lp:ubuntu/gutsy/logcheck
- Get this branch:
- bzr branch lp:ubuntu/gutsy/logcheck
Branch merges
Branch information
Recent revisions
- 12. By madduck
-
* Provide $TMP and allow the administrator to specify an alternate location
to store temporary files; thanks to Micah Anderson for the patch
(closes: #412201).* ignore.
d.server/ logcheck:
- Apply filter rules for new PAM log format; thanks to Aaron M. Ucko
(closes: #440123).* ignore.
d.server/ rsync:
- Ignore runtime rsyncd messages; patch by Justin Pryzby (closes: #440181)* violations.
ignore. d/logcheck- postfix:
- ignore temporary DNS lookup failures when checking for sender MX.
- also ignore defer notices smtp gets after the DATA command.
- ignore some rejections when $smtpd_delay_reject= no is set; thanks to
Justin Pryzby (closes: #425642, #426736).* ignore.
d.server/ postfix:
- ignore TLS library receiving SSLv3 alert 10, since it's just a broken
client connecting.
- ignore when libc6 warns about in-addr.arpa request being answered with
a CNAME, which is not correct, but people do it and it works regardless.
- ignore when smtpd tells us its discarding EHLO keywords
($smtpd_discard_ ehlo_keyword* ).
- ignore SASL authentication failures due to empty passwords.
- ignore AV system overload warnings by milter-reject.* ignore.
d.server/ spamd, violations. ignore. d/logcheck- spamd:
- ignore spamcop failure and success messages.
- do not ignore child state K, which indicates kill and might be
a problem; thanks Frans Pop (closes: #436439).
- update check result rule in violations.ignore. d. * ignore.
d.server/ pdns:
- ignore messages about invalid packet sizes received from other machines.
- ignore launch message after TCP nameserver was cycled.* ignore.
d.server/ hylafax:
- ignore MODEM messages by FaxQueuer; thanks Remi Letot (closes: #425035).* ignore.
d.server/ bind
- ignore view queries; thanks Justin Pryzby (closes: #428629). - 11. By madduck
-
* Thanks to Eric Evans and Russ Allbery for their contributions.
* ignore.
d.server/ dovecot:
- ignore additional, non-conventional comment to msgid on deliver message.* ignore.
d.server/ openvpn:
- ignore messages related to tls-verify script.
- hide informational messages related to UDP.
- allow free-form tun names.
- handle multiple routes.
- ignore stuff related to tls-auth
- ignore ping-restart process respawn.* ignore.
d.server/ postfix:
- updated an anvil stats pattern to match the submission service name in
addition to port 587, (closes: #418449). Thanks Michael Shuler.
- ignore more timeout and connection refused messages (closes: #404852).
- allow more logging information in connection failure messages.
- allow any message ID for cleanup; there are too many possibilities.
- make the DSN optional in remote accept messages.
- ignore numeric hostname and DNS lookup failures.
- ignore invalid octet count errors from trivial-rewrite.
- Postfix 2.4.0 now logs as error some of the deferral messages
formerly logged as qmgr.
- Fix typo in "while performing the HELO handshake" message.
- ignore all warnings about malformed domain names in resource data of
MX/CNAME records.
- ignore warnings about numeric hostnames by valid_hostname.
- ignore notice about generated sender delivery status notification.
- filter certificate warnings for smtp and smtpd.
- ignore warnings about timed out conversations.
- filter out qmgr undeliverable warnings.
- do not hardcode column names for mysql query; thanks Andreas Beckmann.* violations.
ignore. d/logcheck- postfix:
- smtpd_peer_init is optional before DNS failure messages.
- allow conn_use information in smtp failure messages.
- add another variation on remote message acceptance.
- allow more message IDs in cleanup log messages.
- Ignore qmgr message expiration messages.* violations.
ignore. d/logcheck- ssh:
- ignore host/address mismatch messages from TCP wrappers.* ignore.
d.server/ ssh:
- also ignore backslashes in invalid/illegal user names.* ignore.
d.server/ thttpd:
- ignore stats messages.* ignore.
d.server/ spamd:
- ignore checking notice when there is no message-id ("unknown"); thanks
Fabian Fagerholm (closes: #421913).* ignore.
d.server/ teapop:
- ignore messages by POP3 server; thanks to Stephan Windmüller
(closes: #421768)* ignore.
d.server/ snort:
- ignore empty log lines; thanks to Johan Walles (closes: #413262).* ignore.d.*/kernel, violations.
ignore. d/logcheck- kernel:
- allow kernel timestamps (CONFIG_PRINTK_ TIME); thanks to Samuel Thibault
(closes: #416971).* Updated pt_BR debconf translation; thanks to Andr�� Lu��s Lopes
(closes: #421525). - 10. By madduck
-
* Actually install README.backports.gz to /usr/share/
doc/logcheck
(closes: #411021).* Make sure the logcheck group actually exists. Thanks, Jordi.
* violations.
ignore. d/logcheck- passwd:
- ignore PAM warnings on authentication failures.* violations.
ignore. d/logcheck- saslauthd: \
- ignore PAM warnings on authentication failures.* ignore.
d.server/ saned:
- ignore some more error messages.* ignore.
d.server/ hplip:
- ignore some more error messages.* violations.
d/logcheck:
- elevate messages matching /violations/i.* violations.
ignore. d/logcheck- proftpd:
- ignore warning about attempted root logins.* ignore.
d.server/ ssh:
- ignore @ in names of nonexistent accounts.* ignore.
d.server/ kernel:
- ignore more initialisation messages from SCSI subsystem.* ignore.
d.workstation/ kernel:
- ignore keyboard connection messages.* violations.
ignore. d/logcheck- postfix:
- ignore sender verification rejects after MAIL (in case they are not
delayed).
- ignore RBL rejects after successful reverse DNS resolution.
- allow extra information after message-id.
- ignore certificate verification failures due to invalid CA certs.
- ignore reject due to sender address verification against virtual table.* ignore.
d.server/ postfix:
- more policyd-weight rules by Armin Berres (closes: #410416).
- ignore messages related to RBL DNS lookup errors.
- ignore messages on successful delivery to Sendmail.
- improve filters for messages relating to deferred mail.* ignore.
d.server/ spamd:
- ignore init messages with scores in SQL (closes: #411111).* ignore.
d.server/ mldonkey- server:
- ignore BER decode errors.* ignore.
d.server/ dovecot:
- ignore disconnection due to IDLE.
- ignore connection message to db by auth-worker; thanks to Guillaume
Rischard.* ignore.
d.server/ gnu-imap4d:
- first set of rules to ignore basic messages.* debconf translation updates:
- Portuguese by Pedro Ribeiro (closes: #410734). - 9. By madduck
-
* medium urgency to increase the chance of making etch as per agreement with
Steve Langasek, release manager. Rationale: arch-indep and only new
regexps in this version.* violations.
d/kernel: added to elevate messages about media errors.
* violations.ignore. d/kernel: ignore some non-critical messages by device
drivers, such as USB stuff.
* violations.ignore. d/kernel: ignore if AGP fails to initialise on Matrox
cards.
* ignore.d.server/ kernel: ignore message about device-mapper loading.
* ignore.d.server/ kernel: ignore startup banners by tun/tap driver.
* ignore.d.server/ kernel: ignore startup configuration printout by sk98lin.
* ignore.d.server/ kernel: ignore startup banner by skge driver.
* ignore.d.server/ kernel: ignore startup messages by ipmi driver.
* ignore.d.server/ kernel: ignore iptables bandwidth messages generated by
webmin bandwidth module/shorewall (closes: #397580).
* ignore.d.server/ kernel: remove filter for iptables log messages for UDP
packets, which aren't generated by default.
* ignore.d.server/ kernel: ignore message about missing disc in drive.
* ignore.d.workstation/ kernel: ignore messages related to pmount and USB
hotplugged storage devices.
* ignore.d.workstation/ kernel: ignore intel8x0 (soundcard) initialisation
messages.
* ignore.d.workstation/ kernel: ignore more messages related to USB hotplug.
* ignore.d.workstation/ kernel: ignore message about DRM loading and
initializing.
* ignore.d.{workstation, server} /kernel: moved several messages to server
class as they also apply to servers.* violations.
ignore. d/logcheck- su: ignore redundant message about
authentication failure, which provides no additional information.* violations.
ignore. d/logcheck- cron-apt: ignore redundant summary error
message about index files that failed to download.* ignore.
d.server/ logcheck: ignore pam_unix opened and closed sessions with
empty progname (gconf mainly).* ignore.
d.server/ pdns: added more filters to silence recent versions of
pdns (except for startup/shutdown).
* ignore.d.server/ pdns: also hide IPv6-related messages and messages related
to syncing of new slave zones.* ignore.
d.server/ anacron: also ignore messages with exit status. * violations.
ignore. d/logcheck- ssh: ignore authentication error messages by
pam_unix: if there's no user name, the attempt is pathetically harmless
anyway; if there's a username, sshd logs another message with more
information.
* ignore.d.server/ ssh: ignore listening notices for all ports, not just 22. * ignore.
d.server/ ppp: filtering messages about connections to pppd. * violations.
ignore. d/logcheck- bluez-utils: ignore non-critical failure
messages about connections that failed.
* ignore.d.server/ bluez-utils: added to filter dund connection messages.
* ignore.d.workstation/ bluez-utils: add filters to ignore device connection
and disconnection, as well as startup/shutdown.* violations.
ignore. d/postfix: ignore unsupported SSL cert purpose.
* violations.ignore. d/postfix: ignore messages related to amavisd-new
banning attachments.
* ignore.d.server/ postfix: filtering message when smtp client is greylisted.
* ignore.d.server/ postfix: ignore redundant message about reload by
postfix-script as master also logs.
* ignore.d.server/ postfix: ignore errors about virtual users not found.
* ignore.d.server/ postfix, violations. ignore. d: ignoring more messages about
rejects the admin does not care about;
thanks to Russ Allbery (closes: #397097).
* */*postfix: also ignore [-_$] in local part of message-id; thanks to
Alexander Gerasiov (closes: #398163).
* ignore.d.server/ postfix: ignore messages about changed hash tables.
* ignore.d.server/ postfix: ignore summary messages when postsuper deleted
queue entries.* ignore.
d.{workstation, server} /mldonkey: moved to server category and added
some additional rules for informational status messages.* ignore.
d.server/ dhclient: filtering send_packet messages which are purely
informational or redundant without any extra info.
* ignore.d.server/ dhcp: updated for latest BOOTP messages.
* ignore.d.server/ dhcp: fixed to filter requests for unknown leases. * ignore.
d.server/ hplip: added to filter information messages from
hpiod/hpijs/hpssd. * ignore.
d.server/ xinetd: ignore messages about conf files read and services
removed, as well as startup banner.* ignore.
d.server/ saned: ignore most messages. * ignore.
d.server/ squid: ignore messages resulting from clients firing
unsupported request methods at the server, which may happen in situations
where transparent proxying is in use. GNUTELLA is one offendant.
* ignore.d.server/ squid: ignore some messages generated by squid 2.6 in
transparent mode.
* ignore.d.server/ squid: ignore messages about closed client connections due
to lifetime timeout.* ignore.
d.server/ proftpd: support IPv6 addresses with UseReverseDNS off;
thanks to Gregor Hermens (closes: 397466).
* ignore.d.server/ proftpd: ignore messages by new version of proftpd about
aborted transfers and chrooting to the root directory.
* ignore.d.server/ proftpd: ignore message about failure to bind to IPv6
sockets if protocol is not available, as IPv6 cannot be turned off it
seems (see http://bugs.proftpd. org/show_ bug.cgi? id=2817). * ignore.
d.server/ amandad: ignore messages with resolved hostnames instead
of IPs; thanks to Jan Evert van Grootheest (closes: #396407).* ignore.
d.server/ courier: cleanup to match some more messages reported by
Enrique Garcia (closes: #395265).* [TODO] ignore.
d.server/ dovecot: cleanup of dovecot filters to match some
more operational messages reported by Stefan Schlesinger (closesNOTYET:
#396760).* ignore.
d.server/ smartd, violations. d/smartd: ignore messages about
temperature changes except those that report reaching new maximum values;
escalate those reporting the reaching of critical limits to security
events.* ignore.
d.server/ ntp: ignore debug messages from signal_no_reset.
* ignore.d.server/ ntp: ignore messages about which port ntpd bound to. * ignore.
d.server/ maradns: added initial set of filters for maradns. * ignore.
d.server/ cpufreqd: added filters for startup messages about
unconfigured/missing plugins. * Added README.backports.
* Now recommends logcheck-database of at least the current verson (>=
instead of =). - 8. By madduck
-
* chgrp the entire /etc/logcheck tree to group logcheck if it exists during
logcheck-database' s configuration (closes: #391665).
* ignore.d.server/ cron-apt: also ignore Get messages with dots in the
component name (local repos).
* ignore.d.server/ postfix, violations. ignore. d/logcheck- postfix: ignore
redundant messages about missing maildirs (closes: #354821).
* ignore.d.server/ ppp: ignore messages about modem hangups due to remote
connection drops. You're not going to see these anyway if pppd does your
connection, and there will be plenty other messages alerting you to the
lack of connectivity.
* ignore.d.server/ dhcp: ignore message about leased addresses which respond
to ping requests.
* ignore.d.workstation/ mldonkey: added file to ignore pretty much
everything. - 7. By madduck
-
* ignore.
d.server/ ssh: fixed regression related to "Did not receive
identification string" warning. Sorry about that (closes: #377276).
* ignore.d.server/ ssh, violations. ignore. d/logcheck- ssh: extended the regexp
matching usernames to anything non-whitespace in filters about nonexistent
users -- today someone tried to log in as '!@#$%^&*()_+' here!
* ignore.d.server/ pdns: ignoring warnings about overly large packets, or
packates otherwise of the wrong size.
* ignore.d.server/ cron-apt: fixing rules wrt sarge and cleaning up.
* ignore.d.server/ dovecot: fixing filter for dovecot 1.0 logins by removing
the space at the end of the line. Gargh!
* We're now maintaining logcheck in SVN. See README.Debian file (which also
received other minor updates). - 6. By Todd Troxell
-
[ Todd Troxell ]
* Increment version[ Jamie Penman-Smithson ]
* ignore.d.server/ smartd: Add rule to match normal temperature changes.
* violations.ignore. d/logcheck- sudo: Ignore invocation of sudoedit too.
Thanks to Jan Braun <email address hidden>. (Closes: #360120)
* ignore.d.server/ dhcp: Match new DHCP log format with IPv6 addresses.
(Closes: #369603)
* violations.ignore. d/logcheck- ssh: Match new log format in openssh
4.3. (Closes: #369497)
* ignore.d.server/ oidentd: Match IPv6 addresses too. Thanks to
Elmar Hoffmann <email address hidden> for the patch. (Closes: #369294)
* ignore.d.server/ oidentd: Remove superfluous rule for connections from
localhost.
* ignore.d.server/ pdns: Ignore 'Refreshed n records' messages.
(Closes: #369263)
* ignore.d.server/ smartd: Minor change to rule for "Temperature changed"
messages.
* ignore.d.server/ xinetd: Add the first rules for xinetd.
* ignore.d.server/ smartd: Merge two rules for self-test messages into one.
(Closes: #368878)
* ignore.d.server/ saslauthd: Add rule to suppress 'client step' messages.
(Closes: #368652)
* violations.ignore. d/logcheck- postfix: Update rules for postgrey.
(Closes: #368318)
* violations.ignore. d/logcheck- postfix: Add rule to suppress smtpd '554
Access denied' messages. (Closes: #368313)
* ignore.d.server/ postfix: Fix rule to really match 'read timeout' messages.
(Closes: #367781)
* ignore.d.server/ spamd: Merge in rules from the spamassassin package.
(Closes: #366364)
* Minor changes to usage summary and explanation of FQDN option.
(Closes: #365565)
* ignore.d.server/ dkfilter: Minor fix to rules for dkfilter.out.
Match 'wrong sender domain' messages from dkfilter.out.
* ignore.d.workstation/ anacron: Move to ignore.d.server. (Closes: #368900) [ maximilian attems ]
* ignore.d.server/ dovecot: Add rule for aborted logins.
* ignore.d.workstation/ kdm: Ignore kdm-greeter logline.
* ignore.d.server/ nagios: Improve existing rules, add newer for service
flapping and ping logging.
* ignore.d.server/ sympa: Add impressive ruleset on common ml operations.
* ignore.d.server/ stunnel: New rules.
* ignore.d.server/ squid: Add 2 rules for cachemgr.
* ignore.d.server/ rsync: Add 2 rules for common rsyncd failures.
* ignore.d.server/ rsnapshot: Add 2 rules for casual rsnapshort warnings.
* ignore.d.server/ proftpd: Add 3 rules about usual ftpd operations.
* ignore.d.server/ ntp: Ignore to many recvbufs.
Thanks to all the above rules to Peter Palfrader <email address hidden>.
* ignore.d.workstation/ kernel: Add rules to reduce noise on swsusp.
* debian/logcheck. postinst: Remove old check against woody version
removing /var/cache/logcheck.
* debian/logcheck- database. preinst, debian/ logcheck- database. postinst:
Remove checks against old woody symlinkfarm.
* debian/logtail. preinst: Remove old dpkg-divert handling.
* debian/control: Remove useless versioned depends on debianutils and
po-debconf. Versions are satisfied on Sarge.
* debian/control: Conform to policy 3.7.2 without changes.
* ignore.d.server/ dhcp: Properly escape dots. [ Gerfried Fuchs ]
* debian/control: move debhelper dependency to Build-Depends due to policy
requirements.[ martin f. krafft ]
* ignore.d.server/ cron: added rules to ignore begin/end of crontab
edits (closes: #356681).
* ignore.d.server/ cron: added crontab-specific lines from
ignore.d.workstation/ cron (and removed them there).
* ignore.d.*/cron- apt: moved cron-apt rules from workstation to server.
* ignore.d.server/ dhclient: even 3.0 sleeps when no lease in persistent
database.
* ignore.d.workstation/ dovecot: Added/updated dovecot 1.0 rules.
* ignore.d.server/ kernel: added rules to ignore martian, ll header, and
icmpv6_send warnings.
* ignore.d.server/ pdns: added many rules for standard pdns operational
messages.
* violations.ignore. d/logcheck- pdns: ignore denied AXFR requests.
* ignore.d.server/ postfix: ignoring cleanup header_checks REPLACE messages
(closes: #376489).
* ignore.d.server/ postfix: extending rule for "too many errors" to cover all
SMTP commands (closes: #376472).
* ignore.d.server/ postfix: ignoring dNSNames complaints (closes: #376469,
and parts of 369487).
* ignore.d.server/ postfix: ignoring bounce message about sender non-delivery
notification.
* violations.ignore. d/logcheck- postfix: ignore invalid SASL logins, PAM
will complain with more details (closes: #369487).
* violations.ignore. d/logcheck- postfix: ignore HELO access check rejections
(closes: #376968).
* ignore.d.[ws]*/ppp: adding/updating rules to ignore informational
messages.
* ignore.d.server/ proftpd: adding ANON command to successful login rule and
noticing that the other rule of the bug has already been fixed
(closes: #372541).
* ignore.d.server/ proftpd: ignoring logins with unknown users.
* ignore.d.workstation/ proftpd: ignore reaching maximum number of login
attempts.
* ignore.d.server/ smartd: don't be so selective about temperature filtering
(closes: #355085).
* ignore.d.server/ smartd, violations. ignore. d/logcheck- smartd: ignore usage
and prefailure attribute changes given that smartd will send separate mail
when things go bad anyway.
* ignore.d.server/ spamd: fixing several of the spamd rules wrt email
addresses, and added new rules for newer spamd versions.
* ignore.d.[ws]* /squid: moved messages about server stop/start/ reconfigure
to workstation, and those about unchanged cache dir sizes to server.
* ignore.d.*/squid: folded in some filters for operational messages and
updated squidGuard spawn message to include all eventHelper messages.
* ignore.d.server/ ssh: ignore messages about missing shadow information
for NOUSER (when there was a NULL user passed in the SSH protocol).
* ignore.d.server/ ssh: make sure that we never get bothered by scans again
(closes: #376461, #354820, #376474).
* ignore.d.server/ ssh: ignore SSH disconnects (closes: #376464).
* ignore.d.server/ ssh, violations. ignore. d/logcheck- ssh: ignore login
attempts for nonexistent accounts (closes: #376462).
* src/logcheck: if called as root, now echoes the options back to the user
for easier cut-n-paste.
* debian/control: recommend logcheck-database instead of depending on it
(closes: #376739). - 5. By Scott James Remnant (Canonical)
-
Create /var/lock/logcheck if necessary; we can do this in the main
code because /var/lock is +t. - 4. By Todd Troxell
-
[ maximilian attems ]
* Add dccproc timeout rule.
* Only source the conffile if we can read it. Should enable logcheck runs
directly out of the logcheck source.
* Default to send mail to local root otherwise messages go to Nirvana.
* Check if conffile with list of logfiles is readable.
* Fallback to read syslog if no logfile is provided.
* Enhance bind rules ignore NSTATS loglines, remove dup. (Closes: #324751)
* Add rule for recent nfs mountd messages.
Thanks to toby cabot <email address hidden>. (Closes: #325800)
* Move imap file to server level, not appropriate for paranoid.
* Add imap ignore rule for moved bytes, seems pretty normal imap usage.
Thanks to toby cabot <email address hidden>. (Closes: #325801)
* Add rule for Postponed keyboard-interactive ssh logins.
* Update some usb rules for usb-storage and phone devices. (Closes: #324347)
* Update horde3 rules the identifier can be changed by the user to any char.
Thanks to Martin Lohmeier <email address hidden> (Closes: #324613)
* Add imp4 rule for successful logins. Thanks to
Martin Lohmeier <email address hidden> (Closes: #324615)
* Bumped standards to 3.6.2.
* Fix exim4 rule for more modern tls string.
* logcheck.8 fix add full path to README.logcheck- database. gz.
(Closes: #328632)[ Jamie Penman-Smithson ]
* Add the first rules for mon. Thanks to Robbert Muller <email address hidden>.
(Closes: #324451)
* Modify dovecot rules to match ipv6 addresses too. (Closes: #327088)
* Add first polypaudio rules in workstation to suppress module-alsa-sink.c
messages. (Closes: #331282)
* Add first rules for tftpd, suppress 'connect' and 'get file' messages.
(Closes: #333456)
* Fix dovecot rules to match the new format log messages in 1.0.
(Closes: #332707, #333461)
* Fix proftpd rules to match ipv6 addresses. Thanks to Elmar Hoffmann
<email address hidden> (Closes: #332807)
* Update ssh rules to suppress reverse DNS warnings. Thanks to Elmar
Hoffmann <email address hidden> (Closes: #333233)
* Update nagios rules to match host UNREACHABLE notification messages.
(Closes: #325874)
* Add the first rules for popa3d. (Closes: #328251)
* Fix group permissions for /var/lock/logcheck on install or upgrade so
logcheck can be executed by the logcheck group. (Closes: #330208)
* Add Swedish translation, thanks to Daniel Nylander <email address hidden>.
(Closes: #334415)
* Fix anvil max rate rule to match statistics messages when postfix is bound
to a specific IP. (Closes: #334342)
* Modify spamd rules to match log message format in 3.1. (Closes: #335021)[ Todd Troxell ]
* Add check for lockfile-progs to aid non-debian installations.
* Set logcheck to remove cleanup trap if an error occours while getting
lockfile. This will prevent many confusing error messages.
* Add error reporting on -o option
* Add IPv6 support to bind rules. Thanks Marco Nenciarin
<email address hidden> (Closes: #327100)
* Add IPV6 support to postfix rules. Thanks Marco Nenciarin
<email address hidden> (Closes: #327114)
* Add INSTALL documentation for manual/non-Debian installation.
* Add 5 receive rules for hylafax's FaxGetty.
* Call adduser without --home flag in postinst. (Closes: #312393) - 3. By Todd Troxell
-
jamie:
* Improve postfix rules in ignore.d.server/ postfix and
violations.ignore. d/logcheck- postfix. (Closes: #305350)
* Add postfix rule for "Temporary failure in name resolution" messages.
* Add rules for policyd, add comma to throttle rule.
* Add nagios rules for PROCESS_SERVICE_ CHECK_RESULT messages.
(Closes: #306695)
* Add more ntp rules for "adjusting local clock" messages. (Closes: #303661)
* Add postfix rule for "unknown SPF result" messages when using the
libspf2 patch.
* Add rule for bind 9.3 "FORMERR resolving" messages.
* Add more nagios rules for SERVICE_FLAPPING messages and
ENABLE_*_NOTIFICATIONS messages.
* Fix udev rules to match alphanumeric device names and subdirectories in
front of %k. (Closes: #307588)
* Add bind rule to suppress NSTATS messages. (Closes: #307675)
* Add nagios rule for "HOST EVENT HANDLER" messages.
* Add cyrus rules to match notifyd messages.
* Add first rule for grinch, an open relay checker for postfix.
* Set a default for FQDN and only set the value of HOSTNAME once we've read
logcheck.conf. The FQDN option now works. (Closes: #308249)
* Minor changes to innd rules. Add rule to match innfeed "Connection
refused" messages.
* Add nagios rule for ENABLE_NOTIFICATIONS messages.
* Add postfix rule to suppress "certificate has expired" messages.
* Add postfix rule for "misplaced delimiter" hostname warnings.
* Add nagios rules to match ACKNOWLEDGEMENT, ADD_SVC_COMMENT, HOST_DOWNTIME
and DISABLE_SVC_NOTIFICATIO NS messages.
* Add the first rules for qpopper and qpopper-drac. (Closes: #125794,
#191637)
* Fix innd rules in violations.ignore. d/logcheck- innd for innfeed to match
"global/final seconds.." messages.
* Correct innd rule for perl filter rejection messages to match hostnames with
hyphens and underscores too.
* Adjust the anvil rule to match "max connection" messages with port 587
(submission).
* Add section to README.logcheck- database about submitting rules.
* Modify rules for dovecot to also match messages from the pop3 daemon.
(Closes: #310423)
* Minor changes to innd rules. Add rule for readclose messages.
* Add postfix rule in violations.ignore. d/logcheck- postfix to suppress
dNSNames mismatch messages.
* Add innd rule for innfeed hostChkCxns messages.
* Fix postfix rule in violations.ignore. d/logcheck- postfix to match
CommonName mis-match messages when verifying broken certs where the CN is
empty.
maks:
* Add some pppd rules for pppoatm usage.
* Fix hostname match in cvsd rules.
* Add some first preliminary iptables rules for iptables REJECT logging
ignore.d.server/ kernel for UDP packets.
* Add jabberd, ssh, rsync rules from Peter Palfrader <email address hidden>.
The ssh rule ignores network scanning noise (not the account brutforcing).
* Added dot to username match in scponly rule.
* Match more strictly ipv4 address in dhcpd + dhclient rules.
* Add to ignore.d.server/ dhcpd initial udhcpd lines. (Closes: #306388)
* Minor additions to logcheck(8).
* Add rule for cron nss_ldap message in ignore.d.server/ cron.
* Generalise kernel message no IPv6 routers present level workstation.
* Update rsync daemon rule thanks Paul Slootman <email address hidden>
(Closes: #308800)
* Update postfix peer verification rule match. (Closes: #307889)
* Beautify logcheck.postinst don't call dpkg --compare-versions when no $2.
* Correct proftpd rules thanks to Tilman Koschnick <email address hidden>
(Closes: #309084)
todd:
* Add Eric Evans as an uploader.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/lucid/logcheck