[Logcheck-commits] r1346 - in logcheck/trunk: debian
rulefiles/linux/ignore.d.server rulefiles/linux/violations.d
madduck at users.alioth.debian.org
madduck at users.alioth.debian.org
Tue Nov 14 12:28:40 CET 2006
Author: madduck
Date: 2006-11-14 12:28:40 +0100 (Tue, 14 Nov 2006)
New Revision: 1346
Modified:
logcheck/trunk/debian/changelog
logcheck/trunk/rulefiles/linux/ignore.d.server/smartd
logcheck/trunk/rulefiles/linux/violations.d/smartd
Log:
finished smartd rules; changelog reorg
Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog 2006-11-14 11:28:09 UTC (rev 1345)
+++ logcheck/trunk/debian/changelog 2006-11-14 11:28:40 UTC (rev 1346)
@@ -1,78 +1,98 @@
-logcheck (1.2.51~unreleased.1) UNRELEASED; urgency=medium
+logcheck (1.2.51~unreleased.2) UNRELEASED; urgency=medium
* medium urgency to increase the chance of making etch as per agreement with
Steve Langasek, release manager. Rationale: arch-indep and only new
regexps in this version.
+
+ * violations.d/kernel: added to elevate messages about media errors.
* ignore.d.server/kernel: ignore message about device-mapper loading.
+ * ignore.d.server/kernel: ignore startup banners by tun/tap driver.
+ * ignore.d.server/kernel: ignore startup configuration printout by sk98lin.
+ * ignore.d.server/kernel: ignore startup banner by skge driver.
+ * ignore.d.server/kernel: ignore startup messages by ipmi driver.
+ * ignore.d.server/kernel: ignore iptables bandwidth messages generated by
+ webmin bandwidth module/shorewall (closes: #397580).
+ * ignore.d.server/kernel: remove filter for iptables log messages for UDP
+ packets, which aren't generated by default.
* ignore.d.workstation/kernel: ignore messages related to pmount and USB
hotplugged storage devices.
+ * ignore.d.workstation/kernel: ignore intel8x0 (soundcard) initialisation
+ messages.
+ * ignore.d.workstation/kernel: ignore more messages related to USB hotplug.
+ * ignore.d.{workstation,server}/kernel: moved several messages to server
+ class as they also apply to servers.
+
* violations.ignore.d/logcheck-su: ignore redundant message about
authentication failure, which provides no additional information.
- * ignore.d.server/kernel, ignore.d.workstation/kernel: move messages about
- ACPI PCI interrupt remappings and disabling to server level.
- * ignore.d.workstation/kernel: ignore intel8x0 (soundcard) initialisation
- messages.
- * ignore.d.server/kernel, ignore.d.workstation/kernel: move messages about
- lack of IPv6 routers to server level.
+
* violations.ignore.d/logcheck-cron-apt: ignore redundant summary error
message about index files that failed to download.
+
* ignore.d.server/logcheck: ignore pam_unix opened and closed sessions with
empty progname (gconf mainly).
+
* ignore.d.server/pdns: added more filters to silence recent versions of
pdns (except for startup/shutdown).
+
* ignore.d.server/anacron: also ignore messages with exit status.
- * ignore.d.workstation/kernel: ignore more messages related to USB hotplug.
+
* ignore.d.server/ssh: ignore listening notices for all ports, not just 22.
- * ignore.d.server/kernel: ignore startup banners by tun/tap driver.
- * violations.d/kernel: added to elevate messages about media errors.
- * ignore.d.server/kernel: ignore startup configuration printout by sk98lin.
+
* ignore.d.server/ppp: filtering messages about connections to pppd.
+
* ignore.d.server/bluez-utils: added to filter dund connection messages.
- * ignore.d.{workstation,server}/kernel: moved several messages to server
- class as they also apply to servers.
+
+ * violations.ignore.d/postfix: ignore unsupported SSL cert purpose.
* ignore.d.server/postfix: filtering message when smtp client is greylisted.
- * ignore.d.server/kernel: ignore startup banner by skge driver.
* ignore.d.server/postfix: ignore redundant message about reload by
postfix-script as master also logs.
- * ignore.d.server/kernel: ignore startup messages by ipmi driver.
* ignore.d.server/postfix: ignore errors about virtual users not found.
- * violations.ignore.d/postfix: ignore errors about unsupported SSL cert
- purpose.
+ * ignore.d.server/postfix, violations.ignore.d: ignoring more messages about
+ rejects the admin does not care about;
+ thanks to Russ Allbery (closes: #397097).
+ * */*postfix: also ignore [-_] in local part of message-id; thanks to
+ Alexander Gerasiov (closes: #398163).
+
* ignore.d.{workstation,server}/mldonkey: moved to server category.
+
+ * ignore.d.server/dhclient: filtering send_packet messages which are purely
+ informational or redundant without any extra info.
* ignore.d.server/dhcp: updated for latest BOOTP messages.
+
* ignore.d.server/hplip: added to filter information messages from
hpiod/hpijs.
+
* ignore.d.server/xinetd: ignore messages about conf files read and services
removed, as well as startup banner.
+
* ignore.d.server/saned: ignore most messages.
+
* ignore.d.server/squid: ignore messages resulting from clients firing
unsupported request methods at the server, which may happen in situations
where transparent proxying is in use. GNUTELLA is one offendant.
- * ignore.d.server/dhclient: filtering send_packet messages which are purely
- informational or redundant without any extra info.
- * ignore.d.server/postfix, violations.ignore.d: ignoring more messages about
- rejects the admin does not care about;
- thanks to Russ Allbery (closes: #397097).
+
* ignore.d.server/proftpd: support IPv6 addresses with UseReverseDNS off;
thanks to Gregor Hermens (closes: 397466).
- * */*postfix: also ignore [-_] in local part of message-id; thanks to
- Alexander Gerasiov (closes: #398163).
+
* ignore.d.server/amandad: ignore messages with resolved hostnames instead
of IPs; thanks to Jan Evert van Grootheest (closes: #396407).
+
* ignore.d.server/courier: cleanup to match some more messages reported by
Enrique Garcia (closes: #395265).
- * ignore.d.server/kernel: ignore iptables bandwidth messages generated by
- webmin bandwidth module/shorewall (closes: #397580).
- * ignore.d.server/kernel: remove filter for iptables log messages for UDP
- packets, which aren't generated by default.
+
* [TODO] ignore.d.server/dovecot: cleanup of dovecot filters to match some
more operational messages reported by Stefan Schlesinger (closesNOTYET:
#396760).
- * [TODO] ignore.d.server/smartd, violations.d/smartd: ignore messages about
- temperature changes, but escalate those reaching limits.
- -- martin f. krafft <madduck at debian.org> Tue, 14 Nov 2006 01:42:19 +0100
+ * ignore.d.server/smartd, violations.d/smartd: ignore messages about
+ temperature changes except those that report reaching new maximum values;
+ escalate those reporting the reaching of critical limits to security
+ events.
+ * ignore.d.server/ntp: ignore debug messages from signal_no_reset.
+
+ -- martin f. krafft <madduck at debian.org> Tue, 14 Nov 2006 12:27:18 +0100
+
logcheck (1.2.50) unstable; urgency=low
* chgrp the entire /etc/logcheck tree to group logcheck if it exists during
Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/smartd
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/smartd 2006-11-14 11:28:09 UTC (rev 1345)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/smartd 2006-11-14 11:28:40 UTC (rev 1346)
@@ -10,8 +10,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, Temperature changed (-|\+)?[1-3]+ Celsius to ([0-4]?[0-9]|5[0-4]) Celsius since last report$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, did test of type L in current hour, skipping test of type S$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, initial Temperature is [[:digit:]]+ Celsius$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, Temperature changed [-+][[:digit:]] Celsius to [[:digit:]]+ Celsius \(Min/Max [[:digit:]]+/[[:digit:]]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, Temperature [[:digit:]]+ Celsius reached limit of [[:digit:]]+ Celsius \(Min/Max [[:digit:]]+/[[:digit:]]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, Temperature changed [-+][[:digit:]] Celsius to [[:digit:]]+ Celsius \(Min/Max [[:digit:]]+!?/[[:digit:]]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, opened$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, found in smartd database\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, is SMART capable\. Adding to "monitor" list\.$
Modified: logcheck/trunk/rulefiles/linux/violations.d/smartd
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.d/smartd 2006-11-14 11:28:09 UTC (rev 1345)
+++ logcheck/trunk/rulefiles/linux/violations.d/smartd 2006-11-14 11:28:40 UTC (rev 1346)
@@ -1,6 +1,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 194 Temperature_Celsius changed from [[:digit:]]+ to (([1-9][0-9]|[6-9])[0-9]|5[5-9])$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, [[:digit:]]+ Currently unreadable \(pending\) sectors$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, [[:digit:]]+ Offline uncorrectable sectors$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, Temperature changed [-+][[:digit:]] Celsius to [[:digit:]]+ Celsius \(Min/Max [[:digit:]]+/[[:digit:]]+!\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, Temperature [[:digit:]]+ Celsius reached limit of [[:digit:]]+ Celsius \(Min/Max [[:digit:]]+/[[:digit:]]+!\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, Temperature [[:digit:]]+ Celsius reached critical limit of [[:digit:]]+ Celsius \(Min/Max [[:digit:]]+/[[:digit:]]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, Temperature [[:digit:]]+ Celsius reached critical limit of [[:digit:]]+ Celsius \(Min/Max [[:digit:]]+!?/[[:digit:]]+!?\)$
More information about the Logcheck-commits
mailing list