[Logcheck-devel] Bug#809605: logcheck: dhclient rules do not match because of [pid]

Calum Mackay calum.mackay at cdmnet.org
Fri Jan 1 18:11:17 UTC 2016 

Package: logcheck
Version: 1.3.17
Severity: normal

I'm getting lines like this in logcheck emails:

Jan  1 00:03:21 getz dhclient[27185]: DHCPREQUEST of 82.27.1.1 on enp2s0 to 62.254.1.1 port 67

despite there being lines in ignore.d.server/dhclient that are clearly intended
to match it:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].-]+ to [.0-9]{7,15} port 67$

This doesn't match, clearly, since the regex doesn't take account of the [pid]
following dhclient.

an alternative regex might be:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?\[[1-9][0-9]*]: DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].-]+ to [.0-9]{7,15} port 67$  

which would need to be done for all such lines in the dhclient ignore file.


Unless, for some reason my system is syslogging the pid when it shouldn't be?


thanks much,
calum.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages logcheck depends on:
ii  adduser                                    3.113+nmu3
ii  cron                                       3.0pl1-128
ii  exim4-daemon-heavy [mail-transport-agent]  4.86-7
ii  lockfile-progs                             0.1.17
ii  logtail                                    1.3.17
ii  mime-construct                             1.11+nmu1
ii  rsyslog [system-log-daemon]                8.12.0-1

Versions of packages logcheck recommends:
ii  logcheck-database  1.3.17

Versions of packages logcheck suggests:
ii  syslog-summary  1.14-2.1

-- Configuration Files:
/etc/cron.d/logcheck changed:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
@reboot         logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
4 * * * *       logcheck    if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi

/etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles'

-- no debconf information

More information about the Logcheck-devel mailing list