[Logcheck-commits] r1249 - in logcheck/trunk: debian rulefiles/linux/ignore.d.server

madduck at users.alioth.debian.org madduck at users.alioth.debian.org
Wed Oct 18 19:52:32 UTC 2006 

Author: madduck
Date: 2006-10-18 19:52:31 +0000 (Wed, 18 Oct 2006)
New Revision: 1249

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/ignore.d.server/kernel
Log:
* ignore.d.server/kernel: ignore TCP treason uncloaked messages since the
  kernel apparently knows how to handle them anyway and we're really not
  a NIDS.

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2006-10-18 19:06:07 UTC (rev 1248)
+++ logcheck/trunk/debian/changelog	2006-10-18 19:52:31 UTC (rev 1249)
@@ -15,8 +15,11 @@
     Offline_Uncorrectable, and UDMA_CRC_Error_Count. See
     /usr/share/doc/logcheck-database/NEWS.Debian.gz .
   * ignore.d.server/proftpd: ignore messages about login access limited.
+  * ignore.d.server/kernel: ignore TCP treason uncloaked messages since the
+    kernel apparently knows how to handle them anyway and we're really not
+    a NIDS.
 
- -- martin f. krafft <madduck at debian.org>  Wed, 18 Oct 2006 21:05:32 +0200
+ -- martin f. krafft <madduck at debian.org>  Wed, 18 Oct 2006 21:51:34 +0200
 
 logcheck (1.2.48) unstable; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/kernel
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/kernel	2006-10-18 19:06:07 UTC (rev 1248)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/kernel	2006-10-18 19:52:31 UTC (rev 1249)
@@ -7,3 +7,4 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: martian source 255\.255\.255\.255 from [.[:digit:]]{7,15} on dev [[:alnum:]]+$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: icmpv6_send: no reply to icmp error$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: [[:alnum:]]+: link up\.$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ kernel: TCP: Treason uncloaked! Peer [.[:digit:]]{7,15}:[[:digit:]]{1,5}/[[:digit:]]{1,5} shrinks window [[:digit:]]+:[[:digit:]]+\. Repaired\.$

More information about the Logcheck-commits mailing list