[Logcheck-devel] Bug#450660: logcheck: acpid rules do not filter enough

arno renevier arenevier at fdn.fr
Thu Nov 8 21:11:06 UTC 2007 

Package: logcheck
Version: 1.2.63
Severity: minor
Tags: patch

Hi,
There was recently a modification to filter acpid stuffs.
But there are still things not filtered by logcheck.
When I unplugg, then plug back my battery, I get following notifications:


System Events
=-=-=-=-=-=-=
Nov  8 21:41:31 morpork acpid: received event "ac_adapter AC0 00000080 00000000"
Nov  8 21:41:31 morpork acpid: completed event "ac_adapter AC0 00000080 00000000"
Nov  8 21:41:31 morpork acpid: received event "processor CPU1 00000080 00000004"
Nov  8 21:41:31 morpork acpid: completed event "processor CPU1 00000080 00000004"
Nov  8 21:41:31 morpork acpid: received event "processor CPU1 00000081 00000000"
Nov  8 21:41:31 morpork acpid: completed event "processor CPU1 00000081 00000000"
Nov  8 21:41:31 morpork acpid: received event "battery BAT0 00000080 00000001"
Nov  8 21:41:31 morpork acpid: completed event "battery BAT0 00000080 00000001"
Nov  8 21:41:31 morpork powersave-asus_hotkey_handler[15669]: readonly EV_ID modified. Multiple invocation of helper_functions?
Nov  8 21:41:31 morpork [asus_hotkey_handler][15669]: commandline arguments: 'hotkey' 'ATKD' '00000057' '0000000c'
Nov  8 21:41:35 morpork acpid: received event "ac_adapter AC0 00000080 00000001"
Nov  8 21:41:35 morpork acpid: completed event "ac_adapter AC0 00000080 00000001"
Nov  8 21:41:35 morpork acpid: received event "processor CPU1 00000080 00000004"
Nov  8 21:41:35 morpork acpid: completed event "processor CPU1 00000080 00000004"
Nov  8 21:41:35 morpork acpid: received event "processor CPU1 00000081 00000000"
Nov  8 21:41:35 morpork acpid: completed event "processor CPU1 00000081 00000000"
Nov  8 21:41:35 morpork acpid: received event "battery BAT0 00000080 00000001"
Nov  8 21:41:35 morpork acpid: completed event "battery BAT0 00000080 00000001"
Nov  8 21:41:35 morpork powersave-asus_hotkey_handler[15687]: readonly EV_ID modified. Multiple invocation of helper_functions?
Nov  8 21:41:35 morpork [asus_hotkey_handler][15687]: commandline arguments: 'hotkey' 'ATKD' '00000058' '0000000e'

I attach a patch that removes most of those stuffs. After applying the patch,
I get the following notifications:

System Events
=-=-=-=-=-=-=
Nov  8 21:55:35 morpork powersave-asus_hotkey_handler[18782]: readonly EV_ID modified. Multiple invocation of helper_functions?
Nov  8 21:55:35 morpork [asus_hotkey_handler][18782]: commandline arguments: 'hotkey' 'ATKD' '00000057' '0000000d'
Nov  8 21:55:37 morpork powersave-asus_hotkey_handler[18810]: readonly EV_ID modified. Multiple invocation of helper_functions?
Nov  8 21:55:37 morpork [asus_hotkey_handler][18810]: commandline arguments: 'hotkey' 'ATKD' '00000058' '0000000f'


Hope that helps
arno


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.22custom
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages logcheck depends on:
ii  adduser          3.105                   add and remove users and groups
ii  cron             3.0pl1-100              management of regular background p
ii  lockfile-progs   0.1.11                  Programs for locking and unlocking
ii  logtail          1.2.63                  Print log file lines that have not
ii  mailx            1:8.1.2-0.20071017cvs-2 A simple mail user agent
ii  postfix [mail-tr 2.4.6-1                 High-performance mail transport ag
ii  sysklogd [system 1.5-1                   System Logging Daemon

Versions of packages logcheck recommends:
ii  logcheck-database             1.2.63     database of system log rules for t

-- no debconf information
-------------- next part --------------
diff --git a/rulefiles/linux/ignore.d.server/acpid b/rulefiles/linux/ignore.d.server/acpid
index faebe1e..15ee6f3 100644
--- a/rulefiles/linux/ignore.d.server/acpid
+++ b/rulefiles/linux/ignore.d.server/acpid
@@ -1,8 +1,8 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ acpid: action exited with status 0$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ acpid: [[:digit:]]+ client rule[s]{0,1} loaded$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ acpid: received event "[[:lower:]/]+ [[:upper:]]+ [[:xdigit:]]{8} [[:xdigit:]]{8}"$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ acpid: completed event "[[:lower:]/]+ [[:upper:]]+ [[:xdigit:]]{8} [[:xdigit:]]{8}"$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ acpid: received event "[[:lower:]_/]+ [[:upper:][:digit:]]+ [[:xdigit:]]{8} [[:xdigit:]]{8}"$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ acpid: completed event "[[:lower:]_/]+ [[:upper:][:digit:]]+ [[:xdigit:]]{8} [[:xdigit:]]{8}"$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ acpid: client connected from [[:digit:]]+\[[[:digit:]]+:[[:digit:]]+\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ acpid: notifying client [[:digit:]]+\[[[:digit:]]+:[[:digit:]]+\]$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ acpid: executing action "/etc/acpi/(actions/){0,1}[[:alnum:]_]+\.sh( [[:lower:]/]+( [[:upper:]]+ [[:xdigit:]]{8} [[:xdigit:]]{8}){0,1}){0,1}"$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ acpid: executing action "/etc/acpi/(actions/){0,1}[[:alnum:]_]+\.sh( [[:lower:]_/]+( [[:upper:][:digit:]]+ [[:xdigit:]]{8} [[:xdigit:]]{8}){0,1}){0,1}"$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ acpid: client has disconnected$

More information about the Logcheck-devel mailing list