[Logcheck-devel] Bug#283331: marked as done (logcheck-database: changes to ignore.d.server dnsmasq and ntpdate)

Debian Bug Tracking System owner at bugs.debian.org
Tue Dec 7 16:33:35 UTC 2004 

Your message dated Tue, 07 Dec 2004 11:17:05 -0500
with message-id <E1Cbi1R-0005D4-00 at newraff.debian.org>
and subject line Bug#283331: fixed in logcheck 1.2.32
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 28 Nov 2004 08:35:32 +0000
>From NBGSWGARRYHC at spammotel.com Sun Nov 28 00:35:32 2004
Return-path: <NBGSWGARRYHC at spammotel.com>
Received: from buffy.riseup.net (mail.riseup.net) [69.90.134.155] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CYKWq-0003Vp-00; Sun, 28 Nov 2004 00:35:32 -0800
Received: from localhost (localhost [127.0.0.1])
	by mail.riseup.net (Postfix) with ESMTP id 62D7AA2DA3;
	Sun, 28 Nov 2004 00:33:59 -0800 (PST)
Received: from mail.riseup.net ([127.0.0.1])
	by localhost (buffy [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
	id 23200-18; Sun, 28 Nov 2004 00:33:59 -0800 (PST)
Received: from localhost (localhost [127.0.0.1])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.riseup.net (Postfix) with ESMTP id 358B1A2DA2;
	Sun, 28 Nov 2004 00:33:59 -0800 (PST)
Message-ID: <41A98DD3.9060504 at spammotel.com>
Date: Sun, 28 Nov 2004 00:35:31 -0800
From: bug hunter #742 <NBGSWGARRYHC at spammotel.com>
User-Agent: Mozilla Thunderbird 0.9 (Windows/20041103)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: submit at bugs.debian.org
Subject: logcheck-database: changes to ignore.d.server dnsmasq and ntpdate
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at riseup.net
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: logcheck-database
Version: 1.2.31
Severity: wishlist

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: 
(DHCPDISCOVER|DHCPOFFER|DHCPREQUEST|DHCPACK|DHCPRELEASE|DHCPINFO|BOOTP)[()[:alnum:]]+ 
[ :[:alnum:].]+$

might be more accurately:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: 
(DHCPDISCOVER|DHCPOFFER|DHCPREQUEST|DHCPACK|DHCPRELEASE|DHCPINFO|BOOTP)([[:alnum:]]+) 
[ :[:alnum:]._-]+$

To break it down:
1.
[()[:alnum:]]+
trying to match something like "(eth1)"
would more accurate:
([[:alnum:]]+)

2.
[ :[:alnum:].]+
I noticed that this didn't match computer names with underscores like 
"TEST_COM"
so this just adds underscores and dashes.  I'm not positive that's the 
best approach and I'm not sure of the need for the space and colon but 
this is the safe approach.
[ :[:alnum:]._-]+

Also I would add this line to dnsmasq as it occurs when you use dnsmasq 
as a local dns caching server (that is have 127.0.0.1 in resolve.conf):
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dnsmasq\[[[:digit:]]+\]: ignoring 
nameserver 127.0.0.1 - local interface$

Finally, I added this line for ntpdate in my setup:
ntpdate\[[0-9]+\]: step time server .* offset 0\.[0-9]+ sec
This ignores time steps that are less than 1 second which I don't 
consider a big deal and I'm not sure others would either so I submit it 
for inclusion.

---------------------------------------
Received: (at 283331-close) by bugs.debian.org; 7 Dec 2004 16:18:44 +0000
>From katie at ftp-master.debian.org Tue Dec 07 08:18:44 2004
Return-path: <katie at ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Cbi31-00016g-00; Tue, 07 Dec 2004 08:18:43 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1Cbi1R-0005D4-00; Tue, 07 Dec 2004 11:17:05 -0500
From: Todd Troxell <ttroxell at debian.org>
To: 283331-close at bugs.debian.org
X-Katie: $Revision: 1.54 $
Subject: Bug#283331: fixed in logcheck 1.2.32
Message-Id: <E1Cbi1R-0005D4-00 at newraff.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Tue, 07 Dec 2004 11:17:05 -0500
Delivered-To: 283331-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 
X-CrossAssassin-Score: 5

Source: logcheck
Source-Version: 1.2.32

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:

logcheck-database_1.2.32_all.deb
  to pool/main/l/logcheck/logcheck-database_1.2.32_all.deb
logcheck_1.2.32.dsc
  to pool/main/l/logcheck/logcheck_1.2.32.dsc
logcheck_1.2.32.tar.gz
  to pool/main/l/logcheck/logcheck_1.2.32.tar.gz
logcheck_1.2.32_all.deb
  to pool/main/l/logcheck/logcheck_1.2.32_all.deb
logtail_1.2.32_all.deb
  to pool/main/l/logcheck/logtail_1.2.32_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 283331 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tuesday, 07 Dec 2004 10:57:39 -0500
Source: logcheck
Binary: logcheck logtail logcheck-database
Architecture: source all
Version: 1.2.32
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org>
Changed-By: Todd Troxell <ttroxell at debian.org>
Description: 
 logcheck   - Mails anomalies in the system logfiles to the administrator
 logcheck-database - A database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read
Closes: 277644 281646 282378 282842 283331
Changes: 
 logcheck (1.2.32) unstable; urgency=low
 .
   maks:
   * Add rules for jabberd, openvpn, rsnapshot, saslauthd, stunnel at
     level server from Peter Palfrader <weasel at debian.org>.
   * Default reportlevel is "server", correct logcheck.conf thanks koki.
   * Fix up space in newer xdm logging.
   * Add kernel rule for dvd combi drives at level workstation.
   * Add nss_ldap rule for apache, sshd syslog line at level server.
   * Ignore also ssh disconnect from win clients on level server.
   * Have per package NEWS.Debian files, move them below debian/.
     thanks alfie for hint dh_installchangelogs(1) for multiple NEWS.Debian.
     (closes: #281646)
   * Add and fix hostname match in dnsmasq ruleset. (closes: #283331)
   * Add rules for workstation related to removable media. (closes: #277644)
   * Remove kernel rules related to tainted modules.
   * Fix sudo ignore rule for tty usage.
   * Fix gconfd rules at level workstation for newest gnome.
   alfie:
   * logtail.8: Fixed formating to be consistant, changed OPTION to -r (the
     only OPTION not mentioned yet :))
   jamie:
   * Add rules for nagios, gps.
   * Added new rules for messages from USB joystick use. (closes: #282378)
   * Fix spamd rule to match all hosts. (closes: #282842)
Files: 
 d4fa21997ef1bf4d68510ebfc73441c4 703 admin optional logcheck_1.2.32.dsc
 197466b4414f575d0cc83e04a463ae6c 87932 admin optional logcheck_1.2.32.tar.gz
 c64e2e54d5755356f498a05f38512349 41036 admin optional logcheck_1.2.32_all.deb
 b5a45bec8397a77377f7ce79cf7b5965 55280 admin optional logcheck-database_1.2.32_all.deb
 7227248dd59bf586666e9f135fc06b90 24894 admin optional logtail_1.2.32_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBtdPq4u3oQ3FHP2YRAm5dAJ90/WyJ62VxyD+w8Mxoa33LP4p5vwCeIAq3
q1vFQQfcujV9FCFcQzX5EjY=
=FALE
-----END PGP SIGNATURE-----

More information about the Logcheck-devel mailing list