[Logcheck-devel] Bug#428429: patch for stunnel rules

Mon, 11 Jun 2007 09:39:04 -0700 

Package: logcheck
Version: 1.2.54
Severity: normal
Tags: patch

On my system, there is no pid after stunnel in the syslog.  Attached is
a patch to make the pid optional, and add a rule to ignore ldaps
connections.

hostname:/etc/logcheck/ignore.d.server# diff stunnel stunnel.old
1,9c1,9
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: SSL_read .*: 
Connection reset by peer$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: .* connected from .*$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: VERIFY OK: 
depth=[0-9]+, .*$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: Received signal 15; 
terminating$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: stunnel [0-9.]+ on 
i386-pc-linux-gnu PTHREAD\+POLL\+IPv6\+LIBWRAP with OpenSSL [0-9a-z.]+ [0-9]{2} 
\w{3} [0-9]{4}$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: [0-9]+ clients 
allowed$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: SSL_accept: Peer 
suddenly disconnected$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: *Connection closed*$
< ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel(\[[0-9]+\])?: 
LOG5\[[0-9]+.*:[0-9]+\]: ldaps connected from 
[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:[0-9]+.*$
---
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: SSL_read .*: Connection 
> reset by peer$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: .* connected from .*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: VERIFY OK: 
> depth=[0-9]+, .*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: Received signal 15; 
> terminating$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: stunnel [0-9.]+ on 
> i386-pc-linux-gnu PTHREAD\+POLL\+IPv6\+LIBWRAP with OpenSSL [0-9a-z.]+ 
> [0-9]{2} \w{3} [0-9]{4}$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: [0-9]+ clients allowed$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: SSL_accept: Peer 
> suddenly disconnected$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: 
> LOG5\[[:alnum:].*:[:alnum:]\]: ldaps connected from 
> ...\....\....\....:[:alnum:].*$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ stunnel\[[0-9]+\]: *Connection closed*$



_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

Reply via email to