Bug#343226: [Logcheck-devel] Bug#343226: logcheck: Wrong 'Connection from' pattern in ignore.d.server
Jamie L. Penman-Smithson
jamie at silverdream.org
Mon Feb 13 00:38:41 UTC 2006
retitle 343226 logcheck: Wrong 'Connection from' pattern in snmpd rules
severity 337916 normal
reassign 343226 logcheck-database
merge 337916 343226
thanks
On 13 Dec 2005, at 19:31, Ingo Theiss wrote:
> logcheck reports lots (and I mean lots) of messages from snmpd in the
> following format:
>
> Dec 13 16:05:07 example snmpd[571]: Connection from UDP:
> [xxx.xxx.xxx.xxx]:33164
>
> inside ignore.d.server I found a rule that should in my opinion match
> those lines but the provided above is slightly different.
>
> please update the pattern in ignore.d.server to match the line above.
I believe this is the same issue as #337916, the following rules have
already been changed in CVS and will be included in the next release,
due in the next week or two:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from [.
0-9]{7,15}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from
UDP: \[[.0-9]{7,15}\]:[0-9]{4,5}$
Thanks,
--
-Jamie L. Penman-Smithson <jamie at silverdream.org>
t: +44 1273 424795; f: +44 1273 424795
PGP: C0A7 955E EED6 A309 23D7 863B C76A 26A3 F0DC FCA8
never send mail to: oubliette.z at gmail.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060213/72e61356/attachment.pgp
More information about the Logcheck-devel
mailing list