Package: logcheck
Version: 1.2.54
Severity: normal
In the file ignore.d.paranoid/cron there are the rules
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session
opened for user [[:alnum:]-]+ by \(uid=[0-9]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session
closed for user [[:alnum:]-]+$
to ignore lines like
10:17:[EMAIL PROTECTED] tooar CRON[6356]: (pam_unix) session opened for user
root by (uid=0)
10:17:[EMAIL PROTECTED] tooar CRON[6356]: (pam_unix) session closed for user
root
but I still get emails from logcheck with those lines.
I've tried to test the rules by doing
egrep -v -f ignore.d.paranoid/cron /var/log/messages |grep session
which correctly shows those "session opened" and "session closed" lines. So I
don't know why logcheck still sends me emails with those lines. This looks like
a bug to me.
-- System Information:
Debian Release: 4.0
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16tooar3
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages logcheck depends on:
ii adduser 3.102 Add and remove users and groups
ii cron 3.0pl1-100 management of regular background p
ii debconf 1.5.11 Debian configuration management sy
ii grep 2.5.1.ds2-6 GNU grep, egrep and fgrep
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logtail 1.2.54 Print log file lines that have not
ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii postfix [mail-tr 2.3.7-3 A high-performance mail transport
ii syslog-ng [syste 2.0.0-1 Next generation logging daemon
Versions of packages logcheck recommends:
ii logcheck-database 1.2.54 database of system log rules for t
-- debconf information:
* logcheck/install-note:
logcheck/changes:
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
