Package: logcheck-database
Version: 1.2.64
Severity: wishlist
Tags: patch
Logcheck provides false negatives against the postfix package for lines
such as the following:
Jun 15 20:11:15 gamma postfix/smtpd[28071]: Anonymous TLS connection
established from fractal.kaosol.net[216.150.215.72]: TLSv1 with cipher
EDH-RSA-DES-CBC3-SHA (168/168 bits)
(This one would be caught without the word "Anonymous")
and
Jun 15 20:19:10 gamma postfix/smtpd[28321]: warning: 122.3.215.225: hostname
122.3.215.225.pldt.net verification failed: Name or service not known
(There does not appear to be an existing line related to this message.)
A patch to properly ignore both of these lines is attached.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (900, 'testing'), (300, 'unstable'), (200, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.22-2-686 (SMP w/2 CPU cores)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
-- debconf information:
* logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
--- ignore.d.server/postfix.old 2008-06-15 23:02:49.000000000 -0600
+++ ignore.d.server/postfix 2008-06-15 22:55:20.000000000 -0600
@@ -19,7 +19,7 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: cert has expired$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: (Peer|Server)
certificate could not be verified$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
smtpd_peer_init: [0-9]+\.[0-9]+\.[0-9]+\.[0-9]+: address not listed for
hostname [._[:alnum:]-]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: TLS connection
established (to|from) [^[:space:]]+: (TLSv1|SSLv[23]) with cipher [^[:space:]]+
\([/0-9]+ bits\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: (Anonymous )?TLS
connection established (to|from) [^[:space:]]+: (TLSv1|SSLv[23]) with cipher
[^[:space:]]+ \([/0-9]+ bits\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: setting up TLS
connection (to|from) [._[:alnum:]-]+(\[[0-9a-f.:]{3,39}\])?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]:
fingerprint=([0-9A-F]{2}:){15}[0-9A-F]{2}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd?\[[0-9]+\]: Verified:
subject_CN=.*, issuer=.*$
@@ -126,3 +126,4 @@
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
gethostby\*\.getanswer: asked for "([-_.[:alnum:]]+)", got "\1"$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: discarding
EHLO keywords:( [[:upper:]]+)+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [[:alnum:]]+:
milter-discard: END-OF-MESSAGE from [-._[:alnum:]]+\[[.[:digit:]]+\]: milter
triggers DISCARD action; from=<[^[:space:]]*> to=<[^[:space:]]*> proto=E?SMTP
helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning:
[0-9.]{7,15}: hostname [^[:space:]]+ verification failed: Name or service not
known$
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
