Bug#334042: [Logcheck-devel] Bug#334042: logcheck: wishlist 2 new options

[Jamie L. Penman-Smithson]

tags 334042 moreinfo
thanks

[Quoted from private reply, submitter requested that log messages were
kept private.]

On Sat, 2005-10-15 at 09:31 +0200, Paul van der Holst wrote:
> My server runs all stuff, also a mailserver (qmail + vpopmail etc). When I
> receive the update thru mail, it is full with:
> - imaplogin (LOGIN/LOGOUT)
> - spamd
> - qmail-scanner
> 
> that kinda stuff I don't need to see.. 

These messages..

        
>      183 only4clans CRON: (pam_unix) session closed for user root
>                1 only4clans CRON: (pam_unix) session closed for user
>         logcheck
<snip>

..are matched by rules in ignore.d.paranoid/cron:

../logcheck/rulefiles/linux/ignore.d.paranoid/cron:^\w{3} [ :0-9]{11}
[._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for
user [[:alnum:]-]+ by \(uid=[0-9]+\)$
../logcheck/rulefiles/linux/ignore.d.paranoid/cron:^\w{3} [ :0-9]{11}
[._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for
user [[:alnum:]-]+$

These messages are from SA 3.1, they'll be ignored in the next release
of logcheck (#335021):


> only4clans spamd: spamd: connection from localhost [127.0.0.1] at port
> 42461

Your proftpd messages are also matched by rules in
ignore.d.server/proftpd.


>    1 only4clans proftpd: only4clans.com (192.168.1.1[192.168.1.1]) -
> FTP session opened.
        <snip>
        
What is your report level set to?

Run ls -al /etc/logcheck and ls -al /etc/logcheck/ignore.d.server

-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051021/da139f37/attachment.pgp