[Logcheck-devel] Bug#333456: logcheck: ignore mundane tftpd messages

toby cabot toby at caboteria.org
Tue Oct 11 23:56:36 UTC 2005 

Package: logcheck
Version: 1.2.41
Severity: wishlist


Hi, thanks for maintaining logcheck, it works quite well.  I run a
small network with some diskless nodes.  When they boot, they download
their kernels from TFTP.  Typically, I'll get two messages from
logcheck; one when the client connects, and one when they download a
file, e.g:

Oct 11 19:14:07 phoenix in.tftpd[15381]: connect from dickless.caboteria.org (192.168.1.8)
Oct 11 19:14:07 phoenix tftpd[15382]: tftpd: trying to get file: /tftpboot/lts/bzImage-2.6.4

I looked in the ignore rules for the proftpd server and it looks as if
those messages should be ignored (and I would prefer it if they were),
so I created a file called /etc/logcheck/ignore.d.server/tftpd with
the contents:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.tftpd\[[0-9]+\]: connect from [._[:alnum:]-]+ \([0-9.]{7,15}\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tftpd\[[0-9]+\]: tftpd: trying to get file: .*$

and it appears that the messages are now ignored.  Please consider adding these rules to the Debian package.

Thank you,
Toby Cabot


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.10-1-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages logcheck depends on:
ii  adduser          3.67.2                  Add and remove users and groups
ii  cron             3.0pl1-91               management of regular background p
ii  debconf [debconf 1.4.58                  Debian configuration management sy
ii  debianutils      2.14.3                  Miscellaneous utilities specific t
ii  grep             2.5.1.ds2-1             GNU grep, egrep and fgrep
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logcheck-databas 1.2.41                  database of system log rules for t
ii  logtail          1.2.41                  Print log file lines that have not
ii  mailx            1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii  postfix [mail-tr 2.2.4-1                 A high-performance mail transport 
ii  sysklogd [system 1.4.1-17                System Logging Daemon

logcheck recommends no packages.

-- debconf information:
* logcheck/noroot:
  logcheck/changes:
* logcheck/install-note:

More information about the Logcheck-devel mailing list