lp:ubuntu/oneiric/logcheck
- Get this branch:
- bzr branch lp:ubuntu/oneiric/logcheck
Branch information
- Owner:
- Ubuntu branches
- Status:
- Mature
Recent revisions
- 18. By Hannes von Haugwitz
-
[ martin f. krafft ]
* ignore.d.server/ postfix:
- ignore notice about verified TLS connections.
* ignore.d.server/ openvpn:
- broaden filters to catch more messages.[ Hanspeter Kunz ]
* ignore.d.server/ dovecot:
- allow for arbitrary msgids
- ignore discarded vacation replies with precedence Bulk and list
- ignore notice about managesieve logouts (closes: #637918)
* ignore.d.server/ postfix:
- ignore (temporary) rejects messages when the sender domain is not found
- ignore verify cache db cleanups[ Hannes von Haugwitz ]
* src/logcheck:
- added numeric timezone information to subject line
- re-enabled globbing of logfile names (closes: #616103)
* docs/README.logcheck- database:
- mention logcheck-test in 'TESTING RULES' section
* ignore.d.workstation/ wpasupplicant:
- match 5200, 5300, 5260 and 5680 MHz in 'Trying to associate' message
- allow WPA protocol in 'wpa_action: key_mgmt' message
- ignore "mode=station" message
- ignore "Trying to authenticate" message
- allow '/run/sendsigs.omit.d' as location for pidfile (closes: #633030)
* ignore.d.server/ login:
- adjusted rule to match serial terminals
* ignore.d.workstation/ kernel:
- ignore "Spinning up disk" message
- ignore 'cfg80211: Calling CRDA for country' message
- ignore 'Monitor-Mwait' messages
- ignore WLAN 'waiting for beacon' and 'beacon received' messages
- allow 'device number' in '(new|reset) (low|full|high) speed USB' and
'USB disconnect' messages
* ignore.d.server/ cron-apt:
- allow optional whitespace between value and unit, thanks to
Gabor Kiss (closes: #609649)
- allow optional architecture in "Get" message
* ignore.d.server/ dnsmasq:
- allow '-' in interface name, thanks to Jan Evert van Grootheest
(closes: #608256)
* src/logcheck, etc/logcheck.conf:
- added option to compress attachment with gzip
* ignore.d.server/ snmpd:
- adjusted UDP rule to match new SNMP output format, thanks to
Robert Naylor (closes: #613124)
* docs/logcheck-test.1:
- use 'logcheck-test' instead of 'logcheck' in the EXAMPLES
* ignore.d.workstation/ libpam- gnome-keyring:
- adjusted rule to match messages without quotes (closes: #618411)
* ignore.d.server/ dhclient:
- allow '-' in interface name (closes: #622942)
* ignore.d.server/ spamd:
- adjusted 'child cleanup' rule to match new format, thanks to Enno Gröper
(closes: #632471)
* src/logcheck-test:
- allow symbolic link as rule file
* ignore.d.workstation/ xlockmore:
- applied patch by Libor Polčák: ignore local display
* logcheck-database. preinst:
- deleting ignore.d.server/ webmin, package has been removed from debian
* ignore.d.server/ kernel:
- ignore "kvm: emulating exchange as write" message
- allow optional ". Opts: (null)" at the end of "mounted filesystem with
(writeback|ordered) data mode" message
* ignore.d.server/ amavisd- new:
- allow quarantine in "Passed SPAM" log line
- allow subdirectories for quarantine messages and made Message-ID in
"Passed BAD-HEADER" log lines optional, thanks to John Clements
- allow compressed quarantine messages (closes: #639839)
* debian/rules:
- added build-indep and build-arch targets
* debian/control:
- bumped to Standards-Version 3.9.2 (no changes necessary)[ Gerfried Fuchs ]
* Remove myself from uploaders.[ Jeremy L. Gaddis ]
* ignore.d.server/ postfix:
- adjust postfix certificate fingerprint rule to match new output
format, thanks to Loïc Minier (closes: #616616)
* ignore.d.server/ amavisd- new:
- adjusted rule to match new output format, thanks to Adrian Lang
(closes: #624197)
* ignore.d.server/ ssh:
- add rule to ignore AllowGroups denial, thanks to Gerald Turner
(closes: #637923)
* ignore.d.server/ dovecot:
- adjusted rule to match IPv6 addresses, thanks to Gerald Turner
(closes: #637916)
* debian/copyright:
- updated copyright year to 2011
- added myself as team member[ Frédéric Brière ]
* violations.d/kernel:
- ignore whitespace before timestamp
* ignore.d.workstation/ kernel:
- allow '.' in input device name - 17. By Hannes von Haugwitz
-
* ignore.
d.server/ pure-ftpd:
- fixed user name pattern in logout message, thanks to Simon Breuss
(LP: #619119)
* violations.ignore. d/logcheck- sudo:
- match COMMAND=list and TTY=console, thanks to Michel Messerschmidt for
the patch (closes: #593482)
* ignore.d.server/ amavisd- new:
- applied changes by Christian Dröge (closes: #594605):
- IPv6 support for IP addresses
- allow PASSED SPAM in log
- optional minus sign after "Hits:"
- optional quarantine in log line
- optional Message-ID - 16. By Hannes von Haugwitz
-
[ Hanspeter Kunz ]
* ignore.d.server/ dhcp:
- generalized rule for "sending options to hosts"
- ignore reading global configuration from an LDAP directory
- allow dots in the DN (parsing of the DHCP configuration from LDAP dir)
- ignore reading subnet configuration from an LDAP directory
- ignore reading pool configuration from an LDAP directory[ Hannes von Haugwitz ]
* ignore.d.workstation/ kernel:
- ignore 'cfg80211: Calling CRDA to update world regulatory domain' message
- added rule to ignore 'No probe response from AP' message
* ignore.d.workstation/ wpasupplicant:
- added some rules to ignore WLAN disconnections
* ignore.d.server/ amavisd- new:
- match local mails in 'Passed CLEAN' message, thanks to Patrice Le Gurun
(closes: #563348)[ Gerfried Fuchs ]
* Re-integrating ignore.d.server/ amavisd- new after a long time
(closes: #583155)
* Add Replaces: amavisd-new (<= 2:2.6.4-1) to logcheck-database for that.
* Remove this file from the debian/logcheck- database. preinst OLD_CONFFILES
list. - 15. By Hannes von Haugwitz
-
[ Hannes von Haugwitz ]
* ignore.d.server/ smartd:
- ignore "scheduled Offline Immediate Test" (closes: #585802)
* ignore.d.workstation/ slim: new
- ignore session opened/closed messages
* debian/control:
- bumped to Standards-Version 3.9.1 (no changes necessary)
- depend on default-mta instead of exim4
* ignore.d.workstation/ wpasupplicant:
- match 5660 MHz in 'Trying to associate' message
* ignore.d.server/ libpam- krb5: new
- ignore successful kerberos authentication, thanks to
Russ Allbery (closes: #588285)
* violations.ignore. d/logcheck- sudo:
- ignore successful kerberos authentication, thanks to
Michel Messerschmidt (see: #588285)
* logcheck-database. preinst:
- deleting ignore.d.workstation/ xscreensaver, rule is covered
by i.d.s/libpam-krb5
- deleting ignore.d.server/ cracklib, rules maintained in cracklib-runtime
* ignore.d.workstation/ login:
- removed successful krb auth rule, rule is covered by i.d.s/libpam-krb5
* violations.ignore. d/logcheck- su:
- ignore successful kerberos authentication
* ignore.d.server/ smartd
- ignore 'state read' and 'state written' messages
* debian/copyright:
- updated copyright year to 2010
- added Marc, Hanspeter and myself as team members
* ignore.d.server/ dhclient:
- allow '-' in version string[ martin f. krafft ]
* ignore.d.server/ postfix:
- patch from Mathias Krause to address changes in policy-weightd log
message format.
* ignore.d.server/ ssh:
- messages about invalid users can contain zero-length usernames.
* ignore.d.server/ postfix:
- ignore delay notification log entries (closes: #589981).[ Hanspeter Kunz ]
* ignore.d.server/ dhcp:
- ignore messages about LDAP lookups of host entries
- ignore messages on sending options to hosts (as a result of LDAP lookups)
- ignore more balancing/balanced pool messages
- Found dhcpHWAddress: LDAP entries may contain underscores and dashes
- removed rule to "ignore messages about leased addresses which respond to
to ping requests" because this is probably caused by a misconfiguration
- ignore messages on xid-mismatches
- ignore messages on establishing a (TLS) connection to the LDAP server
- ignore successful logins to the LDAP server
- ignore successful parsing of the DHCP configuration from an LDAP directory
* ignore.d.server/ postfix:
- ignore another TLS library problem
(SSL23_GET_CLIENT_ HELLO:http request: s23_srvr. c:379)
* ignore.d.server/ dovecot:
- sieve: allow empty recipient address
- sieve: make "added by" optional - 14. By Hannes von Haugwitz
-
* logcheck-
database. preinst
- deleting ignore.d.server/ ntop, also in ntop (closes: #584824, #584849) - 13. By Hannes von Haugwitz
-
[ Hannes von Haugwitz ]
* ignore.d.workstation/ kernel:
- adjusted rule to ignore more "usb-storage" messages
- made 'AP ' optional in "wlan" message
* src/logcheck-test:
- fixed spelling error
* debian/control:
- added DM-Upload-Allowed field
* ignore.d.workstation/ wpasupplicant:
- match more frequencies in 'Trying to associate' message
* ignore.d.server/ bind:
- added rules to match bind's new syslog line format
- adjusted rule to also match 'network unreachable' error, thanks to
Bob Proulx (closes: #582060)
* ignore.d.workstation/ laptop- mode-tools: new
- added rule for some laptop-mode info messages[ Hanspeter Kunz ]
* ignore.d.server/ dovecot:
- sieve: msgids might be followed by "(added by ...)"[ martin f. krafft ]
* ignore.d.server/ postfix:
- fix rule to match greylisting notices.
* ignore.d.server/ ntop:
- ignore warnings about truncated packets.
* ignore.d.server/ schroot:
- ignore new-style PAM session notices.
* ignore.d.server/ pdns:
- update rules to match informational messages about incoming AXFR
transfers, as well as sqlite3 connections.
* ignore.d.server/ asterisk:
- ignore unknown attribute warnings/messages by rc_avpair_new.
* ignore.d.server/ git-daemon:
- ignore warnings on access to nonexistent git repository.
* ignore.d.server/ kernel:
- ignore message about kernel logging (proc) being stopped. - 12. By Hannes von Haugwitz
-
[ Hannes von Haugwitz ]
* src/logcheck-test:
- removed useless trap signal 16
* ignore.d.workstation/ wpasupplicant:
- allow '_' in id_str of CTRL-EVENT-CONNECTED message
- added rules for wpa_action messages
* ignore.d.workstation/ kernel:
- "Mode Sense" is hexadecimal, not just decimal
- ignore "usb-storage" message
* ignore.d.server/ kernel:
- ignore "using internal journal" message
- adjusted rule to match EXT3-fs and writeback data mode
* ignore.d.server/ bind:
- added rule to ignore "success resolving" messages
* ignore.d.server/ nfs:
- allow '_', '-' and '.' in mount path, thanks to
G. T. Laycock (closes: #575378)
* ignore.d.server/ nagios:
- allow '>=' in "SERVICE FLAPPING ALERT" message
- added rule to ignore "HOST FLAPPING ALERT" message
* src/logcheck:
- look for {header,footer}.txt in $RULEDIR, thanks to Kerstin Puschke
- cd to $STATEDIR before cleaning up temp dir, thanks to Kerstin Puschke
- fixed stream redirection of hostname command,
thanks to Bob Proulx (see #574858)
* ignore.d.server/ dnsmasq:
- adjusted rule to also match '-dhcp' suffix in dhcp subsystem messages,
thanks to Michał Sawicz
* Switch to dpkg-source 3.0 (native) format[ Gerfried Fuchs ]
* debian/logcheck. NEWS, debian/ logtail. NEWS:
- removed asterisk from entries
* docs/logcheck-test.1, docs/logtail.8, docs/logtail2.8:
- escaped dashes that really mean dashes[ Hanspeter Kunz ]
* ignore.d.server/ dovecot:
- ignore more failed and aborted logins
- msgid's may contain colons
- ignore discarded vacation responses (bulk, auto-submited, duplicates)
- ignore duplicate forwards
- ignore more "Connection closed" messages
- ignore "Too many invalid IMAP commands"
- ignore more "Connection closed" messages (MANAGESIEVE)
- ignore aborted authentications
* ignore.d.server/ postfix:
- ignore disconnects during EHLO (and not only HELO) handshakes
- merged 5 similar "lost connection" rules into one
* ignore.d.server/ kernel: ignore imklog startup messages - 11. By Loïc Minier
-
ignore.
d.server/ dnsmasq: allow -dhcp suffix in DHCP messages; taken from
Debian 1.3.8; LP: #508142. - 10. By Hannes von Haugwitz
-
[ Hannes von Haugwitz ]
* Added src/logcheck-test and docs/logcheck-test.1
* ignore.d.server/ wu-ftpd:
- adjusted rule to match optional pid (closes: #570207)
* src/logcheck:
- use 7bit encoding for sending mail
* ignore.d.workstation/ kernel:
- added rules for inserted and removed SD cards
* ignore.d.server/ mountd: new
- added rule for authenticated mount/unmount requests,
thanks to Paweł Hajdan, Jr. (closes: #567842)
* docs/logcheck.sgml: clarify that "server" rules are
included in "workstation" level
* ignore.d.server/ klogind: new
- added rule for "connect from" message
* ignore.d.server/ login:
- added rule for root logins on pseudo terminals
* ignore.d.server/ bind:
- added rules for "received notify for zone" and
"zone is up to date" message
* Makefile:
- added an empty "all" make target, thanks to
Paweł Hajdan, Jr. (closes: #567150)
- renamed BINDIR to SBINDIR
- added logtail2 script to "clean" make target
* ignore.d.server/ ssh:
- added rule for "disconnected by user" message (closes: #567317)
* ignore.d.workstation/ ifplugd:
- added rule for "client: OK" message
* debian/control:
- bumped to Standards-Version 3.8.4 (no changes necessary)
- added ${misc:Depends} to logtail Depends[ Hanspeter Kunz ]
* ignore.d.server/ dovecot:
- added an optional prefix "dovecot: " to the deliver rule
- added rule to ignore various sieve messages (stored mail, forwards,
vacation replies and discards)[ Frédéric Brière ]
* ignore.d.server/ kernel:
- added IPv6 support to "Treason uncloaked!" rule (closes: #546004)
- added "Peer unexpectedly shrunk window" alternate rule
- allow '-' in usbcore interface driver names (e.g. snd-usb-audio)
* ignore.d.workstation/ kernel:
- added UDF-fs "readonly partition" and "Mounting volume" rules
- usbhid no longer prints the source filename in its messages
- allow ':' and arbitrary paths for input devices
- adjusted "USB HID" rule to match generic devices
- adjusted "USB HID" rule for newer kernels
- adjusted agpgart rules for newer kernels - 9. By Loïc Minier
-
* Merge with Debian unstable to minimize delta and get some recent fixes;
remaining changes:
- rulefiles/linux/ignore. d.server/ ssh: Add "disconnected by user" re in
the "Received disconnect from" series; this now occurs frequently with
lucid ssh clients.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/logcheck