Package: logcheck-database
Version: 1.3.5
Severity: minor
Tags: patch
User: [email protected]
Usertags: origin-ubuntu lucid ubuntu-patch
Hi
( This was originally reported in Ubuntu bug
https://bugs.launchpad.net/ubuntu/+source/logcheck/+bug/463471 )
I guess since the switch from syslogd to rsyslog in Ubuntu 9.10,
logcheck doesn't filter out CRON entries anymore. I verified this on
one of my systems and saw what used to be /USR/SBIN/CRON and
/usr/sbin/cron messages be logged without /usr/sbin/. Please find
attached a patch to support both formats.
Thanks,
--
Loïc Minier
diff -Nru logcheck-1.3.5/debian/changelog logcheck-1.3.5ubuntu1/debian/changelog
--- logcheck-1.3.5/debian/changelog 2010-01-01 00:14:30.000000000 +0100
+++ logcheck-1.3.5ubuntu1/debian/changelog 2010-01-21 23:36:34.000000000 +0100
@@ -1,3 +1,15 @@
+logcheck (1.3.5ubuntu1) lucid; urgency=low
+
+ * rulefiles/linux/ignore.d.paranoid/cron: make /usr/sbin/ optional in
+ pathnames to cron; apparently a difference between syslog and rsyslog;
+ LP: #463471.
+
+ -- Loïc Minier <[email protected]> Thu, 21 Jan 2010 23:09:45 +0100
+
logcheck (1.3.5) unstable; urgency=low
[ Hannes von Haugwitz ]
Les fichiers binaires /tmp/XIHkznoL9R/logcheck-1.3.5/docs/.README.logcheck-database.swp et /tmp/NAj5ZmFW1d/logcheck-1.3.5ubuntu1/docs/.README.logcheck-database.swp sont différents.
diff -Nru logcheck-1.3.5/rulefiles/linux/ignore.d.paranoid/cron logcheck-1.3.5ubuntu1/rulefiles/linux/ignore.d.paranoid/cron
--- logcheck-1.3.5/rulefiles/linux/ignore.d.paranoid/cron 2008-09-22 17:25:25.000000000 +0200
+++ logcheck-1.3.5ubuntu1/rulefiles/linux/ignore.d.paranoid/cron 2010-01-21 23:13:52.000000000 +0100
@@ -1,8 +1,8 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([_[:alnum:]-]+\) CMD \(.*\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) STARTUP \(fork ok\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \([^[:space:]]+\) RELOAD \([^[:space:]]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(pidfile fd = [0-9]+\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(Running @reboot jobs\)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /usr/sbin/cron\[[0-9]+\]: \(CRON\) INFO \(Skipping @reboot jobs -- not system startup\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/USR/SBIN/)?CRON\[[0-9]+\]: \([_[:alnum:]-]+\) CMD \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \(CRON\) STARTUP \(fork ok\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \([^[:space:]]+\) RELOAD \([^[:space:]]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \(CRON\) INFO \(pidfile fd = [0-9]+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \(CRON\) INFO \(Running @reboot jobs\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (/usr/sbin/)?cron\[[0-9]+\]: \(CRON\) INFO \(Skipping @reboot jobs -- not system startup\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: \(pam_[[:alnum:]]+\) session (opened|closed) for user [[:alnum:]-]+( by \(uid=[0-9]+\))?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ CRON\[[0-9]+\]: pam_[[:alnum:]]+\(cron:session\): session (opened|closed) for user [[:alnum:]-]+( by \(uid=[0-9]+\))?$
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
