[Logcheck-devel] Bug#191637: marked as done (logcheck-database: no logcheck rules for qpopper-drac)
Debian Bug Tracking System
owner at bugs.debian.org
Sun May 29 05:03:03 UTC 2005
Your message dated Sun, 29 May 2005 00:47:11 -0400
with message-id <E1DcFhf-0001je-00 at newraff.debian.org>
and subject line Bug#125794: fixed in logcheck 1.2.40
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at maintonly) by bugs.debian.org; 2 May 2003 11:50:00 +0000
>From tim at wings.pelican.org Fri May 02 06:49:58 2003
Return-path: <tim at wings.pelican.org>
Received: from wings.pelican.org [194.70.50.40]
by master.debian.org with esmtp (Exim 3.12 1 (Debian))
id 19BZ0V-0007XQ-00; Fri, 02 May 2003 06:47:15 -0500
Received: by wings.pelican.org (Postfix, from userid 1000)
id E017518D02; Fri, 2 May 2003 12:43:56 +0100 (BST)
From: Tim Franklin <tim at pelican.org>
To: Debian Bug Tracking System <maintonly at bugs.debian.org>
Subject: qpopper-drac: No logcheck rulesets installed
X-Mailer: reportbug 1.50
Date: Fri, 02 May 2003 12:43:55 +0100
Message-Id: <20030502114356.E017518D02 at wings.pelican.org>
Delivered-To: maintonly at bugs.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0
tests=BAYES_01,HAS_PACKAGE
version=2.53-bugs.debian.org_2003_04_23
X-Spam-Level:
X-Spam-Checker-Version: SpamAssassin 2.53-bugs.debian.org_2003_04_23 (1.174.2.15-2003-03-30-exp)
Package: qpopper-drac
Version: 4.0.5-1
Severity: wishlist
qpopper-drac (and qpopper, as far as I can make out) don't install any
logcheck rulesets beyond the one-line
/etc/logcheck/ignore.d.paranoid/qpopper already installed as part of
logcheck-database. This results in a very large amount of reporting in
logcheck, even on a lightly-used system with a dozen or so POP3 users.
I've come up with the following files for my own use - hopefully they
will be of use to you either as-is or as a starting point for the
package. (Obviously the lines with [drac] aren't needed for vanilla
qpopper).
Regards,
Tim.
/etc/logcheck/ignore.d.server/qpopper:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.qpopper\[[0-9]+\]: connect from [._[:alnum:]-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.qpopper\[[0-9]+\]: \(v[.[:alnum:]]+\) POP login by user "[[:alnum:]]+" at \([._[:alnum:]-]+\) [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+ \[pop_log\.c:[0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.qpopper\[[0-9]+\]: \[drac\]: login by [[:alnum:]]+ from host [._[:alnum:]-]+ \([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+\) \[drac\.c:[0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.qpopper\[[0-9]+\]: \(v[.[:alnum:]]+\) Unable to get canonical name of client [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: Unknown host \(1\) \[pop_init\.c:[0-9]+\]$
/etc/logcheck/violations.ignore.d/logcheck-qpopper:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.qpopper\[[0-9]+\]: warning: \/etc\/hosts\.allow, line [0-9]+: can.t verify hostname: gethostbyname\([._[:alnum:]-]+\) failed$
-- System Information
Debian Release: testing/unstable
Architecture: i386
Kernel: Linux wings.pelican.org 2.4.19 #1 Sat Apr 19 12:12:59 BST 2003 i586
Locale: LANG=C, LC_CTYPE=C
Versions of packages qpopper-drac depends on:
ii drac 1.12-1 Dynamic Relay Authorization Contro
ii libc6 2.3.1-16 GNU C Library: Shared libraries an
ii libgdbmg1 1.7.3-27.1 GNU dbm database routines (runtime
ii libpam0g 0.76-9 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7b-2 SSL shared libraries
ii postfix [mail-transport-agent 1.1.11.0-3 A high-performance mail transport
---------------------------------------
Received: (at 125794-close) by bugs.debian.org; 29 May 2005 04:51:31 +0000
>From katie at ftp-master.debian.org Sat May 28 21:51:31 2005
Return-path: <katie at ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DcFlq-0004AY-00; Sat, 28 May 2005 21:51:30 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1DcFhf-0001je-00; Sun, 29 May 2005 00:47:11 -0400
From: Todd Troxell <ttroxell at debian.org>
To: 125794-close at bugs.debian.org
X-Katie: $Revision: 1.56 $
Subject: Bug#125794: fixed in logcheck 1.2.40
Message-Id: <E1DcFhf-0001je-00 at newraff.debian.org>
Sender: Archive Administrator <katie at ftp-master.debian.org>
Date: Sun, 29 May 2005 00:47:11 -0400
Delivered-To: 125794-close at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
Source: logcheck
Source-Version: 1.2.40
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive:
logcheck-database_1.2.40_all.deb
to pool/main/l/logcheck/logcheck-database_1.2.40_all.deb
logcheck_1.2.40.dsc
to pool/main/l/logcheck/logcheck_1.2.40.dsc
logcheck_1.2.40.tar.gz
to pool/main/l/logcheck/logcheck_1.2.40.tar.gz
logcheck_1.2.40_all.deb
to pool/main/l/logcheck/logcheck_1.2.40_all.deb
logtail_1.2.40_all.deb
to pool/main/l/logcheck/logtail_1.2.40_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 125794 at bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Todd Troxell <ttroxell at debian.org> (supplier of updated logcheck package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster at debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sunday, 29 May 2005 00:24:00 -0500
Source: logcheck
Binary: logcheck logtail logcheck-database
Architecture: source all
Version: 1.2.40
Distribution: unstable
Urgency: low
Maintainer: Debian logcheck Team <logcheck-devel at lists.alioth.debian.org>
Changed-By: Todd Troxell <ttroxell at debian.org>
Description:
logcheck - Mails anomalies in the system logfiles to the administrator
logcheck-database - A database of system log rules for the use of log checkers
logtail - Print log file lines that have not been read
Closes: 125794 191637 303661 305350 306388 306695 307588 307675 307889 308249 308800 309084 310423
Changes:
logcheck (1.2.40) unstable; urgency=low
.
jamie:
* Improve postfix rules in ignore.d.server/postfix and
violations.ignore.d/logcheck-postfix. (Closes: #305350)
* Add postfix rule for "Temporary failure in name resolution" messages.
* Add rules for policyd, add comma to throttle rule.
* Add nagios rules for PROCESS_SERVICE_CHECK_RESULT messages.
(Closes: #306695)
* Add more ntp rules for "adjusting local clock" messages. (Closes: #303661)
* Add postfix rule for "unknown SPF result" messages when using the
libspf2 patch.
* Add rule for bind 9.3 "FORMERR resolving" messages.
* Add more nagios rules for SERVICE_FLAPPING messages and
ENABLE_*_NOTIFICATIONS messages.
* Fix udev rules to match alphanumeric device names and subdirectories in
front of %k. (Closes: #307588)
* Add bind rule to suppress NSTATS messages. (Closes: #307675)
* Add nagios rule for "HOST EVENT HANDLER" messages.
* Add cyrus rules to match notifyd messages.
* Add first rule for grinch, an open relay checker for postfix.
* Set a default for FQDN and only set the value of HOSTNAME once we've read
logcheck.conf. The FQDN option now works. (Closes: #308249)
* Minor changes to innd rules. Add rule to match innfeed "Connection
refused" messages.
* Add nagios rule for ENABLE_NOTIFICATIONS messages.
* Add postfix rule to suppress "certificate has expired" messages.
* Add postfix rule for "misplaced delimiter" hostname warnings.
* Add nagios rules to match ACKNOWLEDGEMENT, ADD_SVC_COMMENT, HOST_DOWNTIME
and DISABLE_SVC_NOTIFICATIONS messages.
* Add the first rules for qpopper and qpopper-drac. (Closes: #125794,
#191637)
* Fix innd rules in violations.ignore.d/logcheck-innd for innfeed to match
"global/final seconds.." messages.
* Correct innd rule for perl filter rejection messages to match hostnames with
hyphens and underscores too.
* Adjust the anvil rule to match "max connection" messages with port 587
(submission).
* Add section to README.logcheck-database about submitting rules.
* Modify rules for dovecot to also match messages from the pop3 daemon.
(Closes: #310423)
* Minor changes to innd rules. Add rule for readclose messages.
* Add postfix rule in violations.ignore.d/logcheck-postfix to suppress
dNSNames mismatch messages.
* Add innd rule for innfeed hostChkCxns messages.
* Fix postfix rule in violations.ignore.d/logcheck-postfix to match
CommonName mis-match messages when verifying broken certs where the CN is
empty.
maks:
* Add some pppd rules for pppoatm usage.
* Fix hostname match in cvsd rules.
* Add some first preliminary iptables rules for iptables REJECT logging
ignore.d.server/kernel for UDP packets.
* Add jabberd, ssh, rsync rules from Peter Palfrader <weasel at debian.org>.
The ssh rule ignores network scanning noise (not the account brutforcing).
* Added dot to username match in scponly rule.
* Match more strictly ipv4 address in dhcpd + dhclient rules.
* Add to ignore.d.server/dhcpd initial udhcpd lines. (Closes: #306388)
* Minor additions to logcheck(8).
* Add rule for cron nss_ldap message in ignore.d.server/cron.
* Generalise kernel message no IPv6 routers present level workstation.
* Update rsync daemon rule thanks Paul Slootman <paul at debian.org>
(Closes: #308800)
* Update postfix peer verification rule match. (Closes: #307889)
* Beautify logcheck.postinst don't call dpkg --compare-versions when no $2.
* Correct proftpd rules thanks to Tilman Koschnick <til at subnetz.org>
(Closes: #309084)
todd:
* Add Eric Evans as an uploader.
Files:
a2beb31d9b0f4e68ea3d5a547e59d845 735 admin optional logcheck_1.2.40.dsc
5d551961f207686d742238091a9690c5 97252 admin optional logcheck_1.2.40.tar.gz
deb784701a1d13b4da69bd6d0f8ed7ca 46382 admin optional logcheck_1.2.40_all.deb
3ac5cdadfb09a143bd66c5a4a27639ac 64426 admin optional logcheck-database_1.2.40_all.deb
a0b8e138cbb9d5585c1ad79a3ff000f1 28726 admin optional logtail_1.2.40_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCmUXt4u3oQ3FHP2YRAqkUAKDYDcqorsem0NETNuseoz6moBQguQCgvhNq
3T0fWVOMl7Gh0vgqtAIiVCM=
=fFmU
-----END PGP SIGNATURE-----
More information about the Logcheck-devel
mailing list