[Logcheck-devel] Bug#257874: logcheck: additional ignores for Squid

Ralf Hildebrandt hildeb at spiderboy.charite.de
Fri Jun 25 13:24:33 UTC 2004


Package: logcheck
Version: 1.2.22a
Severity: minor


I tried adding additional rules for squid

in /etc/logcheck/ignore.d.server/squid I defined:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: sslReadServer: FD.*: read failure: \(.*\) Connection reset by peer.*$

since this is a pattern that happens to be totally irrelevant in real life use. But still my
logcheck mails show:

Security Events
=-=-=-=-=-=-=-=
Jun 25 13:04:14 spiderboy squid[17248]: sslReadServer: FD 430: read failure: (104) Connection reset by peer
Jun 25 13:04:45 spiderboy squid[17248]: sslReadServer: FD 51: read failure: (104) Connection reset by peer
Jun 25 13:14:35 spiderboy squid[17248]: sslReadServer: FD 103: read failure: (104) Connection reset by peer
Jun 25 13:20:02 spiderboy squid[17248]: sslReadServer: FD 118: read failure: (104) Connection reset by peer
Jun 25 13:22:58 spiderboy squid[17248]: sslReadServer: FD 513: read failure: (104) Connection reset by peer
Jun 25 13:23:47 spiderboy squid[17248]: sslReadServer: FD 451: read failure: (104) Connection reset by peer
Jun 25 13:24:53 spiderboy squid[17248]: sslReadServer: FD 251: read failure: (104) Connection reset by peer
Jun 25 13:25:02 spiderboy squid[17248]: sslReadServer: FD 302: read failure: (104) Connection reset by peer
Jun 25 13:25:19 spiderboy squid[17248]: sslReadServer: FD 357: read failure: (104) Connection reset by peer
Jun 25 13:25:23 spiderboy squid[17248]: sslReadServer: FD 498: read failure: (104) Connection reset by peer

But if I use:

# egrep -v -f /etc/logcheck/ignore.d.server/squid /var/log/daemon.log

Then I'm NOT getting any "Connection reset by peer" lines. I'm getting insane. Where is the mistake?

-- System Information:
Debian Release: testing/unstable
Architecture: i386 (i686)
Kernel: Linux 2.4.26
Locale: LANG=C, LC_CTYPE=C

Versions of packages logcheck depends on:
ii  adduser          3.57                    Add and remove users and groups
ii  cron             3.0pl1-83               management of regular background p
ii  debconf [debconf 1.4.28                  Debian configuration management sy
ii  debianutils      2.8.3                   Miscellaneous utilities specific t
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logcheck-databas 1.2.22a                 A database of system log rules for
ii  logtail          1.2.22a                 Print log file lines that have not
ii  mailx            1:8.1.2-0.20040524cvs-1 A simple mail user agent
ii  perl             5.8.4-2                 Larry Wall's Practical Extraction 
ii  postfix-snap [ma 1.1.11-20021115-1       Postfix Mail Transport Agent - sna
ii  sysklogd [system 1.4.1-14                System Logging Daemon

-- debconf information:
* logcheck/security_level: server
* logcheck/noroot:
* logcheck/manage_conffiles: true
* logcheck/changes:
* logcheck/install-note:
* logcheck/email_address: root
* logcheck/rewrite-note:
* logcheck/auto_create_logfiles: true
  logcheck/upgrade-note:





More information about the Logcheck-devel mailing list