[Logcheck-devel] Bug#286331: marked as done (logcheck-database: Restart messages for spamd (when using rulesdujour))

Debian Bug Tracking System owner at bugs.debian.org
Thu Jan 6 13:03:22 UTC 2005 

Your message dated Thu, 6 Jan 2005 13:57:11 +0100
with message-id <20050106125711.GB2600 at stro.at>
and subject line [Logcheck-devel] Bug#286331: logcheck-database: Restart messages for spamd (when using rulesdujour)
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Dec 2004 15:41:40 +0000
>From msherman at projectile.ca Sun Dec 19 07:41:40 2004
Return-path: <msherman at projectile.ca>
Received: from mx2.magma.ca [206.191.0.250] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Cg3Bk-0005G9-00; Sun, 19 Dec 2004 07:41:40 -0800
Received: from mail1.magma.ca (mail1.magma.ca [206.191.0.252])
	by mx2.magma.ca (8.13.0/8.13.0) with ESMTP id iBJFfcOY024247
	for <submit at bugs.debian.org>; Sun, 19 Dec 2004 10:41:39 -0500
Received: from pyloric.projectile.ca (ottawa-hs-209-217-79-58.d-ip.magma.ca [209.217.79.58])
	by mail1.magma.ca (8.13.0/8.13.0) with ESMTP id iBJFfbfW020986
	(version=TLSv1/SSLv3 cipher=RC4-SHA bits=128 verify=NOT)
	for <submit at bugs.debian.org>; Sun, 19 Dec 2004 10:41:38 -0500
Received: from msherman by pyloric.projectile.ca with local (Exim 4.34)
	id 1Cg3Bh-0000sE-0e; Sun, 19 Dec 2004 10:41:37 -0500
Content-Type: multipart/mixed; boundary="===============0313246506=="
MIME-Version: 1.0
From: Marc Sherman <msherman at projectile.ca>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: logcheck-database: Restart messages for spamd (when using rulesdujour)
X-Mailer: reportbug 3.2
Date: Sun, 19 Dec 2004 10:41:36 -0500
Message-Id: <E1Cg3Bh-0000sE-0e at pyloric.projectile.ca>
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level: 

This is a multi-part MIME message sent by reportbug.

--===============0313246506==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Package: logcheck-database
Version: 1.2.31
Severity: wishlist
Tags: patch

I don't know if you want to include these rules in the logcheck-database
package; the log messages are caused by a local install at my site of
rulesdujour, which restarts spamd in the daily cron job when the
downloaded rules are updated.

The following messages are logged when this happens:
Dec 19 07:20:41 pyloric spamd[23676]: server killed by SIGTERM, shutting
down
Dec 19 07:20:43 pyloric root: spamd starting
Dec 19 07:20:58 pyloric spamd[679]: server started on port 783/tcp
(running version 2.64)

The patch is for /etc/logcheck/ignore.d.server/spamd.  I think you'll
want to make it more generic for the port/version numbers, though.

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-1-k7
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.30.10  Debian configuration management sy

-- debconf information:
  logcheck-database/conffile-cleanup: false
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note:

--===============0313246506==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="spamd.patch"

--- spamd.orig	2004-11-09 03:27:08.000000000 -0500
+++ spamd	2004-12-19 10:37:02.000000000 -0500
@@ -3,3 +3,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (checking|processing) message .* for [._[:alnum:]-]+:[0-9]+\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: clean message \([0-9.-]+/[0-9.]+\) for [._[:alnum:]-]+:[0-9]+ in [0-9.]+ seconds, [0-9]+ bytes\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: identified spam \([0-9.-]+/[0-9.]+\) for [._[:alnum:]-]+:[0-9]+ in [0-9.]+ seconds, [0-9]+ bytes\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: server killed by SIGTERM, shutting down$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: server started on port 783/tcp (running version 2.64)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ root: spamd starting$

--===============0313246506==--

---------------------------------------
Received: (at 286331-done) by bugs.debian.org; 6 Jan 2005 12:57:14 +0000
>From max at stro.at Thu Jan 06 04:57:14 2005
Return-path: <max at stro.at>
Received: from baikonur.stro.at [213.239.196.228] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1CmXCU-00069N-00; Thu, 06 Jan 2005 04:57:14 -0800
Received: from sputnik (stallburg.stro.at [128.131.216.190])
	by baikonur.stro.at (Postfix) with ESMTP id EEAB65C007
	for <286331-done at bugs.debian.org>; Thu,  6 Jan 2005 13:57:07 +0100 (CET)
Received: from max by sputnik with local (Exim 4.34)
	id 1CmXCR-0002ET-OF
	for 286331-done at bugs.debian.org; Thu, 06 Jan 2005 13:57:11 +0100
Date: Thu, 6 Jan 2005 13:57:11 +0100
From: maximilian attems <debian at sternwelten.at>
To: 286331-done at bugs.debian.org
Subject: Re: [Logcheck-devel] Bug#286331: logcheck-database: Restart messages for spamd (when using rulesdujour)
Message-ID: <20050106125711.GB2600 at stro.at>
References: <E1Cg3Bh-0000sE-0e at pyloric.projectile.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <E1Cg3Bh-0000sE-0e at pyloric.projectile.ca>
User-Agent: Mutt/1.5.6+20040907i
Sender: maximilian attems <max at stro.at>
X-Virus-Scanned: by Amavis (ClamAV) at stro.at
Delivered-To: 286331-done at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

On Sun, 19 Dec 2004, Marc Sherman wrote:

> package; the log messages are caused by a local install at my site of
> rulesdujour, which restarts spamd in the daily cron job when the
> downloaded rules are updated.
> 
> The following messages are logged when this happens:
> Dec 19 07:20:41 pyloric spamd[23676]: server killed by SIGTERM, shutting
> down
> Dec 19 07:20:43 pyloric root: spamd starting
> Dec 19 07:20:58 pyloric spamd[679]: server started on port 783/tcp
> (running version 2.64)

this looks like an "security event" which logcheck out of policy
won't filter, please include that in your local-spamd file
in /etc/logcheck/violations.ignore.d/.

thanks for your reports! current logcheck cvs will be released soon.
 
--
maks

More information about the Logcheck-devel mailing list