Bug#257874: [Logcheck-devel] Bug#257874: logcheck: additional ignores for Squid

Eric Evans eevans at sym-link.com
Thu Jul 8 19:21:28 UTC 2004 

On Fri, Jun 25, 2004 at 03:24:33PM +0200, Ralf Hildebrandt muttered these words:
> Package: logcheck
> Version: 1.2.22a
> Severity: minor
> 
> I tried adding additional rules for squid
> 
> in /etc/logcheck/ignore.d.server/squid I defined:
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: sslReadServer: FD.*: read failure: \(.*\) Connection reset by peer.*$
> 
> since this is a pattern that happens to be totally irrelevant in real life use. But still my
> logcheck mails show:

[ ... ]
> 
> Jun 25 13:25:23 spiderboy squid[17248]: sslReadServer: FD 498: read failure: (104) Connection reset by peer
> 
> But if I use:
> 
> # egrep -v -f /etc/logcheck/ignore.d.server/squid /var/log/daemon.log
> 
> Then I'm NOT getting any "Connection reset by peer" lines. I'm getting insane. Where is the mistake?
> 

Since this output qualifies as a "violation", (see 
/etc/logcheck/violations.d/logcheck), the pattern needs to be included in
a file under violations.ignore.d.

I'll add this pattern to CVS, but in the meantime you can put it into a 
file in /etc/logcheck/violations.ignore.d, improve your signal-to-noise 
ratio, and retain your sanity. :)

Thanks for the report.

-- Eric

> -- System Information:
> Debian Release: testing/unstable
> Architecture: i386 (i686)
> Kernel: Linux 2.4.26
> Locale: LANG=C, LC_CTYPE=C
> 
> Versions of packages logcheck depends on:
> ii  adduser          3.57                    Add and remove users and groups
> ii  cron             3.0pl1-83               management of regular background p
> ii  debconf [debconf 1.4.28                  Debian configuration management sy
> ii  debianutils      2.8.3                   Miscellaneous utilities specific t
> ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
> ii  logcheck-databas 1.2.22a                 A database of system log rules for
> ii  logtail          1.2.22a                 Print log file lines that have not
> ii  mailx            1:8.1.2-0.20040524cvs-1 A simple mail user agent
> ii  perl             5.8.4-2                 Larry Wall's Practical Extraction 
> ii  postfix-snap [ma 1.1.11-20021115-1       Postfix Mail Transport Agent - sna
> ii  sysklogd [system 1.4.1-14                System Logging Daemon
> 
> -- debconf information:
> * logcheck/security_level: server
> * logcheck/noroot:
> * logcheck/manage_conffiles: true
> * logcheck/changes:
> * logcheck/install-note:
> * logcheck/email_address: root
> * logcheck/rewrite-note:
> * logcheck/auto_create_logfiles: true
>   logcheck/upgrade-note:

-- 
Eric Evans
eevans at sym-link.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040708/31130220/attachment.pgp

More information about the Logcheck-devel mailing list