[Logcheck-devel] Bug#542536: logcheck: [PATCH] new ntpd rule - kernel time sync status change

Wed, 19 Aug 2009 22:51:22 -0700 

Package: logcheck
Version: 1.2.69
Severity: wishlist
Tags: patch


Examples:

    System Events
    =-=-=-=-=-=-=
    ...
    Aug 19 08:54:45 host ntpd[4008]: kernel time sync status change 4001
    Aug 19 09:11:48 host ntpd[4008]: kernel time sync status change 0001
    Aug 19 10:37:07 host ntpd[4008]: kernel time sync status change 4001
    Aug 19 10:54:12 host ntpd[4008]: kernel time sync status change 0001
    Aug 19 12:02:27 host ntpd[4008]: kernel time sync status change 4001
    ...

The following patch adds rule to match 'kernel time sync status change' lines.

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages logcheck depends on:
ii  adduser            3.110                 add and remove users and groups
ii  bsd-mailx [mailx]  8.1.2-0.20081101cvs-2 A simple mail user agent
ii  cron               3.0pl1-106            process scheduling daemon
ii  exim4              4.69-11               metapackage to ease Exim MTA (v4) 
ii  exim4-daemon-light 4.69-11               lightweight Exim MTA (v4) daemon
ii  lockfile-progs     0.1.13                Programs for locking and unlocking
ii  logtail            1.2.69                Print log file lines that have not
ii  mailx              1:20081101-2          Transitional package for mailx ren
ii  sysklogd [system-l 1.5-5                 System Logging Daemon

Versions of packages logcheck recommends:
ii  logcheck-database             1.2.69     database of system log rules for t

Versions of packages logcheck suggests:
pn  syslog-summary                <none>     (no description available)

-- no debconf information

>From f0b066f3817acaa8b1d94a4347f9b593221c8ca1 Mon Sep 17 00:00:00 2001
From: Jari Aalto <[email protected]>
Date: Thu, 20 Aug 2009 08:42:35 +0300
Subject: [PATCH] rulefiles/linux/ignore.d.server/ntp: add rule - kernel time 
sync status change


Signed-off-by: Jari Aalto <[email protected]>
---
 rulefiles/linux/ignore.d.server/ntp |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/rulefiles/linux/ignore.d.server/ntp 
b/rulefiles/linux/ignore.d.server/ntp
index 21037ac..e584232 100644
--- a/rulefiles/linux/ignore.d.server/ntp
+++ b/rulefiles/linux/ignore.d.server/ntp
@@ -11,3 +11,4 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: too many recvbufs allocated 
\([0-9]+\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: Listening on interface 
[-[:alnum:]]+, [:.[:xdigit:]]+#[[:digit:]]{1,5} (En|Dis)abled$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd(_initres)?\[[0-9]+\]: signal_no_reset: 
signal [[:digit:]]+ had flags [[:xdigit:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time sync status 
change
-- 
1.6.3.3


_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

Reply via email to