[Logcheck-devel] Bug#251404: marked as done (logcheck-database: rules don't match non local syslog messages)

Debian Bug Tracking System owner at bugs.debian.org
Mon Jun 7 08:48:13 UTC 2004 

Your message dated Mon, 07 Jun 2004 10:43:29 +0200
with message-id <40C42AB1.3090908 at uni-mainz.de>
and subject line Bug#251404: [Logcheck-devel] Bug#251404: logcheck-database: rules don't match non local syslog messages
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 28 May 2004 10:35:15 +0000
>From root at verwaltung.uni-mainz.de Fri May 28 03:35:15 2004
Return-path: <root at verwaltung.uni-mainz.de>
Received: from mailgate1.verwaltung.uni-mainz.de (patty.verwaltung.uni-mainz.de) [134.93.144.165] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BTehn-0000xQ-00; Fri, 28 May 2004 03:35:15 -0700
Received: from charlie.verwaltung.uni-mainz.de (charlie.verwaltung.uni-mainz.de [134.93.226.11])
	by patty.verwaltung.uni-mainz.de (8.12.11/8.12.11/Debian-3) with ESMTP id i4SAYl8L011753
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT);
	Fri, 28 May 2004 12:34:47 +0200
Received: from violet.verwaltung.uni-mainz.de (root at violet.verwaltung.uni-mainz.de [134.93.226.14])
	by charlie.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian-6.6) with ESMTP id i4SAYkPH009018
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO);
	Fri, 28 May 2004 12:34:46 +0200
Received: from violet.verwaltung.uni-mainz.de (smmsp at localhost [127.0.0.1])
	by violet.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian-6.6) with ESMTP id i4SAYghI006390;
	Fri, 28 May 2004 12:34:42 +0200
Received: (from root at localhost)
	by violet.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian-6.6) id i4SAYgWc006389;
	Fri, 28 May 2004 12:34:42 +0200
Message-Id: <200405281034.i4SAYgWc006389 at violet.verwaltung.uni-mainz.de>
From: Christoph Martin <martin at uni-mainz.de>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: logcheck-database: rules don't match non local syslog messages
X-Mailer: reportbug 1.50
Date: Fri, 28 May 2004 12:34:42 +0200
X-Virus-Scanned-From: mailgate1.verwaltung.uni-mainz.de
X-Spam-Scanned-From: mailgate1.verwaltung.uni-mainz.de
X-Scanned-By: MIMEDefang 2.41
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

Package: logcheck-database
Version: 1.2.20a
Severity: normal
Tags: patch

syslog has a "weird" feature. If a syslog deamon forwards the messages
to another host, there is one additional blank at the end of each
message on the remote host. Since most of the regex matches of
logcheck end with a $, these rules will not match non local syslog
messages. You should remove all the $ or replace them with <blank>?$.

Example patch:
--- /etc/logcheck/ignore.d.paranoid/cron~       Sun May 16 08:37:22 2004
+++ /etc/logcheck/ignore.d.paranoid/cron        Fri May 28 12:27:16 2004
@@ -1,1 +1,1 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\) CMD \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\) CMD \(.*\) ?$

Christoph



-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux violet 2.4.20 #1 SMP Fri May 2 16:13:28 MEST 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages logcheck-database depends on:
ii  debconf                       1.4.25     Debian configuration management sy
ii  debconf [debconf-2.0]         1.4.25     Debian configuration management sy


---------------------------------------
Received: (at 251404-done) by bugs.debian.org; 7 Jun 2004 08:43:45 +0000
>From martin at uni-mainz.de Mon Jun 07 01:43:45 2004
Return-path: <martin at uni-mainz.de>
Received: from mailgate1.verwaltung.uni-mainz.de (patty.verwaltung.uni-mainz.de) [134.93.144.165] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1BXFjN-00009Z-00; Mon, 07 Jun 2004 01:43:45 -0700
Received: from charlie.verwaltung.uni-mainz.de (charlie.verwaltung.uni-mainz.de [134.93.226.11])
	by patty.verwaltung.uni-mainz.de (8.12.11/8.12.11/Debian-3) with ESMTP id i578hUNj026562
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT);
	Mon, 7 Jun 2004 10:43:30 +0200
Received: from uni-mainz.de (martin at woodstock.verwaltung.uni-mainz.de [134.93.226.8])
	by charlie.verwaltung.uni-mainz.de (8.12.3/8.12.3/Debian-6.6) with ESMTP id i578hTPH020114
	(version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO);
	Mon, 7 Jun 2004 10:43:30 +0200
Message-ID: <40C42AB1.3090908 at uni-mainz.de>
Date: Mon, 07 Jun 2004 10:43:29 +0200
From: Christoph Martin <martin at uni-mainz.de>
User-Agent: Mozilla Thunderbird 0.5 (X11/20040306)
X-Accept-Language: de-de, de-at, de, en-us, en
MIME-Version: 1.0
To: maks attems <debian at sternwelten.at>
CC: 251404-done at bugs.debian.org
Subject: Re: Bug#251404: [Logcheck-devel] Bug#251404: logcheck-database: rules
 don't match non local syslog messages
References: <200405281034.i4SAYgWc006389 at violet.verwaltung.uni-mainz.de> <20040528192044.GD1659 at sputnik.stro.at> <40BF063D.90501 at uni-mainz.de> <20040603113719.GH2137 at sputnik.stro.at>
In-Reply-To: <20040603113719.GH2137 at sputnik.stro.at>
X-Enigmail-Version: 0.83.2.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: multipart/signed; micalg=pgp-sha1;
 protocol="application/pgp-signature";
 boundary="------------enigC0C396B33C006F233A77B671"
X-Virus-Scanned-From: mailgate1.verwaltung.uni-mainz.de
X-Spam-Scanned-From: mailgate1.verwaltung.uni-mainz.de
X-Scanned-By: MIMEDefang 2.41
Delivered-To: 251404-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigC0C396B33C006F233A77B671
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit



maks attems schrieb:
> ok thanks for the further clarification,
> would be nice to have that nailed down.

After some more checks it seams that it is ok. I have a lot of local
rules, so it is difficult to sort out this issue. Especially it is a
problem that remotely installed packages come with their own logcheck
rules which do not get included into the logcheck rules set.

So lets close this for now.

Christoph

-- 
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail:  Christoph.Martin at Uni-Mainz.DE
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856

--------------enigC0C396B33C006F233A77B671
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFAxCqxgeVih7XOVJcRAhvyAJ4nXsXgdFnG8OEt+EfDtfHWORq6YQCgg923
i2EYfcFmJQzY+pw7UIKXRDQ=
=KUxt
-----END PGP SIGNATURE-----

--------------enigC0C396B33C006F233A77B671--

More information about the Logcheck-devel mailing list