have been filtered. When correctly working + there will be no messages from dhclient. + + Also note that if there is a failure in DHCP there will be error + messages and these should be there! + + [Regression Potential] + + * Users currently experiencing this issue would be expecting an SRU fix to come from us as the application is broken. + * The only work around it would require editing the dhclient ignore rules by hand. If an end user had already done these same changes, then those changes would be written over. + * If the end user did have custom rules they would be over written as well. + + [Other Info] + The regex on line 12 in /etc/logcheck/ignore.d.server/dhclient needs updating since it does not match the current output from dhclient The current line (12) as included in version 1.3.16 of logcheck-database looks like this: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].-]+ to [.0-9]{7,15} port 67$ The line should look something like this is order to match the current outpt format of dhclient: - ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].]+ to [.0-9]{7,15} por t 67( \(xid=0x[0-9a-f]+\))?$ - - - This has been observed on a fresh install of ubuntu server 14.04.1 (no upgrades from previous versions). - + ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?(\[[[:digit:]]+\])?: DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].]+ to [.0-9]{7,15} por t 67( \(xid=0x[0-9a-f]+\))?$ + + This has been observed on a fresh install of ubuntu server 14.04.1 (no + upgrades from previous versions). Procedure to reproduce: - Install system that has at least one interface running dhcpclient - Wait for dhclient to request or renew it's ip lease - Wait for logwatch to run and send out its notification ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: logcheck-database 1.3.16 ProcVersionSignature: Ubuntu 3.13.0-34.60-generic 3.13.11.4 Uname: Linux 3.13.0-34-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.3 Architecture: amd64 Date: Sun Aug 17 10:09:15 2014 Dependencies: - + InstallationDate: Installed on 2014-08-14 (2 days ago) InstallationMedia: Ubuntu-Server 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.3) PackageArchitecture: all SourcePackage: logcheck UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.logcheck.cracking.d.kernel: [deleted] modified.conffile..etc.logcheck.cracking.d.rlogind: [deleted] modified.conffile..etc.logcheck.cracking.d.rsh: [deleted] modified.conffile..etc.logcheck.cracking.d.smartd: [deleted] modified.conffile..etc.logcheck.cracking.d.tftpd: [deleted] modified.conffile..etc.logcheck.cracking.d.uucico: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.bind: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.cron: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.incron: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.logcheck: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.postfix: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.ppp: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.pureftp: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.qpopper: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.squid: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.ssh: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.stunnel: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.sysklogd: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.telnetd: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.tripwire: [deleted] modified.conffile..etc.logcheck.ignore.d.paranoid.usb: [deleted] modified.conffile..etc.logcheck.ignore.d.server.acpid: [deleted] modified.conffile..etc.logcheck.ignore.d.server.amandad: [deleted] modified.conffile..etc.logcheck.ignore.d.server.amavisd.new: [deleted] modified.conffile..etc.logcheck.ignore.d.server.anacron: [deleted] modified.conffile..etc.logcheck.ignore.d.server.anon.proxy: [deleted] modified.conffile..etc.logcheck.ignore.d.server.apache: [deleted] modified.conffile..etc.logcheck.ignore.d.server.apcupsd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.arpwatch: [deleted] modified.conffile..etc.logcheck.ignore.d.server.asterisk: [deleted] modified.conffile..etc.logcheck.ignore.d.server.automount: [deleted] modified.conffile..etc.logcheck.ignore.d.server.bind: [deleted] modified.conffile..etc.logcheck.ignore.d.server.bluez.utils: [deleted] modified.conffile..etc.logcheck.ignore.d.server.courier: [deleted] modified.conffile..etc.logcheck.ignore.d.server.cpqarrayd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.cpufreqd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.cron: [deleted] modified.conffile..etc.logcheck.ignore.d.server.cron.apt: [deleted] modified.conffile..etc.logcheck.ignore.d.server.cups.lpd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.cvs.pserver: [deleted] modified.conffile..etc.logcheck.ignore.d.server.cvsd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.cyrus: [deleted] modified.conffile..etc.logcheck.ignore.d.server.dcc: [deleted] modified.conffile..etc.logcheck.ignore.d.server.ddclient: [deleted] modified.conffile..etc.logcheck.ignore.d.server.dhclient: [deleted] modified.conffile..etc.logcheck.ignore.d.server.dhcp: [deleted] modified.conffile..etc.logcheck.ignore.d.server.dictd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.dkfilter: [deleted] modified.conffile..etc.logcheck.ignore.d.server.dkim.filter: [deleted] modified.conffile..etc.logcheck.ignore.d.server.dnsmasq: [deleted] modified.conffile..etc.logcheck.ignore.d.server.dovecot: [deleted] modified.conffile..etc.logcheck.ignore.d.server.dropbear: [deleted] modified.conffile..etc.logcheck.ignore.d.server.dspam: [deleted] modified.conffile..etc.logcheck.ignore.d.server.epmd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.exim4: [deleted] modified.conffile..etc.logcheck.ignore.d.server.fcron: [deleted] modified.conffile..etc.logcheck.ignore.d.server.ftpd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.git.daemon: [deleted] modified.conffile..etc.logcheck.ignore.d.server.gnu.imap4d: [deleted] modified.conffile..etc.logcheck.ignore.d.server.gps: [deleted] modified.conffile..etc.logcheck.ignore.d.server.grinch: [deleted] modified.conffile..etc.logcheck.ignore.d.server.horde3: [deleted] modified.conffile..etc.logcheck.ignore.d.server.hplip: [deleted] modified.conffile..etc.logcheck.ignore.d.server.hylafax: [deleted] modified.conffile..etc.logcheck.ignore.d.server.ikiwiki: [deleted] modified.conffile..etc.logcheck.ignore.d.server.imap: [deleted] modified.conffile..etc.logcheck.ignore.d.server.imapproxy: [deleted] modified.conffile..etc.logcheck.ignore.d.server.imp: [deleted] modified.conffile..etc.logcheck.ignore.d.server.imp4: [deleted] modified.conffile..etc.logcheck.ignore.d.server.innd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.ipppd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.isdnlog: [deleted] modified.conffile..etc.logcheck.ignore.d.server.isdnutils: [deleted] modified.conffile..etc.logcheck.ignore.d.server.jabberd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.kernel: [deleted] modified.conffile..etc.logcheck.ignore.d.server.klogind: [deleted] modified.conffile..etc.logcheck.ignore.d.server.krb5.kdc: [deleted] modified.conffile..etc.logcheck.ignore.d.server.libpam.krb5: [deleted] modified.conffile..etc.logcheck.ignore.d.server.libpam.mount: [deleted] modified.conffile..etc.logcheck.ignore.d.server.logcheck: [deleted] modified.conffile..etc.logcheck.ignore.d.server.login: [deleted] modified.conffile..etc.logcheck.ignore.d.server.maradns: [deleted] modified.conffile..etc.logcheck.ignore.d.server.mldonkey.server: [deleted] modified.conffile..etc.logcheck.ignore.d.server.mon: [deleted] modified.conffile..etc.logcheck.ignore.d.server.mountd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.nagios: [deleted] modified.conffile..etc.logcheck.ignore.d.server.netconsole: [deleted] modified.conffile..etc.logcheck.ignore.d.server.nfs: [deleted] modified.conffile..etc.logcheck.ignore.d.server.nntpcache: [deleted] modified.conffile..etc.logcheck.ignore.d.server.nscd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.nslcd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.openvpn: [deleted] modified.conffile..etc.logcheck.ignore.d.server.otrs: [deleted] modified.conffile..etc.logcheck.ignore.d.server.passwd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.pdns: [deleted] modified.conffile..etc.logcheck.ignore.d.server.perdition: [deleted] modified.conffile..etc.logcheck.ignore.d.server.policyd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.popa3d: [deleted] modified.conffile..etc.logcheck.ignore.d.server.postfix: [deleted] modified.conffile..etc.logcheck.ignore.d.server.postfix.policyd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.ppp: [deleted] modified.conffile..etc.logcheck.ignore.d.server.pptpd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.procmail: [deleted] modified.conffile..etc.logcheck.ignore.d.server.proftpd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.pure.ftpd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.pureftp: [deleted] modified.conffile..etc.logcheck.ignore.d.server.qpopper: [deleted] modified.conffile..etc.logcheck.ignore.d.server.rbldnsd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.rpc.statd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.rsnapshot: [deleted] modified.conffile..etc.logcheck.ignore.d.server.rsync: [deleted] modified.conffile..etc.logcheck.ignore.d.server.sa.exim: [deleted] modified.conffile..etc.logcheck.ignore.d.server.samba: [deleted] modified.conffile..etc.logcheck.ignore.d.server.saned: [deleted] modified.conffile..etc.logcheck.ignore.d.server.sasl2.bin: [deleted] modified.conffile..etc.logcheck.ignore.d.server.saslauthd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.schroot: [deleted] modified.conffile..etc.logcheck.ignore.d.server.scponly: [deleted] modified.conffile..etc.logcheck.ignore.d.server.slapd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.smartd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.smbd.audit: [deleted] modified.conffile..etc.logcheck.ignore.d.server.smokeping: [deleted] modified.conffile..etc.logcheck.ignore.d.server.snmpd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.snort: [deleted] modified.conffile..etc.logcheck.ignore.d.server.spamc: [deleted] modified.conffile..etc.logcheck.ignore.d.server.spamd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.squid: [deleted] modified.conffile..etc.logcheck.ignore.d.server.ssh: [deleted] modified.conffile..etc.logcheck.ignore.d.server.stunnel: [deleted] modified.conffile..etc.logcheck.ignore.d.server.su: [deleted] modified.conffile..etc.logcheck.ignore.d.server.sudo: [deleted] modified.conffile..etc.logcheck.ignore.d.server.sympa: [deleted] modified.conffile..etc.logcheck.ignore.d.server.syslogd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.teapop: [deleted] modified.conffile..etc.logcheck.ignore.d.server.telnetd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.tftpd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.thy: [deleted] modified.conffile..etc.logcheck.ignore.d.server.ucd.snmp: [deleted] modified.conffile..etc.logcheck.ignore.d.server.upsd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.uptimed: [deleted] modified.conffile..etc.logcheck.ignore.d.server.userv: [deleted] modified.conffile..etc.logcheck.ignore.d.server.vsftpd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.watchdog: [deleted] modified.conffile..etc.logcheck.ignore.d.server.wu.ftpd: [deleted] modified.conffile..etc.logcheck.ignore.d.server.xinetd: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.automount: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.bind: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.bluetooth.alsa: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.bluez.utils: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.bonobo: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.dhcpcd: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.francine: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.gconf: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.gdm: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.hald: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.hcid: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.ifplugd: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.ippl: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.kdm: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.kernel: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.laptop.mode.tools: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.libmtp.runtime: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.libpam.gnome.keyring: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.logcheck: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.login: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.net.acct: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.nntpcache: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.polypaudio: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.postfix: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.ppp: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.proftpd: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.pump: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.sendfile: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.slim: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.squid: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.udev: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.wdm: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.winbind: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.wpasupplicant: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.xdm: [deleted] modified.conffile..etc.logcheck.ignore.d.workstation.xlockmore: [deleted] modified.conffile..etc.logcheck.violations.d.kernel: [deleted] modified.conffile..etc.logcheck.violations.d.logcheck: [deleted] modified.conffile..etc.logcheck.violations.d.smartd: [deleted] modified.conffile..etc.logcheck.violations.d.su: [deleted] modified.conffile..etc.logcheck.violations.d.sudo: [deleted] modified.conffile..etc.logcheck.violations.ignore.d.logcheck.su: [deleted] modified.conffile..etc.logcheck.violations.ignore.d.logcheck.sudo: [deleted]
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1357880 Title: /etc/logcheck/ignore.d.server/dhclient needs updated regex To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logcheck/+bug/1357880/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs