[Logcheck-devel] Bug#296110: logcheck: ignore.d.server pure-ftpd pattern for '[NOTICE] ... uploaded' not matching
Ingo Theiss
ingo.theiss at i-matrixx.de
Sun Feb 20 20:08:07 UTC 2005
the rule you mentioned is in ignore.d.server/pure-ftpd (see next line):
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd:
\([._[:alnum:]-]+@[._[:alnum:]-]+\) \[NOTICE\] .+ (up|down)loaded
\([0-9]+ bytes, [0-9]+.[0-9]+KB/sec\)$
yes those messages showing up as 'Security Events'. permissions are ok
as far as i can say:
-rw-r----- 1 root logcheck 1285 Feb 20 09:59 pure-ftpd
i will give you the original line from syslog. maybe i stripped
something important off:
Feb 18 23:05:58 web1 pure-ftpd: (www-0004-01 at 80.140.246.12)
[NOTICE] /docroot/nfs-action.com//htdocs/guradia/plugin/net.php.smarty/libs/plugins/modifier.debug_print_var.php uploaded (1863 bytes, 9.41KB/sec)
can't figuere out why the lines are not ignored.
thanks in advice!
On Sun, 2005-02-20 at 16:55 +0000, Jamie L. Penman-Smithson wrote:
> On Sun, 2005-02-20 at 12:10 +0100, Ingo Theiss wrote:
> > the pattern in ignore.d.server pure-ftpd for '[NOTICE] ... uploaded' is
> > not matching the following message:
> >
> > Feb 18 23:06:18 example pure-ftpd: (test-9999-99 at 111.111.111.111) [NOTICE]
> > /docroot/example.com//htdocs/guradia/plugin/net.php.smarty/libs/plugins/function.assign_debug_info.php
> > uploaded (1116 bytes, 7.47KB/sec)
> >
> > maybe the double '//' is the problem.
>
> The following rule matches those messages:
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd:
> \([._[:alnum:]-]+@[._[:alnum:]-]+\) \[NOTICE\] .+ (up|down)loaded
> \([0-9]+ bytes, [0-9]+.[0-9]+KB/sec\)$
>
> It's been in logcheck since 1.2.29, since you're using 1.2.34 you
> shouldn't be seeing those messages..
>
> Make sure you've got that rule in your ignore.d.server/pure-ftpd. Are
> those messages showing up as Security Events? Are the permissions i
> ignore.d.server/pure-ftpd okay?
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050220/999c40d5/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050220/999c40d5/attachment.pgp
More information about the Logcheck-devel
mailing list