[Logcheck-devel] Bug#686144: logcheck: ignore.d.server/imapproxy regex for LOGIN and LOGOUT lines from syslog wrong
Sven Fischer
bugreport-debian at linux4tw.de
Wed Aug 29 05:03:36 UTC 2012
Package: logcheck
Version: 1.3.13
Severity: normal
In ignore.d.server/imapproxy the first two lines (LOGIN and LOGOUT) for the regex contain double quotes. These are too much, hence the regex does not work when used with syslog.
Leaving them out, solves the problem.
example syslog entries for imapproxyd, which should match with the logcheck rules for imapproxy:
Aug 29 00:10:23 vserver1901 in.imapproxyd[22478]: LOGIN: 'info at linux44tw.de' (127.0.0.1:41773) on existing sd [10]
Aug 29 00:10:24 vserver1901 in.imapproxyd[22478]: LOGOUT: 'info at linux44tw.de' from server sd [10]
Original lines:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGOUT: '"[_[:alnum:]-]+(@[-_.[:alnum:]]+)?"' from server sd \[[0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGIN: '"[_[:alnum:]-]+(@[-_.[:alnum:]]+)?"' \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:[0-9]+\) on (existing|new) sd \[[0-9]+\]$
lines adjusted to work with the syslog entries from imapproxy:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGOUT: '[_[:alnum:]-]+(@[-_.[:alnum:]]+)?' from server sd \[[0-9]+\]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: LOGIN: '[_[:alnum:]-]+(@[-_.[:alnum:]]+)?' \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:[0-9]+\) on (existing|new) sd \[[0-9]+\]$
Two quotation marks too much in each line. That's it.
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30.2-domU-v4 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages logcheck depends on:
ii adduser 3.112+nmu2 add and remove users and groups
ii cron 3.0pl1-116 process scheduling daemon
ii lockfile-progs 0.1.15 Programs for locking and unlocking
ii logtail 1.3.13 Print log file lines that have not
ii mime-construct 1.11 construct/send MIME messages from
ii postfix [mail-transport 2.7.1-1+squeeze1 High-performance mail transport ag
ii sysklogd [system-log-da 1.5-6 System Logging Daemon
Versions of packages logcheck recommends:
ii logcheck-database 1.3.13 database of system log rules for t
Versions of packages logcheck suggests:
pn syslog-summary <none> (no description available)
-- Configuration Files:
/etc/cron.d/logcheck changed:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
@reboot logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
10 */3 * * * logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
/etc/logcheck/logcheck.conf [Errno 13] Keine Berechtigung: u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Keine Berechtigung: u'/etc/logcheck/logcheck.logfiles'
-- no debconf information
More information about the Logcheck-devel
mailing list