[Logcheck-devel] Bug#303661: marked as done (logcheck-database: openntpd rules)

Debian Bug Tracking System owner at bugs.debian.org
Tue Apr 19 21:03:19 UTC 2005 

Your message dated Tue, 19 Apr 2005 22:56:59 +0200
with message-id <20050419205659.GA308 at sputnik.stro.at>
and subject line [Logcheck-devel] Bug#303661: logcheck: Simple rule
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 7 Apr 2005 23:16:22 +0000
>From dfc at anize.org Thu Apr 07 16:16:22 2005
Return-path: <dfc at anize.org>
Received: from terminus.anize.org [69.56.216.138] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DJgEX-00020m-00; Thu, 07 Apr 2005 16:16:22 -0700
Received: from localhost (localhost [127.0.0.1])
	by terminus.anize.org (Postfix) with ESMTP id AFB68B3BB6;
	Thu,  7 Apr 2005 19:16:21 -0400 (EDT)
Received: from terminus.anize.org ([127.0.0.1])
	by localhost (terminus [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id 27651-01-4; Thu, 7 Apr 2005 19:16:21 -0400 (EDT)
Received: by terminus.anize.org (Postfix, from userid 1002)
	id 8EA4EB3BE8; Thu,  7 Apr 2005 19:16:21 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: "Douglas F. Calvert" <dfc at anize.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: logcheck-database: openntpd rules
X-Mailer: reportbug 3.9
Date: Thu, 07 Apr 2005 19:16:21 -0400
Message-Id: <20050407231621.8EA4EB3BE8 at terminus.anize.org>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at anize.org
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: logcheck-database
Version: 1.2.37
Severity: normal

Hello again,
 openntpd gives messages like these failry often:

Apr  7 14:25:55 terminus ntpd[673]: peer 204.17.42.202 now invalid
Apr  7 14:26:10 terminus ntpd[673]: peer 204.17.42.202 now valid

I am not sure if this is something that an admin may find relevant but they happen fairly often and they do not offer a lot of info 
for me. If you think they are relevant you can close this bug with no further comment. However if you like I have contributed these 
two rules:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: [.0-9]+ now valid$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: [.0-9]+ now invalid$



-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.11-exec-shield
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.47     Debian configuration management sy

-- debconf information:
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:
  logcheck-database/conffile-cleanup: false

---------------------------------------
Received: (at 303661-done) by bugs.debian.org; 19 Apr 2005 20:56:58 +0000
>From max at stro.at Tue Apr 19 13:56:57 2005
Return-path: <max at stro.at>
Received: from baikonur.stro.at [213.239.196.228] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DNzmD-0002yv-00; Tue, 19 Apr 2005 13:56:57 -0700
Received: from sputnik (stallburg.stro.at [128.131.216.190])
	by baikonur.stro.at (Postfix) with ESMTP id D1A245C001
	for <303661-done at bugs.debian.org>; Tue, 19 Apr 2005 22:56:54 +0200 (CEST)
Received: from max by sputnik with local (Exim 4.50)
	id 1DNzmF-0002mx-Up
	for 303661-done at bugs.debian.org; Tue, 19 Apr 2005 22:57:00 +0200
Date: Tue, 19 Apr 2005 22:56:59 +0200
From: maximilian attems <debian at sternwelten.at>
To: 303661-done at bugs.debian.org
Subject: Re: [Logcheck-devel] Bug#303661: logcheck: Simple rule
Message-ID: <20050419205659.GA308 at sputnik.stro.at>
References: <20050416075916.57B7F19B341 at kasbah.dyndns.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20050416075916.57B7F19B341 at kasbah.dyndns.org>
User-Agent: Mutt/1.5.6+20040907i
X-Virus-Scanned: by Amavis (ClamAV) at stro.at
Delivered-To: 303661-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

On Sat, 16 Apr 2005, Ralf Hildebrandt wrote:

> Package: logcheck
> Version: 1.2.37
> Followup-For: Bug #303661
> 
> 
> ntpd\[[0-9]+\]: peer .* now (in)?valid
> 
> adapted from the ntp-server rule
 
due to typo in debian/changelog bug didn't get closed as release
of 1.3.38.

enclosing the message below:
--
Source: logcheck
Source-Version: 1.2.38

We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:

logcheck-database_1.2.38_all.deb
  to pool/main/l/logcheck/logcheck-database_1.2.38_all.deb
logcheck_1.2.38.dsc
  to pool/main/l/logcheck/logcheck_1.2.38.dsc
logcheck_1.2.38.tar.gz
  to pool/main/l/logcheck/logcheck_1.2.38.tar.gz
logcheck_1.2.38_all.deb
  to pool/main/l/logcheck/logcheck_1.2.38_all.deb
logtail_1.2.38_all.deb
  to pool/main/l/logcheck/logtail_1.2.38_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 304978 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Monday, 18 Apr 2005 23:45:00 -0500
Source: logcheck
Binary: logcheck logtail logcheck-database
Architecture: source all
Version: 1.2.38
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org>
Changed-By: Todd Troxell <ttroxell at debian.org>
Description:
 logcheck   - Mails anomalies in the system logfiles to the administrator
 logcheck-database - A database of system log rules for the use of log checkers
 logtail    - Print log file lines that have not been read
Closes: 30088 295352 297995 302678 303176 304978
Changes:
 logcheck (1.2.38) unstable; urgency=low
 .
   maks:
   * Generalise postfix rule concerning network_biopair_interop.
   * Add rule for ntp message about valid/infalid peers. (Closes #303661)
   * Improve rules .PHONY target + add checkpo rule for the translation check.
   * Add help target to debian/rules documenting the syntax.
   jamie:
   * Add rule in violations.ignore.d/logcheck-postfix for postgrey
     (Closes: #30088)
   * Modify bind notify rule for bind 9.3.x (Closes: #303176)
   * Add various workstation kernel/udev rules for removable devices
     (Closes: #297995)
   * Modify rsync rule to match module names with '.', '-' and '_'.
     Thanks to SATOH Fumiyasu <fumiya at samba.gr.jp> for the patch
     (Closes: #295352)
   * Add nagios rule for UNKNOWN state service notification.
   * Modify postfix anvil rule for 'max connection' statistics
     messages to match smtps connections too.
   * Add new rules for policyd, a postfix policy daemon.
   * Add more postfix rules for certificate verification failure
     messages.
   * Add new rules for postfix scache (connection cache server).
   * Add rule for bind 9.3 'unexpected RCODE' messages.
   * Modify dnsmasq rule to match '/var/run/dnsmasq/resolv.conf'
     too. (Closes: #302678)
   todd:
   * Change lockfile location from /var/lock/logcheck to
     /var/lock/logcheck/logcheck (Thanks Rainer Zocholl) to avoid
     potential DoS condition. (Closes: #304978)
   * Make lockfile debug messages refer to the correct files.
   * Add note about dh_installlogcheck permissions. (See #302379)
Files:
 a040986cd3efb1bc4b4b273ed4a0e635 703 admin optional logcheck_1.2.38.dsc
 d82a1faa4198dfa7900e518f8b3581d3 94121 admin optional logcheck_1.2.38.tar.gz
 520c27384c61dc06f55a9698c42b7bbf 44576 admin optional logcheck_1.2.38_all.deb
 70e46d26fa902d29668d16f1f7186af4 61472 admin optional logcheck-database_1.2.38_all.deb
 6931679c977e9f6025ebbd4e7ccca586 27374 admin optional logtail_1.2.38_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCZH8R4u3oQ3FHP2YRAlR7AJ9f78c4NhflMsODo+Ov+/zR5bWNZACeJy+n
3OqLY4B4e4FxveJ3bkIPBUU=
=riHA
-----END PGP SIGNATURE-----

More information about the Logcheck-devel mailing list