Your message dated Wed, 25 Jan 2017 22:05:37 +0000
with message-id <e1cwvhb-0002wq...@fasolo.debian.org>
and subject line Bug#822165: fixed in logcheck 1.3.18
has caused the Debian Bug report #822165,
regarding logcheck-database: regex wrong in linux/ignore.d.server/postfix
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
822165: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=822165
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: logcheck-database
Version: 1.3.17
(This is also present in the current git version
f005f31cd54a907adc8cb61888987d2ab3ab2480.)
The following regex on line 149 of
rulefiles/linux/ignore.d.server/postfix looks incorrect:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: numeric result [[[:xdigit:].:]{3,39}]+ in address->name lookup for
[^[:space:]]+$
Specifically the part [[[:xdigit:].:]{3,39}]+ does not seem to match
anything useful, though technically it appears to be a valid POSIX
regular expression. GNU grep -E thinks it matches e.g. the strings
[444]] and 444]]], that is it has a character class that includes [
repeated 3-39 times and then a ] character one or more times.
I don't know which log messages this rule is supposed to match. Looking
at the expressions in the surrounding lines of that rule file, perhaps
the suspicious part should match an IPv4/IPv6 address, in which case the
outermost [ and ]+ should not be there. That is, perhaps the rule should
be:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
warning: numeric result [[:xdigit:].:]{3,39} in address->name lookup for
[^[:space:]]+$
On the other hand, codesearch.debian.net seems to find only this rule
when searching for "address->name lookup for" and only comments when
searching for "numeric result package:postfix". So maybe the log message
isn't there at all anymore?
--- End Message ---
--- Begin Message ---
Source: logcheck
Source-Version: 1.3.18
We believe that the bug you reported is fixed in the latest version of
logcheck, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 822...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Hannes von Haugwitz <han...@vonhaugwitz.com> (supplier of updated logcheck
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 25 Jan 2017 22:08:04 +0100
Source: logcheck
Binary: logcheck logcheck-database logtail
Architecture: source
Version: 1.3.18
Distribution: unstable
Urgency: medium
Maintainer: Debian logcheck Team <logcheck-devel@lists.alioth.debian.org>
Changed-By: Hannes von Haugwitz <han...@vonhaugwitz.com>
Description:
logcheck - mails anomalies in the system logfiles to the administrator
logcheck-database - database of system log rules for the use of log checkers
logtail - Print log file lines that have not been read
Closes: 418147 481353 644886 703936 775090 780441 783633 786815 797512 799041
799304 809605 815114 815755 822165 825170
Changes:
logcheck (1.3.18) unstable; urgency=medium
.
* src/logcheck:
- fix check if rule files are unreadable, thanks to Simon Ruderich
for the patch (closes: #418147)
* src/logcheck-test:
- make mktemp usage more portable
* Makefile:
- remove duplicate xargs option (thanks to Sander Bos)
* ignore.d.server/dhcp:
- match dhcpd PID (closes: #799041)
* ignore.d.server/dhclient:
- rewrite rules (LP: #1357880, closes: #809605)
* ignore.d.server/ssh:
- add generic preauth disconnect rule (closes: #775090)
- adjust 'Bad protocol version identification' rule, thanks to
Paul Brossier for the patch (closes: #703936)
- allow new FingerprintHash format (closes: #799304)
- match 'ED25519' key type, thanks to Ayke van Laethem for the patch
- match more disconnect messages
* ignore.d.server/su:
- allow '.' and '_' in username (closes: #780441)
* ignore.d.server/rsync:
- allow comma as thousands separator (LP: #1476199)
* ignore.d.workstation/wpasupplicant:
- adjust CTRL-EVENT-CONNECTED rule
- add another CTRL-EVENT-DISCONNECTED rule
- adjust multiple rules to match added interface name
- allow '.' in SSID
- match 'SME: ' prefix in 'Trying to associate' message
- match 'freq=', 'address=' and 'uuid=' wpa_action messages
- match CTRL-EVENT-SUBNET-STATUS-UPDATE message
- match predictable network interface names
* violations.ignore.d/logcheck-sudo:
- match 'GROUP=' field (closes: #815114)
* ignore.d.server/bind:
- match domain name in query message, thanks to Wojciech Nizinski
for the patch
- ignore DNSSEC rekeying (closes: #825170)
* ignore.d.server/openvpn:
- match arbitrary mtu sizes (closes: #815755)
* ignore.d.server/snmpd:
- match optional port (closes: #644886)
* ignore.d.server/postfix:
- remove obsolete rule (closes: #822165)
* ignore.d.server/systemd-timesyncd: new
- match 'interval/delta/delay/jitter/drift' message
* ignore.d.server/kernel:
- 'TCP: ' prefix is optional, thanks to Xavier Mehrenberger
for the patch (closes: #797512)
* ignore.d.server/systemd: new
- add some generic rules (closes: #783633)
* debian/control:
- add alternate dependency on cron-daemon, thanks to Felix Zielcke for the
patch (closes: #786815)
- use secure Vcs-* fields
- bump to Standards-Version 3.9.8 (no changes necessary)
* debian/copyright: update copyright year to 2017
* Remove obsolete debian/logcheck-database.postinst
* Add support for logcheck.logfiles.d, thanks to Vincas Dargis for
the initial patch (closes: #481353)
* Replace all occurrences of 'deinstall' with 'uninstall', thanks to duelle
for the patch
* Remove references to 'logcheck.org'
Checksums-Sha1:
d51fa82ab094c7273879512d3261ceab3f156640 1857 logcheck_1.3.18.dsc
361aff6d593c4056ec9e8c9aa8195e6a2476b268 131252 logcheck_1.3.18.tar.xz
Checksums-Sha256:
0c19c134f86dfea6c04dd71e33fb2cf056d41019f4029c42c4f60c5633605fcb 1857
logcheck_1.3.18.dsc
077b9149ccd2b747b52785afa89da844f3d072c017c9e719925dec6acb9a9af4 131252
logcheck_1.3.18.tar.xz
Files:
4e18e2b9a6f211403f5a4b86107a00ee 1857 admin optional logcheck_1.3.18.dsc
0089dd02940b3789027ec37d4d19c8c0 131252 admin optional logcheck_1.3.18.tar.xz
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCgAdFiEEVJXNoXyawXqyOEGnGO6GOGAi71cFAliJF9oACgkQGO6GOGAi
71fmmQv/f6JkTqLtyqvNDYGUJ7Ovhtk3HnsDMCmeY/zWy7TvBOModS3AtWOU91Aj
i25mTB/ReW2W5U5Lis2v/n2iVOWBSNB6Z3uv0M50GpVE2hDHfY6YA57KAlEaeKv7
zyMMJf+nLa9a5Pz0IEtTgK5A08rTrmgyYo/q6We60XE2w5pWA3lA65to+aC2/Qr1
cHmBS/bc2nAc37DfZDqDROLS0/+VC7ziPyDqqQqxNOmkvRf8EAsivla90+pcdhmY
WmUi1ib6FX7su5rXKnJxhl9GMD5l4OSPRBE+JeO8rSeIo42Jxi85xxFyJ0Gwf79p
oJPEBq7EIES5JhuMFLfd+BdTa6B7SHfA6+xylv+lXhAUfldcNehM89cJHFL6VzNC
9QMJDoIz1l3pCikVo2Hx2xJXCX94MuaOvE2oLx9yU1Bztwx9aNhcQQiuSCUdeBsq
+8ok1DzpaqhNCckBLb1LiZF5zkqeOo36eHQkFOaVYsSlBUO/nirxcVmnPi0L1o/h
ZZ/i434i
=kISm
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel
