Bug#334042: [Logcheck-devel] Bug#334042: logcheck: wishlist 2 new options
Jamie L. Penman-Smithson
jamie at silverdream.org
Fri Oct 21 15:21:32 UTC 2005
tags 334042 moreinfo
thanks
[Quoted from private reply, submitter requested that log messages were
kept private.]
On Sat, 2005-10-15 at 09:31 +0200, Paul van der Holst wrote:
> My server runs all stuff, also a mailserver (qmail + vpopmail etc). When I
> receive the update thru mail, it is full with:
> - imaplogin (LOGIN/LOGOUT)
> - spamd
> - qmail-scanner
>
> that kinda stuff I don't need to see..
These messages..
> 183 only4clans CRON: (pam_unix) session closed for user root
> 1 only4clans CRON: (pam_unix) session closed for user
> logcheck
<snip>
..are matched by rules in ignore.d.paranoid/cron:
../logcheck/rulefiles/linux/ignore.d.paranoid/cron:^\w{3} [ :0-9]{11}
[._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for
user [[:alnum:]-]+ by \(uid=[0-9]+\)$
../logcheck/rulefiles/linux/ignore.d.paranoid/cron:^\w{3} [ :0-9]{11}
[._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for
user [[:alnum:]-]+$
These messages are from SA 3.1, they'll be ignored in the next release
of logcheck (#335021):
> only4clans spamd: spamd: connection from localhost [127.0.0.1] at port
> 42461
Your proftpd messages are also matched by rules in
ignore.d.server/proftpd.
> 1 only4clans proftpd: only4clans.com (192.168.1.1[192.168.1.1]) -
> FTP session opened.
<snip>
What is your report level set to?
Run ls -al /etc/logcheck and ls -al /etc/logcheck/ignore.d.server
-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051021/da139f37/attachment.pgp
More information about the Logcheck-devel
mailing list