Package: systemd Version: 228-2 Severity: wishlist Tags: patch Dear Maintainer,
systemd currently logs many informational messages to the system log and does not exclude any of these messages from logcheck, which results in an overwhelming number of systemd log messages being reported. The logcheck maintainers recommend that packages maintain their own logcheck rules.[1] To that end I'm filing this bug report along with the rules that I am currently using. They are based on the rules from the Debian Wiki[2] with additional rules and additional work to organize and structure the rules based on the log statements in the source code. Although the rules on the wiki attempt to match target/service/unit names, I think this is futile, especially given the low-security nature of such messages, and instead exclude all start/stop/restart messages. This has 2 known false-negatives noted in the rules, which are difficult to exclude due to the lack of negative lookahead in the POSIX regex language (although it could be done if desired). To use the file, install it as /etc/logcheck/ignore.d.server/systemd Thanks for considering, Kevin 1. https://logcheck.alioth.debian.org/docs/README.Maintainer 2. https://wiki.debian.org/systemd/logcheck -- Package-specific info: -- System Information: Debian Release: stretch/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.3.0+kevinoid1 (SMP w/4 CPU cores) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii adduser 3.113+nmu3 ii libacl1 2.2.52-2 ii libapparmor1 2.10-2+b1 ii libaudit1 1:2.4.4-4 ii libblkid1 2.27.1-1 ii libc6 2.21-4 ii libcap2 1:2.24-12 ii libcap2-bin 1:2.24-12 ii libcryptsetup4 2:1.6.6-5 ii libgcrypt20 1.6.4-3 ii libkmod2 21-1 ii liblzma5 5.1.1alpha+20120614-2.1 ii libmount1 2.27.1-1 ii libpam0g 1.1.8-3.1 ii libseccomp2 2.2.3-2 ii libselinux1 2.4-3 ii libsystemd0 228-2 ii mount 2.27.1-1 ii sysv-rc 2.88dsf-59.2 ii util-linux 2.27.1-1 Versions of packages systemd recommends: ii dbus 1.10.6-1 ii libpam-systemd 228-2 Versions of packages systemd suggests: pn systemd-container <none> pn systemd-ui <none> Versions of packages systemd is related to: ii udev 228-2 -- no debconf information
# Logcheck rules for systemd, organized by component. # Automount ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Set up|Unset) automount .+\.$ # Busname & Socket ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Closed|Listening on) .+\.$ # Device ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Expecting device [^[:space:]]+\.device\.\.\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Found device [^[:space:]]+\.$ # Device ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Successfully loaded the IMA custom policy [^[:space:]]+\.$ # Job & Service & Unit # FIXME: Don't want to match "Stopped \(with error\) .+\.$" ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Started|Stopped|Reloaded) .+\.$ # FIXME: Don't want to match "Starting of .+ not supported\.$" ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Starting|Stopping|Reloading) .+\.$ # Log ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd(-[^[:space:]]+)?\[[[:digit:]]+\]: Received SIG[^[:space:]]+( from PID [[:digit:]]+ \([^[:space:]]+\))?\.$ # Main ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Reexecuting|Reloading|Shutting down|Switching root)\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Detected architecture [^[:space:]]+\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Detected virtualization [^[:space:]]+\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: RTC configured in localtime, applying delta of -?[[:digit:]]+ minutes to system time\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Running in initial RAM disk\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: systemd [[:digit:]]+ running in (test )?system mode. \((\+[[:alnum:]]+ ?)+\)$ # Manager ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Startup finished in [[:digit:]]+ms\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Time has been changed$ # Mount ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Mounted|Unmounted) .+\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Mounting .+\.\.\.$ # PAM ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd: pam_unix\(systemd-user:session\): session (opened|closed) for user [^[:space:]]+( by \(uid=[[:digit:]]+\))?$ # SELinux ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Successfully loaded SELinux policy in [^[:space:]]+\.$ # Smack ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Successfully loaded Smack(/CIPSO)? policies\.$ # Slice ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Created|Removed) slice User Slice of .+\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Created|Removed) slice [^[:space:]]+\.slice\.$ # Swap ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Activated|Deactivated) swap .+\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Activating swap .+\.\.\.$ # Target ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Reached|Stopped) target .+\.$ # Unit ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: [^[:space:]]+: Unit is bound to inactive unit [^[:space:]]+\. Stopping, too\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: [^[:space:]]+: Unit not needed anymore\. Stopping\.$ # systemd-journald ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-journald\[[[:digit:]]+\]: Received request to (flush|rotate) runtime journal from PID [[:digit:]]+$ # systemd-logind ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: New session [^[:space:]]+ of user [^[:space:]]+\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: Removed session [^[:space:]]+\.$ # systemd-sleep ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-sleep\[[[:digit:]]+\]: Suspending system\.\.\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-sleep\[[[:digit:]]+\]: System resumed\.$ # systemd-timesyncd # Note: Only required for systemd 218 and earlier due to # https://bugs.freedesktop.org/show_bug.cgi?id=88926 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-timesyncd\[[[:digit:]]+\]: interval/delta/delay/jitter/drift [[:digit:]]+s/(\+|-)[.[:digit:]]+s/-?[.[:digit:]]+s/-?[.[:digit:]]+s/(\+|-)[[:digit:]]+ppm( \(ignored\))?$