[Logcheck-devel] Bug#499323: logcheck-database: Logcheck fails to ignore certain OpenVPN messages
Frédéric Brière
fbriere at fbriere.net
Tue Aug 18 19:24:39 UTC 2009
On Wed, Sep 17, 2008 at 09:44:29PM +0200, Stefan Tomanek wrote:
> * OpenVPN does not print the full path to ifconfig or route (at least here)
That was due to a defective build (2.1~rc9-1). I'm surprised that you
got a log message out of it, since people reported that the invocation
of ifconfig/route simply failed.
Well, no harm in updating that rule anyway.
> * The interface name can also contain dots
Added.
> and does not always start with "tun"
That part has already been removed in 1.3.0 (e5fe781).
> * The startup messages now gets suppressed as well
The policy is not to filter startup/shutdown messages, unless there's a
strong justification for it.
On Thu, Sep 18, 2008 at 10:22:28PM +0200, Stefan Tomanek wrote:
> I've created some additional regular expressions for use with
> logcheck and openVPN; The existing ones do not expect OpenVPN to
> log the clients name and address, which these do:
Most of these have been part of logcheck-database for years, with the
exception of:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (openvpn|ovpn-[._[:alnum:]-]+)\[[0-9]+\]: (([[:alnum:]-.]+/)?[[:digit:].]{7,15}:[[:digit:]]+ )?TLS: Username/Password authentication succeeded for username '\w+' (\[CN SET\])?$
I've therefore added this one.
--
< DanielS> still, throne of blood sounds like a movie about overfiend
and virgins or some crap
-- in #debian-devel
More information about the Logcheck-devel
mailing list