Package: systemd
Version: 228-2
Severity: wishlist
Tags: patch
Dear Maintainer,
systemd currently logs many informational messages to the system log and
does not exclude any of these messages from logcheck, which results in
an overwhelming number of systemd log messages being reported.
The logcheck maintainers recommend that packages maintain their own
logcheck rules.[1] To that end I'm filing this bug report along with
the rules that I am currently using. They are based on the rules from
the Debian Wiki[2] with additional rules and additional work to organize
and structure the rules based on the log statements in the source code.
Although the rules on the wiki attempt to match target/service/unit
names, I think this is futile, especially given the low-security nature
of such messages, and instead exclude all start/stop/restart messages.
This has 2 known false-negatives noted in the rules, which are difficult
to exclude due to the lack of negative lookahead in the POSIX regex
language (although it could be done if desired).
To use the file, install it as /etc/logcheck/ignore.d.server/systemd
Thanks for considering,
Kevin
1. https://logcheck.alioth.debian.org/docs/README.Maintainer
2. https://wiki.debian.org/systemd/logcheck
-- Package-specific info:
-- System Information:
Debian Release: stretch/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.3.0+kevinoid1 (SMP w/4 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages systemd depends on:
ii adduser 3.113+nmu3
ii libacl1 2.2.52-2
ii libapparmor1 2.10-2+b1
ii libaudit1 1:2.4.4-4
ii libblkid1 2.27.1-1
ii libc6 2.21-4
ii libcap2 1:2.24-12
ii libcap2-bin 1:2.24-12
ii libcryptsetup4 2:1.6.6-5
ii libgcrypt20 1.6.4-3
ii libkmod2 21-1
ii liblzma5 5.1.1alpha+20120614-2.1
ii libmount1 2.27.1-1
ii libpam0g 1.1.8-3.1
ii libseccomp2 2.2.3-2
ii libselinux1 2.4-3
ii libsystemd0 228-2
ii mount 2.27.1-1
ii sysv-rc 2.88dsf-59.2
ii util-linux 2.27.1-1
Versions of packages systemd recommends:
ii dbus 1.10.6-1
ii libpam-systemd 228-2
Versions of packages systemd suggests:
pn systemd-container <none>
pn systemd-ui <none>
Versions of packages systemd is related to:
ii udev 228-2
-- no debconf information
# Logcheck rules for systemd, organized by component.
# Automount
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Set
up|Unset) automount .+\.$
# Busname & Socket
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]:
(Closed|Listening on) .+\.$
# Device
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Expecting
device [^[:space:]]+\.device\.\.\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Found device
[^[:space:]]+\.$
# Device
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Successfully
loaded the IMA custom policy [^[:space:]]+\.$
# Job & Service & Unit
# FIXME: Don't want to match "Stopped \(with error\) .+\.$"
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]:
(Started|Stopped|Reloaded) .+\.$
# FIXME: Don't want to match "Starting of .+ not supported\.$"
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]:
(Starting|Stopping|Reloading) .+\.$
# Log
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+
systemd(-[^[:space:]]+)?\[[[:digit:]]+\]: Received SIG[^[:space:]]+( from PID
[[:digit:]]+ \([^[:space:]]+\))?\.$
# Main
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]:
(Reexecuting|Reloading|Shutting down|Switching root)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Detected
architecture [^[:space:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Detected
virtualization [^[:space:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: RTC
configured in localtime, applying delta of -?[[:digit:]]+ minutes to system
time\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Running in
initial RAM disk\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: systemd
[[:digit:]]+ running in (test )?system mode. \((\+[[:alnum:]]+ ?)+\)$
# Manager
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Startup
finished in [[:digit:]]+ms\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Time has been
changed$
# Mount
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]:
(Mounted|Unmounted) .+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Mounting
.+\.\.\.$
# PAM
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd:
pam_unix\(systemd-user:session\): session (opened|closed) for user
[^[:space:]]+( by \(uid=[[:digit:]]+\))?$
# SELinux
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Successfully
loaded SELinux policy in [^[:space:]]+\.$
# Smack
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Successfully
loaded Smack(/CIPSO)? policies\.$
# Slice
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]:
(Created|Removed) slice User Slice of .+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]:
(Created|Removed) slice [^[:space:]]+\.slice\.$
# Swap
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]:
(Activated|Deactivated) swap .+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Activating
swap .+\.\.\.$
# Target
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]:
(Reached|Stopped) target .+\.$
# Unit
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]:
[^[:space:]]+: Unit is bound to inactive unit [^[:space:]]+\. Stopping, too\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]:
[^[:space:]]+: Unit not needed anymore\. Stopping\.$
# systemd-journald
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-journald\[[[:digit:]]+\]:
Received request to (flush|rotate) runtime journal from PID [[:digit:]]+$
# systemd-logind
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: New
session [^[:space:]]+ of user [^[:space:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]:
Removed session [^[:space:]]+\.$
# systemd-sleep
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-sleep\[[[:digit:]]+\]:
Suspending system\.\.\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-sleep\[[[:digit:]]+\]: System
resumed\.$
# systemd-timesyncd
# Note: Only required for systemd 218 and earlier due to
# https://bugs.freedesktop.org/show_bug.cgi?id=88926
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-timesyncd\[[[:digit:]]+\]:
interval/delta/delay/jitter/drift
[[:digit:]]+s/(\+|-)[.[:digit:]]+s/-?[.[:digit:]]+s/-?[.[:digit:]]+s/(\+|-)[[:digit:]]+ppm(
\(ignored\))?$
