[Logcheck-devel] Bug#413364: logcheck ignores cron rules for "session closed" and "session opened"
CAiRO
dev.null at gmx.net
Sun Mar 4 14:31:33 UTC 2007
Package: logcheck
Version: 1.2.54
Severity: normal
In the file ignore.d.paranoid/cron there are the rules
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session closed for user [[:alnum:]-]+$
to ignore lines like
10:17:01 at 04-03-2007 tooar CRON[6356]: (pam_unix) session opened for user root by (uid=0)
10:17:01 at 04-03-2007 tooar CRON[6356]: (pam_unix) session closed for user root
but I still get emails from logcheck with those lines.
I've tried to test the rules by doing
egrep -v -f ignore.d.paranoid/cron /var/log/messages |grep session
which correctly shows those "session opened" and "session closed" lines. So I don't know why logcheck still sends me emails with those lines. This looks like a bug to me.
-- System Information:
Debian Release: 4.0
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16tooar3
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages logcheck depends on:
ii adduser 3.102 Add and remove users and groups
ii cron 3.0pl1-100 management of regular background p
ii debconf 1.5.11 Debian configuration management sy
ii grep 2.5.1.ds2-6 GNU grep, egrep and fgrep
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logtail 1.2.54 Print log file lines that have not
ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii postfix [mail-tr 2.3.7-3 A high-performance mail transport
ii syslog-ng [syste 2.0.0-1 Next generation logging daemon
Versions of packages logcheck recommends:
ii logcheck-database 1.2.54 database of system log rules for t
-- debconf information:
* logcheck/install-note:
logcheck/changes:
More information about the Logcheck-devel
mailing list