[Logcheck-commits] logcheck source and rules branch, master, created. 1.2.62-36-gf1dd8f3
martin f. krafft
madduck at debian.org
Wed Mar 5 08:22:32 UTC 2008
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "logcheck source and rules".
The branch, master has been created
at f1dd8f3255c8ce36cab550861aa22ebfc76153d4 (commit)
- Log -----------------------------------------------------------------
commit f1dd8f3255c8ce36cab550861aa22ebfc76153d4
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Fri Jan 25 02:02:20 2008 -0500
Adding rules for headsetd (bluetooth-alsa)
Here are rules to cover headsetd, included in bluetooth-alsa. (Despite
being a daemon, it's currently meant to be run by users, so I'm including
the start/stop messages in here.)
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit bae4d4079204d1946d05ae838b091d4dae30f35b
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 17:44:59 2008 -0500
Re-enabled :port portion of "UDPv4 link" openvpn rule
I see that this openvpn rule has been modified to no longer attach the
":port" part to "[undef]" -- probably to reflect a recent change in
openvpn. Unfortunately, the rule no longer matches in etch, thus
breaking the backport.
Here's a patch to match both versions.
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 6f1fe0eec92a029c917343d8d57fdcd1746bf2b2
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 15:52:45 2008 -0500
Added DB_NOTFOUND and "user not found" rules for sasl2-bin
These are issued when attempting to remove an inexistant user with
saslpasswd2. (Actually, DB_NOTFOUND occurs when adding a new user as
well.) The message is already displayed on the command line, no need to
repeat it one hour later.
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 6bca41fbee0560c84caf0fc185c4f17421741f7c
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 15:12:44 2008 -0500
Added "journal file does not exist" rule for bind
This line is issued when first setting up a dynamic DNS zone; BIND will
then create a journal where it will log client updates.
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit c0d7ab8fadb89ac038afd3fa2a483e88ffcea3ac
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 15:00:39 2008 -0500
Added "connection reset" rule for bind
This occurs when a peer issues a RST. There seem to be some bad DNS
servers out there; I'm getting a burst of these about once a week.
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 1f3d82d8835b26f1ce7ee386a19753481c193cd5
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 14:42:48 2008 -0500
Postfix considers that "-" can be part of a numeric hostname
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit c5c183d1db0be44b3dbeea6bd9b7eae778fc474a
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 04:29:31 2008 -0500
Added "Re-using pre-shared static key" openvpn rule
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit bb64bac5ffdbaacbdce7d98d011b9749bbdd71b2
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 03:44:46 2008 -0500
Adjusted proftpd "Data connection closed" rule to allow arbitrary usernames
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 456aef8691bbf408b7884896676ee59520bcc6a1
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 03:44:45 2008 -0500
Added "@" to proftpd "no such user" rules, to catch anonymous at foo.bar
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 4e55a1a2e40db442b2e266f6223c8626c0bca6d9
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 03:44:44 2008 -0500
Adjusted proftpd rules to catch unresolved IPv6 hosts
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 610457cd01647cbb58437b6c6f921fda6759c4c7
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 03:44:43 2008 -0500
Added "Incorrect password" proftpd rule
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit bd7efafb264f3b4ad89cb0c60ad3ef96feaeb852
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 03:19:56 2008 -0500
Forgot (also) to update violations/workstation proftpd rules for SystemLog
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 406e3e8935a3baa3f9991ce8aa4bd61e8a90e21c
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 02:30:47 2008 -0500
Adapted rules for SystemLog syntax
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit c373a432fddd77eec28f9633efe966bdf705c2da
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 02:59:35 2008 -0500
Forgot to update the last two proftpd rules to SystemLog syntax
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 4a5a6a2fb75e25091ba4d918b00f973cfda28abd
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 02:52:14 2008 -0500
Added "FTP login|session timed out" rule
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 72cf7e90df028a4d883c749e2f7d2385f4d04049
Author: Ed Santiago <ed at edsantiago.com>
Date: Fri Oct 19 11:45:59 2007 -0600
Clean up accidental duplication; hardcoded /usr/sbin is now $(BINDIR)
Signed-off-by: Ed Santiago <ed at edsantiago.com>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 0660edc5fbca6afcaddc38671d4c23e85e41eb9d
Author: Russ Allbery <rra at debian.org>
Date: Sat Feb 9 09:48:12 2008 -0800
Bug#464896: logcheck-database: ignore Postfix bad address syntax errors from postfix/error
Package: logcheck-database
Version: 1.2.63
Severity: wishlist
Tags: patch
The bad address syntax bounce message was previously logged by
postfix/qmgr, but in the current version of Postfix in lenny is
(at least sometimes) logged by postfix/error instead.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-3-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-- debconf information:
* logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
>From 83bbfbb66a8651db777a047e190e9f0c4f185ff5 Mon Sep 17 00:00:00 2001
From: Russ Allbery <rra at debian.org>
Date: Sat, 9 Feb 2008 09:38:08 -0800
Subject: [PATCH] Ignore Postfix bad address syntax errors from postfix/error
The bad address syntax bounce message was previously logged by
postfix/qmgr, but in the current version of Postfix in lenny is
(at least sometimes) logged by postfix/error instead.
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 7fbab54d328cc6be517af85dad531a6e5ddd9c03
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Wed Feb 6 02:06:36 2008 -0500
Added libpam-mount rule "realpath of volume $FOO is $BAR"
This (useless, IMO) message is issued by libpam-mount when checking whether
or not a volume is already mounted.
Since pam_mount is typically invoked by various login services (login, ssh,
xdm, etc.), it's probably best to leave this field blank instead of trying
to list them all.
Signed-off-by: martin f. krafft <madduck at debian.org>
commit a371e1930e57d3eb33ae4909bbc56b71cec5cca4
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Tue Feb 5 22:40:17 2008 -0500
Allow any error message following "SASL authentication failure" in postfix
There are nearly two dozen different possible error messages from the
various SASL modules used by postfix for authentication -- listing them
all would probably be a futile effort.
Signed-off-by: martin f. krafft <madduck at debian.org>
commit ecd2325e8f9e968e01005eb3d716bb34586ee476
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Thu Jan 24 04:16:25 2008 -0500
Added "adding an RR"/"deleting rrset" bind rules for dynamic DNS
These two messages will be issued when BIND is set up to provide dynamic
DNS, and clients update their own record via nsupdate.
Signed-off-by: Frédéric Brière <fbriere at fbriere.net>
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 373ade876a9d50dbdc7c74b4cf4bb5ca036c0bdf
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Feb 3 23:17:22 2008 -0500
Ignore PAM session messages triggered by sudo
Since version 1.6.9 (changeset 577), sudo calls pam_open_session() and
pam_close_session(). These rules were copied from logcheck-su.
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 3c7ccfe3801aed4260f54a17eb8ca48b1324fc48
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Feb 3 22:07:30 2008 -0500
Bug#445081: [PATCH] Corrected illegal regex in ignore.d.server/dspam
Signed-off-by: martin f. krafft <madduck at debian.org>
commit f220d91e714f659438291da3b59643c26b3a6fed
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Feb 3 22:00:06 2008 -0500
Bug#445073: [PATCH] Updated ssh "reverse mapping" rule to include IP address (closes: #445073)
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 856ac570f3284f6cbd02acd1f1005cfbabece351
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Feb 3 21:38:45 2008 -0500
Bug#445069: [PATCH] Added tftpd "serving file from ..." rule (closes: #445069)
Signed-off-by: martin f. krafft <madduck at debian.org>
commit a4e4f46b04ce9482b370b3a4469161d9f31769a4
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Feb 3 21:44:06 2008 -0500
Bug#445072: [PATCH] Adjused ssh "Failed password" rule to allow omitting "illegal/invalid user" (closes: #445072)
Signed-off-by: martin f. krafft <madduck at debian.org>
commit b9b500a72d99fe82f5011682443c1a655b23fd70
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Feb 3 21:36:08 2008 -0500
Bug#445046: [PATCH] Added bind's "AXFR ended" rule alongside "AXFR started" (closes: #445046)
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 287d95b1e88e22c9d086c4847e0115e541c9b9f1
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Feb 3 21:31:19 2008 -0500
Bug#445074: [PATCH] Ignore "Nasty PTR record" messages from openssh (closes: #445074)
Signed-off-by: martin f. krafft <madduck at debian.org>
commit e0351d5128e0912e3483bdd718dd58f4f0db7824
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Feb 3 21:23:34 2008 -0500
Bug#444097: [PATCH] Added two basic rules for ddclient (closes: #444097)
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 61e674bfa5dae2cd15b434654482453060b475a8
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Feb 3 21:27:38 2008 -0500
Bug#444100: [PATCH] Added basic rules for telnetd (closes: #444100)
Signed-off-by: martin f. krafft <madduck at debian.org>
commit c7064b0f860f401766174b4eeaf7a074cb77edf5
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Feb 3 21:18:19 2008 -0500
Bug#444096: [PATCH] Ignore (un)register messages from zaurus module (closes: #444096)
Signed-off-by: martin f. krafft <madduck at debian.org>
commit 1f6db8ba042855210279e46d3377333a2f00ec68
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Feb 3 21:13:29 2008 -0500
Bug#444094: [PATCH] Ignore bttv PLL messages
Signed-off-by: martin f. krafft <madduck at debian.org>
commit bcc76c4f05cdce59917c7570b6e4775b9dc2af31
Author: Frédéric Brière <fbriere at fbriere.net>
Date: Sun Feb 3 20:58:03 2008 -0500
Bug#443881: [PATCH] Moved "[bind] query $FOO denied" rule to violations.ignore.d (closes #443881)
Signed-off-by: martin f. krafft <madduck at debian.org>
commit c3bef4f8cab62dec7631d74d121cafcabed5def4
Author: martin f. krafft <madduck at debian.org>
Date: Wed Mar 5 08:48:49 2008 +0100
* Remove version from cron dependency to allow e.g. bcron-run to satisfy the
requirement.
commit 2394562ab4a13c4510c671f01ffc8f35e97f1cd3
Author: maximilian attems <maks at debian.org>
Date: Wed Nov 14 13:03:20 2007 +0100
clean up the attack file rules
they all look pretty much dubious
commit 6245546e54818e31565fe9f657bf458b17c45991
Author: martin f. krafft <madduck at debian.org>
Date: Sat Oct 6 18:14:34 2007 +0100
* Fix spelling error in configuration file; thanks to Frans "I am bored"
Pop (closes: #445537).
commit e0d00aba4b25e7f7e77876aa32ae88672a03f9cf
Author: martin f. krafft <madduck at debian.org>
Date: Sun Sep 30 15:58:57 2007 +0100
Conflict with amavisd-new (<< 1:2.5.2-1), since amavisd-new now maintains
its own filters. Thus, remove them from this package.
commit 092264d0530238d383356efe76cae0424e998842
Author: martin f. krafft <madduck at debian.org>
Date: Mon Sep 24 23:45:19 2007 +0100
- ignore all messages about unexpected RCODEs (closes: #443908).
commit 4742fc8cfed61553082b2aa9baa2218f88fd8fe7
Author: martin f. krafft <madduck at debian.org>
Date: Mon Sep 24 23:43:58 2007 +0100
- ignore messages about denied queries (closes: #443886).
commit 9b2aa1a8980b9d032c57a93537907505e0174beb
Author: martin f. krafft <madduck at debian.org>
Date: Mon Sep 24 23:42:53 2007 +0100
* ignore.d.server/acpid:
- ignore basic messages from acpid; thanks to Hanspeter Kunz for the patch
(closes: #443171).
* ignore.d.server/bind:
Thanks to Frédéric Brière for the following patches:
- ignore messages about notify without SOA (closes: #443869)
commit 566b7748b3a0c8544c9d4db7c06bd6cd324c5d93
Author: Hanspeter Kunz <hp at edelkunz.ch>
Date: Mon Sep 24 01:20:23 2007 +0200
ignore acpid clients disconnecting
- ignore messages "acpid: client has disconnected"
Signed-off-by: Hanspeter Kunz <hp at edelkunz.ch>
commit b778b1c94e5f4ef5bfc889a830280f63c45140e1
Author: martin f. krafft <madduck at debian.org>
Date: Mon Sep 24 23:36:36 2007 +0100
- duplicate some filters from ignore.d.server/postfix for when servers use
"hacker words" which cause logcheck to escalate to violations.
commit 752ce3e94a873d3f5817bef2d6aeff817c681b1a
Author: martin f. krafft <madduck at debian.org>
Date: Mon Sep 24 23:31:00 2007 +0100
ignore all commands by incron
commit fae4d1a04f2fdc899368f822841f2b0bb506be64
Author: martin f. krafft <madduck at debian.org>
Date: Mon Sep 24 23:30:07 2007 +0100
* ignore.d.server/dhclient:
- ignore message about option answers being larger than buffers.
commit 7420e54964e27356b647d4022a640dedfa028bc1
Author: martin f. krafft <madduck at debian.org>
Date: Sun Sep 23 23:44:18 2007 +0100
more basic incron filters
commit 7bcf41a3f93aca49b3e381eaba1d0e3c78fcee9b
Author: martin f. krafft <madduck at debian.org>
Date: Sun Sep 23 23:32:52 2007 +0100
ignore acpid lintian warnings
commit 0441e3c67d61d90dad3254c6438461622ad0ab96
Author: martin f. krafft <madduck at debian.org>
Date: Sun Sep 23 23:28:16 2007 +0100
- ignore smtp client failures due to lost connections during later
commands.
commit 77e60654c3fa4de0e08319f6c5ce9945e906198d
Author: martin f. krafft <madduck at debian.org>
Date: Sun Sep 23 23:26:42 2007 +0100
improve filter for messages about dovecot fixing indices
commit c2e26148d01a1a3018b3b707748076035562e3f4
Author: martin f. krafft <madduck at debian.org>
Date: Sun Sep 23 23:24:58 2007 +0100
ignore also pre-queue pipelining errors
commit 902863ce7794162f1002d9a05ce397ab6cdc001a
Author: martin f. krafft <madduck at debian.org>
Date: Sun Sep 23 23:22:29 2007 +0100
* ignore.d.server/incron:
- ignore CMD log messages.
commit 745977731ed9292e530b7c1a2c4fc6ac3a376d50
Author: martin f. krafft <madduck at debian.org>
Date: Sun Sep 23 23:19:24 2007 +0100
updated ns|mx patch from justin
commit 241f7640a372dafd3d786f898286b99e4e00e8e4
Author: martin f. krafft <madduck at debian.org>
Date: Sun Sep 23 23:17:07 2007 +0100
document rra's patch
commit d915a798871b838a2e7cc922ed32514ff855cddf
Author: Russ Allbery <rra at debian.org>
Date: Sat Sep 22 21:01:13 2007 -0700
Ignore Postfix lost connection messages w/o IP address
Ignore messages like:
Sep 22 19:05:44 windlord postfix/smtpd[17526]: lost connection after CONNECT from unknown[unknown]
with unknown as the IP address. Postfix 2.4.5 now logs these.
Signed-off-by: Russ Allbery <rra at debian.org>
commit 3b5ae69ff07933c28f735c232db0359b0ac6d8db
Author: Hanspeter Kunz <hp at edelkunz.ch>
Date: Sun Sep 23 22:15:53 2007 +0200
commit e3185559f3d244c87ad240f320a2c26b7d96d7ee
- ignore standard messages from acpid
Signed-off-by: Hanspeter Kunz <hp at edelkunz.ch>
commit b4d6cc02295cc424c2b0bb286bf044ef47cb1657
Merge: 2d29891d4078fabf59c4e53f9ede275d6e562c2a 6ac05e3943e4628f3bf362851308d3bc8a5980a7
Author: martin f. krafft <madduck at debian.org>
Date: Sat Sep 22 17:36:32 2007 +0100
resolve merge conflict of changelog
commit 2d29891d4078fabf59c4e53f9ede275d6e562c2a
Author: martin f. krafft <madduck at debian.org>
Date: Sat Sep 22 14:12:42 2007 +0100
- patch from Justin Pryzby to support postfix check_helo_(mx|ns)_access
(closes: #443185).
commit 290997d43623a84c9a1108e571fe144f0073d015
Author: martin f. krafft <madduck at debian.org>
Date: Sat Sep 22 14:10:52 2007 +0100
* ignore.d.server/postfix:
* ignore.d.server/rsync:
- patch from Justin Pryzby to update rules for 2.6.9 (closes: #443178).
commit 7417b46c52f6d8d10ed7d1e2a648363e22769750
Author: martin f. krafft <madduck at debian.org>
Date: Sat Sep 22 14:09:18 2007 +0100
* apply patch by Rolan Kruggel which allos logcheck to be configured to
attach log output, rather than inlining it (closes: #402739).
commit b2239bb1d5e4252e23c236cdb422af5934b43903
Author: martin f. krafft <madduck at debian.org>
Date: Sat Sep 22 13:54:03 2007 +0100
* make dependency on logtail versioned (>= 1.2.59; closes: #443134).
commit 8f58a905a3fe353029282b77b07429fdc0edaea9
Author: martin f. krafft <madduck at debian.org>
Date: Sat Sep 22 13:49:27 2007 +0100
remove thttpd from lintian overrides
commit 426152d36024708d61d413ffc9640ff328947245
Author: martin f. krafft <madduck at debian.org>
Date: Sat Sep 22 13:48:07 2007 +0100
* remove ignore.d.server/thttpd because thttpd package provides a better
version (closes: #441504).
* apply patch by Marc Haber to fix logtail2 when there are no archived logs
found (closes: #441388).
commit fdf83a8c1e9fb6c22651919662850c9d15099894
Author: martin f. krafft <madduck at debian.org>
Date: Sat Sep 22 13:46:17 2007 +0100
* remove ignore.d.server/thttpd because thttpd package provides a better
version (closes: #441504).
commit b1ddfad9b276c2668dde1600b69542fc0d1b21ff
Author: martin f. krafft <madduck at debian.org>
Date: Sat Sep 22 13:44:53 2007 +0100
* ignore.d.server/postfix
- ignore smtp client failures due to lost connections with relays.
commit a7554b5083fec730e8f1821328a5b74f194b9613
Author: martin f. krafft <madduck at debian.org>
Date: Sat Sep 22 13:42:54 2007 +0100
* violations.ignore.d/logcheck-postfix:
- ignore rejections due to improper SMTP command pipelining.
commit 6ac05e3943e4628f3bf362851308d3bc8a5980a7
Author: martin f. krafft <madduck at debian.org>
Date: Tue Sep 11 15:58:54 2007 +0200
* ignore.d.server/postfix:
- ignore milter-discard messages after END-OF-MESSAGE.
commit f6b7f78d3d2aba045a9ed67514c4e0b157355d9b
Author: martin f. krafft <madduck at debian.org>
Date: Tue Sep 11 14:08:58 2007 +0200
prepare first prerelease to 1.2.62
commit 41d944d985106f7e392a720abe5dab29a88f600e
Author: martin f. krafft <madduck at debian.org>
Date: Tue Sep 11 14:05:36 2007 +0200
* ignore.d.server/dovecot:
- ignore notice about dovecot fixing index files.
commit c3981084f7a5421c36f9d3a021c258f5b9ec95f9
Author: martin f. krafft <madduck at debian.org>
Date: Tue Sep 11 14:03:14 2007 +0200
- ignoring warning about milter blocking mail to suspicious recipient
addresses.
commit c540dce3899f0f1bdcdbd3e33c347ebe88b3688e
Author: martin f. krafft <madduck at debian.org>
Date: Tue Sep 11 14:00:13 2007 +0200
* violations.ignore.d/logcheck-postfix:
- fix filter for milter AV system overload.
commit 1ff6a6ac93a7548aab489f4531af3690b7936d28
Author: martin f. krafft <madduck at debian.org>
Date: Fri Sep 7 15:03:53 2007 +0200
prepare 1.2.61 release
commit 4e4aa8ca16975126ab6f608eb9def37da1a6fbd4
Author: martin f. krafft <madduck at debian.org>
Date: Fri Sep 7 15:03:43 2007 +0200
simplify pam rules a bit
commit 32bf8f024294a83cf6f5b0355ee7642f94aaad14
Merge: 30bdebbb361b1b6c30103683bce75143eac1a9f2 9960e67bfc8e1b7c0841758bbca45c454c1c4c45
Author: martin f. krafft <madduck at madduck.net>
Date: Wed Sep 5 08:49:44 2007 +0200
Merge branch 'master' of ssh://git.debian.org/git/logcheck/logcheck
commit 9960e67bfc8e1b7c0841758bbca45c454c1c4c45
Author: maximilian attems <maks at debian.org>
Date: Wed Sep 5 01:47:55 2007 +0200
logcheck: bump the version
commit 46a817abae31123a1bfd8f4ed29a90282c4e6c22
Author: maximilian attems <maks at debian.org>
Date: Wed Sep 5 01:45:28 2007 +0200
logcheck: update copyright year
as bonus kick any old unneeded cvs Id
commit 30bdebbb361b1b6c30103683bce75143eac1a9f2
Merge: aa3132031f172505421039f581842a97a33b8296 456073958f2b156d61b181b5b9a8821aac9d5cda
Author: martin f. krafft <madduck at madduck.net>
Date: Tue Sep 4 19:38:11 2007 +0200
Merge branch 'master' of ssh://git.debian.org/git/logcheck/logcheck
commit 456073958f2b156d61b181b5b9a8821aac9d5cda
Author: martin f. krafft <madduck at madduck.net>
Date: Fri Aug 31 12:57:07 2007 +0200
- ignore AV system overload warnings by milter-reject.
commit 06c931dc6c54361434c63d642cb724c894da7bec
Author: martin f. krafft <madduck at madduck.net>
Date: Fri Aug 31 12:55:38 2007 +0200
fix pdns tcp server cycling filter
commit 8d09109079ca25a25ff026bfc9227093287ea8a8
Author: martin f. krafft <madduck at madduck.net>
Date: Fri Aug 31 12:50:50 2007 +0200
- update check result rule in violations.ignore.d.
commit aa3132031f172505421039f581842a97a33b8296
Author: Aaron M. Ucko <ucko at debian.org>
Date: Thu Aug 30 13:45:09 2007 -0400
Amend filters for new (0.99+) pam format.
Signed-off-by: Aaron M. Ucko <ucko at debian.org>
commit b0265df540360cc2f2c5c341511d7a50c1e1c9a1
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 19:40:26 2007 +0200
add a default for $TMP
commit 9a2f47a33394db33c2d48302731495cfcee9035e
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 18:18:43 2007 +0200
* ignore.d.server/bind
- ignore view queries; thanks Justin Pryzby (closes: #428629).
commit fa74aa34a23d54c0e3a3204bb175f71fcf71db48
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 18:17:07 2007 +0200
Justin Pryzby (closes: #425642, #426736).
commit 3bf5869905c7d682fb354044e875d90b5fda0dc3
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 18:16:02 2007 +0200
acknowledge fjp
commit ce5388b3cce100fc8acf1b1f82b668cde857b9e3
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 18:15:44 2007 +0200
- ignore some rejections when $smtpd_delay_reject=no is set; thanks to
Justin Pryzby (closes: #425642).
commit 4fb5b227085d782a4feb3b2fd9db40e21ae7b54c
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 17:56:51 2007 +0200
- do not ignore child state K, which indicates kill and might be a problem
(closes: #436439).
commit c4b55710d3d745130f15c48df514ccd9be791b78
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 17:52:06 2007 +0200
* ignore.d.server/hylafax:
- ignore MODEM messages by FaxQueuer; thanks Remi Letot (closes: #425035).
commit d95ffeeed6f181361477f12daece3708f5a42901
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 17:49:06 2007 +0200
- ignore launch message after TCP nameserver was cycled.
commit e1fb6bbfd659530fcf12bb47803b2b54d4bbf190
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 17:47:32 2007 +0200
* ignore.d.server/pdns:
- ignore messages about invalid packet sizes received from other machines.
commit f5a92f109672f930df25dc4b865b331c0c2620a9
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 17:44:07 2007 +0200
- ignore SASL authentication failures due to empty passwords.
commit 4ac0326d0d86a72a6d5e8c799b9b07fa3964f1d5
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 17:41:13 2007 +0200
* ignore.d.server/spamd, violations.ignore.d/logcheck-spamd:
- ignore spamcop failure and success messages.
commit 925448d97d46f6ed242a9813cd7d6b751fea675e
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 17:39:09 2007 +0200
- ignore when smtpd tells us its discarding EHLO keywords
($smtpd_discard_ehlo_keyword*).
*
commit d21359a28294d7932d9479dd3d0473da2b5b4251
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 17:36:52 2007 +0200
- ignore when libc6 warns about in-addr.arpa request being answered with
a CNAME, which is not correct, but people do it and it works regardless.
commit 13aad0f4d255e957511f7664d5e3f86299ace906
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 17:35:27 2007 +0200
* ignore.d.server/postfix:
- ignore TLS library receiving SSLv3 alert 10, since it's just a broken
client connecting.
commit 66c3fb9078781b286afd3fabd9e5636782447e41
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 17:33:07 2007 +0200
- also ignore defer notices smtp gets after the DATA command.
commit d562a6e3d007aa42231d03db6d9a84b0527da4b3
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 17:29:20 2007 +0200
* violations.ignore.d/logcheck-postfix:
- ignore temporary DNS lookup failures when checking for sender MX.
commit 21e74e2064be1eb6c2a7f36262a9cba068460719
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 16:06:22 2007 +0200
* ignore.d.server/rsync:
- Ignore runtime rsyncd messages; patch by Justin Pryzby (closes: #440181)
commit f671915a84b4ccc070c573e0289ef649ad4b6ed0
Merge: edf135a0ff252645db91244e85c301e502eafe2c 2dc2c6f8ea0f6c3d6572a4328ddc1e69bbfb986b
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 08:52:19 2007 +0200
Resolve debian/changelog merge conflict
commit edf135a0ff252645db91244e85c301e502eafe2c
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 30 08:50:37 2007 +0200
* Apply filter rules for new PAM log format; thanks to Aaron M. Ucko
(closes: #440123).
commit 2dc2c6f8ea0f6c3d6572a4328ddc1e69bbfb986b
Author: martin f. krafft <madduck at madduck.net>
Date: Sat Aug 25 09:58:37 2007 +0100
document micahs patch in changelog
commit 53866d5987bc66308ab0808d72669fb0b19d4ab5
Author: Micah Anderson <micah at debian.org>
Date: Fri Aug 24 22:02:23 2007 -0400
Enable alternate temporary directory to be set in the configuration file
On servers where the logfiles are very large and grow quickly, the
logcheck processes may run into space issues in /tmp resulting in the
email such as the following to be sent:
cp: writing `/tmp/logcheck.y12449/checked': No space left on device
/usr/sbin/logcheck: line 161: cannot create temp file for here document: No space left on device
mail: /tmp/mail.RsXXXXpc2eAx: No space left on device
Null message body; hope that's ok
Followed by an empty email.
This is not good because of a few reasons:
1. /tmp fills up temporarily, other problems can result from this
2. You loose logcheck for this run
Although logcheck falls back to /var/tmp if it cannot create a directory in /tmp,
it doesn't allow the admin to set a temporary directory other than /tmp if this
condition presents itself.
The solution is simple, the attached patch adds a new configuration to
/etc/logcheck/logcheck.conf for a TMP variable, sets it to be default
what logcheck uses now (/tmp) and alters the logcheck executable to honor this
variable when set.
Signed-off-by: martin f. krafft <madduck at madduck.net>
commit 603c473374fbeecb39c84e673a595616a98a54c6
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 23 14:22:18 2007 +0200
remove empty debconf templates file
commit a086575768a9332a5743505ba9280b3fcc59f3a1
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 23 14:22:02 2007 +0200
install logtail2 manpage into proper package
commit 0853bf9029d3322bb95702e6c92673346843c62b
Author: martin f. krafft <madduck at madduck.net>
Date: Thu Aug 23 14:17:54 2007 +0200
update docs to reflect svn->git move
-----------------------------------------------------------------------
hooks/post-receive
--
logcheck source and rules
More information about the Logcheck-commits
mailing list