[Logcheck-devel] Bug#428429: patch for stunnel rules

Jason Martens jmartens at cityofevanston.org
Mon Jun 11 16:33:06 UTC 2007 

Package: logcheck
Version: 1.2.54
Severity: normal
Tags: patch

On my system, there is no pid after stunnel in the syslog.  Attached is
a patch to make the pid optional, and add a rule to ignore ldaps
connections.

hostname:/etc/logcheck/ignore.d.server# diff stunnel stunnel.old
1,9c1,9
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: SSL_read .*: Connection reset by peer$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: .* connected from .*$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: VERIFY OK: depth=[0-9]+, .*$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: Received signal 15; terminating$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: stunnel [0-9.]+ on i386-pc-linux-gnu PTHREAD\+POLL\+IPv6\+LIBWRAP with OpenSSL [0-9a-z.]+ [0-9]{2} \w{3} [0-9]{4}$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: [0-9]+ clients allowed$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: SSL_accept: Peer suddenly disconnected$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: *Connection closed*$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: LOG5\[[0-9]+.*:[0-9]+\]: ldaps connected from [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:[0-9]+.*$
---
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: SSL_read .*: Connection reset by peer$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: .* connected from .*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: VERIFY OK: depth=[0-9]+, .*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: Received signal 15; terminating$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: stunnel [0-9.]+ on i386-pc-linux-gnu PTHREAD\+POLL\+IPv6\+LIBWRAP with OpenSSL [0-9a-z.]+ [0-9]{2} \w{3} [0-9]{4}$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: [0-9]+ clients allowed$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: SSL_accept: Peer suddenly disconnected$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: LOG5\[[:alnum:].*:[:alnum:]\]: ldaps connected from ...\....\....\....:[:alnum:].*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: *Connection closed*$

More information about the Logcheck-devel mailing list