[Logcheck-devel] Bug#542536: logcheck: [PATCH] new ntpd rule - kernel time sync status change
Jari Aalto
jari.aalto at cante.net
Thu Aug 20 05:50:05 UTC 2009
Package: logcheck
Version: 1.2.69
Severity: wishlist
Tags: patch
Examples:
System Events
=-=-=-=-=-=-=
...
Aug 19 08:54:45 host ntpd[4008]: kernel time sync status change 4001
Aug 19 09:11:48 host ntpd[4008]: kernel time sync status change 0001
Aug 19 10:37:07 host ntpd[4008]: kernel time sync status change 4001
Aug 19 10:54:12 host ntpd[4008]: kernel time sync status change 0001
Aug 19 12:02:27 host ntpd[4008]: kernel time sync status change 4001
...
The following patch adds rule to match 'kernel time sync status change' lines.
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages logcheck depends on:
ii adduser 3.110 add and remove users and groups
ii bsd-mailx [mailx] 8.1.2-0.20081101cvs-2 A simple mail user agent
ii cron 3.0pl1-106 process scheduling daemon
ii exim4 4.69-11 metapackage to ease Exim MTA (v4)
ii exim4-daemon-light 4.69-11 lightweight Exim MTA (v4) daemon
ii lockfile-progs 0.1.13 Programs for locking and unlocking
ii logtail 1.2.69 Print log file lines that have not
ii mailx 1:20081101-2 Transitional package for mailx ren
ii sysklogd [system-l 1.5-5 System Logging Daemon
Versions of packages logcheck recommends:
ii logcheck-database 1.2.69 database of system log rules for t
Versions of packages logcheck suggests:
pn syslog-summary <none> (no description available)
-- no debconf information
-------------- next part --------------
>From f0b066f3817acaa8b1d94a4347f9b593221c8ca1 Mon Sep 17 00:00:00 2001
From: Jari Aalto <jari.aalto at cante.net>
Date: Thu, 20 Aug 2009 08:42:35 +0300
Subject: [PATCH] rulefiles/linux/ignore.d.server/ntp: add rule - kernel time sync status change
Signed-off-by: Jari Aalto <jari.aalto at cante.net>
---
rulefiles/linux/ignore.d.server/ntp | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/rulefiles/linux/ignore.d.server/ntp b/rulefiles/linux/ignore.d.server/ntp
index 21037ac..e584232 100644
--- a/rulefiles/linux/ignore.d.server/ntp
+++ b/rulefiles/linux/ignore.d.server/ntp
@@ -11,3 +11,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: too many recvbufs allocated \([0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: Listening on interface [-[:alnum:]]+, [:.[:xdigit:]]+#[[:digit:]]{1,5} (En|Dis)abled$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd(_initres)?\[[0-9]+\]: signal_no_reset: signal [[:digit:]]+ had flags [[:xdigit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time sync status change
--
1.6.3.3
More information about the Logcheck-devel
mailing list