[pkg-ntp-maintainers] Bug#822961: Bug#822961: logcheck file for ntp
Christian Ehrhardt
christian.ehrhardt at canonical.com
Fri May 6 15:20:58 UTC 2016
On Fri, May 6, 2016 at 10:16 AM, Kurt Roeckx <kurt at roeckx.be> wrote:
> On Fri, May 06, 2016 at 10:09:21AM -0500, Christian Ehrhardt wrote:
>
> I think this line shouldn't be ignored:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: receive: Unexpected
> origin timestamp from ([0-9.]{7,15}|[0-9a-fA-F:.]{4,39})
>
> But it does seem to show up more than it should.
>
> I added it as it showed up in the most basic things I did.
But you are right, we shouldn't ignore this one.
I found that it is also recommended to monitor for that line (high
frequent) for https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7705
So please feel free to just drop this line from the file.
I wonder thou why it appears in basic execution so often (well different
bug then)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-ntp-maintainers/attachments/20160506/4aa7fe00/attachment.html>
More information about the pkg-ntp-maintainers
mailing list