Bug#257874: [Logcheck-devel] Bug#257874: logcheck: additional ignores for Squid
Eric Evans
eevans at sym-link.com
Thu Jul 8 19:21:28 UTC 2004
On Fri, Jun 25, 2004 at 03:24:33PM +0200, Ralf Hildebrandt muttered these words:
> Package: logcheck
> Version: 1.2.22a
> Severity: minor
>
> I tried adding additional rules for squid
>
> in /etc/logcheck/ignore.d.server/squid I defined:
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: sslReadServer: FD.*: read failure: \(.*\) Connection reset by peer.*$
>
> since this is a pattern that happens to be totally irrelevant in real life use. But still my
> logcheck mails show:
[ ... ]
>
> Jun 25 13:25:23 spiderboy squid[17248]: sslReadServer: FD 498: read failure: (104) Connection reset by peer
>
> But if I use:
>
> # egrep -v -f /etc/logcheck/ignore.d.server/squid /var/log/daemon.log
>
> Then I'm NOT getting any "Connection reset by peer" lines. I'm getting insane. Where is the mistake?
>
Since this output qualifies as a "violation", (see
/etc/logcheck/violations.d/logcheck), the pattern needs to be included in
a file under violations.ignore.d.
I'll add this pattern to CVS, but in the meantime you can put it into a
file in /etc/logcheck/violations.ignore.d, improve your signal-to-noise
ratio, and retain your sanity. :)
Thanks for the report.
-- Eric
> -- System Information:
> Debian Release: testing/unstable
> Architecture: i386 (i686)
> Kernel: Linux 2.4.26
> Locale: LANG=C, LC_CTYPE=C
>
> Versions of packages logcheck depends on:
> ii adduser 3.57 Add and remove users and groups
> ii cron 3.0pl1-83 management of regular background p
> ii debconf [debconf 1.4.28 Debian configuration management sy
> ii debianutils 2.8.3 Miscellaneous utilities specific t
> ii lockfile-progs 0.1.10 Programs for locking and unlocking
> ii logcheck-databas 1.2.22a A database of system log rules for
> ii logtail 1.2.22a Print log file lines that have not
> ii mailx 1:8.1.2-0.20040524cvs-1 A simple mail user agent
> ii perl 5.8.4-2 Larry Wall's Practical Extraction
> ii postfix-snap [ma 1.1.11-20021115-1 Postfix Mail Transport Agent - sna
> ii sysklogd [system 1.4.1-14 System Logging Daemon
>
> -- debconf information:
> * logcheck/security_level: server
> * logcheck/noroot:
> * logcheck/manage_conffiles: true
> * logcheck/changes:
> * logcheck/install-note:
> * logcheck/email_address: root
> * logcheck/rewrite-note:
> * logcheck/auto_create_logfiles: true
> logcheck/upgrade-note:
--
Eric Evans
eevans at sym-link.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040708/31130220/attachment.pgp
More information about the Logcheck-devel
mailing list