[Logcheck-devel] Bug#257874: logcheck: additional ignores for Squid
Ralf Hildebrandt
hildeb at spiderboy.charite.de
Fri Jun 25 13:24:33 UTC 2004
Package: logcheck
Version: 1.2.22a
Severity: minor
I tried adding additional rules for squid
in /etc/logcheck/ignore.d.server/squid I defined:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: sslReadServer: FD.*: read failure: \(.*\) Connection reset by peer.*$
since this is a pattern that happens to be totally irrelevant in real life use. But still my
logcheck mails show:
Security Events
=-=-=-=-=-=-=-=
Jun 25 13:04:14 spiderboy squid[17248]: sslReadServer: FD 430: read failure: (104) Connection reset by peer
Jun 25 13:04:45 spiderboy squid[17248]: sslReadServer: FD 51: read failure: (104) Connection reset by peer
Jun 25 13:14:35 spiderboy squid[17248]: sslReadServer: FD 103: read failure: (104) Connection reset by peer
Jun 25 13:20:02 spiderboy squid[17248]: sslReadServer: FD 118: read failure: (104) Connection reset by peer
Jun 25 13:22:58 spiderboy squid[17248]: sslReadServer: FD 513: read failure: (104) Connection reset by peer
Jun 25 13:23:47 spiderboy squid[17248]: sslReadServer: FD 451: read failure: (104) Connection reset by peer
Jun 25 13:24:53 spiderboy squid[17248]: sslReadServer: FD 251: read failure: (104) Connection reset by peer
Jun 25 13:25:02 spiderboy squid[17248]: sslReadServer: FD 302: read failure: (104) Connection reset by peer
Jun 25 13:25:19 spiderboy squid[17248]: sslReadServer: FD 357: read failure: (104) Connection reset by peer
Jun 25 13:25:23 spiderboy squid[17248]: sslReadServer: FD 498: read failure: (104) Connection reset by peer
But if I use:
# egrep -v -f /etc/logcheck/ignore.d.server/squid /var/log/daemon.log
Then I'm NOT getting any "Connection reset by peer" lines. I'm getting insane. Where is the mistake?
-- System Information:
Debian Release: testing/unstable
Architecture: i386 (i686)
Kernel: Linux 2.4.26
Locale: LANG=C, LC_CTYPE=C
Versions of packages logcheck depends on:
ii adduser 3.57 Add and remove users and groups
ii cron 3.0pl1-83 management of regular background p
ii debconf [debconf 1.4.28 Debian configuration management sy
ii debianutils 2.8.3 Miscellaneous utilities specific t
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logcheck-databas 1.2.22a A database of system log rules for
ii logtail 1.2.22a Print log file lines that have not
ii mailx 1:8.1.2-0.20040524cvs-1 A simple mail user agent
ii perl 5.8.4-2 Larry Wall's Practical Extraction
ii postfix-snap [ma 1.1.11-20021115-1 Postfix Mail Transport Agent - sna
ii sysklogd [system 1.4.1-14 System Logging Daemon
-- debconf information:
* logcheck/security_level: server
* logcheck/noroot:
* logcheck/manage_conffiles: true
* logcheck/changes:
* logcheck/install-note:
* logcheck/email_address: root
* logcheck/rewrite-note:
* logcheck/auto_create_logfiles: true
logcheck/upgrade-note:
More information about the Logcheck-devel
mailing list