[Logcheck-devel] Bug#444100: /etc/logcheck/ignore.d.server/telnetd: "connect from $X" and "ttloop: peer died: EOF"
Frédéric Brière
fbriere at fbriere.net
Wed Sep 26 03:49:44 UTC 2007
Package: logcheck
Version: 1.2.62
Severity: wishlist
Yeah, I know, I'm the only person left who's foolish enough to run
telnetd. <g> But just in case there's someone else out there, here are
two rules to weed out the boring stuff:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.telnetd\[[[:digit:]]+\]: connect from [._[:alnum:]-]+ \([:[:xdigit:].]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ telnetd\[[[:digit:]]+\]: ttloop: peer died: EOF$
(Actually, I use telnetd-ssl, but their log messages appear identical.)
The second rule occurs whenever someone connects and hangs up
afterwards, which people apparently love to do. (Maybe they're confused
by the attempt at a SSL handshake.)
BTW, a similar version of that second rule appears in ignore.d.paranoid.
It shouldn't match anything anymore if my look at telnetd's source is
correct, and I'm kind of puzzled as to what it's doing there in the
first place. Just thought you might want to know.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core)
Locale: LANG=en_CA.utf-8, LC_CTYPE=en_CA.utf-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages logcheck depends on:
ii adduser 3.105 add and remove users and groups
ii cron 3.0pl1-100 management of regular background p
ii lockfile-progs 0.1.11 Programs for locking and unlocking
ii logtail 1.2.62 Print log file lines that have not
ii mailx 1:8.1.2-0.20070424cvs-1 A simple mail user agent
ii postfix [mail-tr 2.4.5-4 High-performance mail transport ag
ii sysklogd [system 1.5-1 System Logging Daemon
Versions of packages logcheck recommends:
ii logcheck-database 1.2.62 database of system log rules for t
-- no debconf information
More information about the Logcheck-devel
mailing list