[Logcheck-commits] r1244 - in logcheck/trunk: debian rulefiles/linux/cracking.d rulefiles/linux/ignore.d.server rulefiles/linux/violations.d rulefiles/linux/violations.ignore.d

madduck at users.alioth.debian.org madduck at users.alioth.debian.org
Wed Oct 18 18:08:00 UTC 2006 

Author: madduck
Date: 2006-10-18 18:08:00 +0000 (Wed, 18 Oct 2006)
New Revision: 1244

Added:
   logcheck/trunk/rulefiles/linux/cracking.d/smartd
   logcheck/trunk/rulefiles/linux/violations.d/smartd
Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/debian/logcheck-database.NEWS
   logcheck/trunk/debian/logcheck-database.lintian-overrides
   logcheck/trunk/rulefiles/linux/ignore.d.server/smartd
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-smartd
Log:
* */*smartd: now filters all smartd attribute changes except for temperature
  changes to values higher than and equal to 55, and changes to the
  attributes Reallocated_Sector_Ct, Current_Pending_Sector,
  Offline_Uncorrectable, and UDMA_CRC_Error_Count. See
  /usr/share/doc/logcheck-database/NEWS.Debian.gz .

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2006-10-18 17:16:29 UTC (rev 1243)
+++ logcheck/trunk/debian/changelog	2006-10-18 18:08:00 UTC (rev 1244)
@@ -6,8 +6,13 @@
     nevertheless.
   * ignore.d.server/smartd: ignore messages smartd generates when sending
     warning mail; thanks to Elmar Hoffmann (closes: #393938).
+  * */*smartd: now filters all smartd attribute changes except for temperature
+    changes to values higher than and equal to 55, and changes to the
+    attributes Reallocated_Sector_Ct, Current_Pending_Sector,
+    Offline_Uncorrectable, and UDMA_CRC_Error_Count. See
+    /usr/share/doc/logcheck-database/NEWS.Debian.gz .
 
- -- martin f. krafft <madduck at debian.org>  Wed, 18 Oct 2006 19:12:21 +0200
+ -- martin f. krafft <madduck at debian.org>  Wed, 18 Oct 2006 19:56:29 +0200
 
 logcheck (1.2.48) unstable; urgency=low
 

Modified: logcheck/trunk/debian/logcheck-database.NEWS
===================================================================
--- logcheck/trunk/debian/logcheck-database.NEWS	2006-10-18 17:16:29 UTC (rev 1243)
+++ logcheck/trunk/debian/logcheck-database.NEWS	2006-10-18 18:08:00 UTC (rev 1244)
@@ -1,3 +1,33 @@
+logcheck-database (1.2.49) unstable; urgency=low
+
+  logcheck-database now filters all SMART attribute changes reported by
+  smartd, except for temperature changes (attribute 194) if the target value
+  is greater than or equal to 55 (these will be reported as system
+  alerts / violations.d), and changes to the following four attributes, which
+  will be reported as security alerts (cracking.d):
+
+        Reallocated_Sector_Ct
+        Current_Pending_Sector  (when > 0 only)
+        Offline_Uncorrectable   (when > 0 only)
+        UDMA_CRC_Error_Count
+
+  This decision was made based on several arguments, which have been brought
+  up as part of a mailing list discussion [0]. Among these were:
+
+  1. smartd can send warning mails and is configured to do so by default on
+     Debian.
+
+  2. attribute values are not standardised, so it is not possible to sensibly
+     filter out truly informational messages which are of no interest to the
+     administrator.
+
+  3. logcheck does not have any context information and can thus not filter
+     attributes whose values simply oscillate.
+
+  [0] http://marc.theaimsgroup.com/?t=116015459000003&r=1&w=2
+
+ -- martin f. krafft <madduck at debian.org>  Wed, 18 Oct 2006 19:57:18 +0200
+
 logcheck-database (1.1.1-8) unstable; urgency=low
 
   [This message was previously issued with debconf and has now been moved to

Modified: logcheck/trunk/debian/logcheck-database.lintian-overrides
===================================================================
--- logcheck/trunk/debian/logcheck-database.lintian-overrides	2006-10-18 17:16:29 UTC (rev 1243)
+++ logcheck/trunk/debian/logcheck-database.lintian-overrides	2006-10-18 18:08:00 UTC (rev 1244)
@@ -1,5 +1,7 @@
 logcheck-database binary: non-standard-file-perm etc/logcheck/cracking.d/logcheck 0640 != 0644
+logcheck-database binary: non-standard-file-perm etc/logcheck/cracking.d/smartd 0640 != 0644
 logcheck-database binary: non-standard-file-perm etc/logcheck/violations.d/logcheck 0640 != 0644
+logcheck-database binary: non-standard-file-perm etc/logcheck/violations.d/smartd 0640 != 0644
 logcheck-database binary: non-standard-file-perm etc/logcheck/violations.d/su 0640 != 0644
 logcheck-database binary: non-standard-file-perm etc/logcheck/violations.d/sudo 0640 != 0644
 logcheck-database binary: non-standard-file-perm etc/logcheck/violations.ignore.d/logcheck-bind 0640 != 0644

Added: logcheck/trunk/rulefiles/linux/cracking.d/smartd
===================================================================
--- logcheck/trunk/rulefiles/linux/cracking.d/smartd	                        (rev 0)
+++ logcheck/trunk/rulefiles/linux/cracking.d/smartd	2006-10-18 18:08:00 UTC (rev 1244)
@@ -0,0 +1,4 @@
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 5 Reallocated_Sector_Ct changed from [[:digit:]]+ to [[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 197 Current_Pending_Sector changed from [[:digit:]]+ to [1-9][[:digit:]]*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 198 Offline_Uncorrectable changed from [[:digit:]]+ to [1-9][[:digit:]]*$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 199 UDMA_CRC_Error_Count changed from [[:digit:]]+ to [[:digit:]]+$

Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/smartd
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/smartd	2006-10-18 17:16:29 UTC (rev 1243)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/smartd	2006-10-18 18:08:00 UTC (rev 1244)
@@ -1,7 +1,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, starting scheduled (Long|Short) Self-Test\.$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 194 Temperature_Celsius changed from ([5-9]|[1-4][0-9]|50) to ([5-9]|[1-4][0-9]|50)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 9 Power_On_Hours changed from [0-9]+ to [0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, Temperature changed (-|\+)?[1-3]+ Celsius to ([5-9]|[1-4][0-9]|50) Celsius since last report$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART (Prefailure|Usage) Attribute: [[:digit:]]+ [_[:alnum:]]+ changed from [[:digit:]]+ to [[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, Temperature changed (-|\+)?[1-3]+ Celsius to ([0-4]?[0-9]|5[0-4]) Celsius since last report$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, did test of type L in current hour, skipping test of type S$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Sending warning via [^[:space:]]+ to [^[:space:]]+ \.\.\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Warning via [^[:space:]]+ to [^[:space:]]+: successful$

Added: logcheck/trunk/rulefiles/linux/violations.d/smartd
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.d/smartd	                        (rev 0)
+++ logcheck/trunk/rulefiles/linux/violations.d/smartd	2006-10-18 18:08:00 UTC (rev 1244)
@@ -0,0 +1 @@
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 194 Temperature_Celsius changed from [[:digit:]]+ to (([1-9][0-9]|[6-9])[0-9]|5[5-9])$

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-smartd
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-smartd	2006-10-18 17:16:29 UTC (rev 1243)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-smartd	2006-10-18 18:08:00 UTC (rev 1244)
@@ -1 +1,2 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Prefailure Attribute: [[:digit:]]+ [_[:alnum:]]+ changed from [[:digit:]]+ to [[:digit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smartd\[[0-9]+\]: Device: /dev/[^[:space:]]+( \[(3ware|cciss)_disk_[[:digit:]]+\])?, SMART Usage Attribute: 194 Temperature_Celsius changed from [[:digit:]]+ to ([0-4]?[0-9]|5[0-4])$

More information about the Logcheck-commits mailing list