Hi,
On Thu, Mar 14, 2024 at 04:18:26PM -0600, Charles Curley wrote:
> Interesting. My logcheck instance works just fine, andmakes no such
> complaints. However, my
> /etc/logcheck/logcheck.logfiles.d/syslog.logfiles has them commented
> out.
You are probably using the journald support as configur
On Thu, 14 Mar 2024 11:25:52 -0700
cono...@panix.com (John Conover) wrote:
> Email from logcheck(1) contains:
>
> E: File could not be read: /var/log/syslog
> E: File could not be read: /var/log/auth.log
>
> which do not exist in bookworm 12.5.
>
> The offending file:
>
> /etc/logc
Hi,
On Thu, Mar 14, 2024 at 11:25:52AM -0700, John Conover wrote:
> Email from logcheck(1) contains:
>
> E: File could not be read: /var/log/syslog
> E: File could not be read: /var/log/auth.log
>
> which do not exist in bookworm 12.5.
>
> The offending file:
>
> /etc/logcheck/logc
John Conover wrote:
>
> Email from logcheck(1) contains:
>
> E: File could not be read: /var/log/syslog
> E: File could not be read: /var/log/auth.log
>
> which do not exist in bookworm 12.5.
They do as soon as you install rsyslog.
Arguably this should be in rsyslog's package, though
On Thu, Mar 14, 2024 at 11:25:52AM -0700, John Conover wrote:
>
> Email from logcheck(1) contains:
>
> E: File could not be read: /var/log/syslog
> E: File could not be read: /var/log/auth.log
>
> which do not exist in bookworm 12.5.
You'll want to install rsyslog, or something equivale
On Mon, Apr 04, 2022 at 08:02:45PM -0700, John Conover wrote:
>
> Can /etc/cron.d/sysstat and /etc/cron.daily/sysstat simply be removed?
>
Those files "belong" to the sysstate package. To ensure that your
modifications are preserved on upgrade, then the best way to handle it
is to simply commen
Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= writes:
> On Mon, Apr 04, 2022 at 12:46:33PM -0700, John Conover wrote:
> >
> > For the past few days, logcheck is sending:
> >
> > Apr 4 11:40:13 john systemd[1]: Starting system activity accounting
> > tool...
> > Apr 4 11:40:13 john systemd[1]
On Mon, Apr 04, 2022 at 12:46:33PM -0700, John Conover wrote:
>
> For the past few days, logcheck is sending:
>
> Apr 4 11:40:13 john systemd[1]: Starting system activity accounting
> tool...
> Apr 4 11:40:13 john systemd[1]: sysstat-collect.service: Succeeded.
> Apr 4 11:40:13 jo
Thanks for this Brian, I've patched logcheck as you suggested and left it
running overnight to see what happens. There is no change in its behaviour,
so later on I'll reboot and see if that fixes it.
Thanks again
Sharon.
On 3 January 2013 18:13, Brian wrote:
> On Thu 03 Jan 2013 at 17:27:56 +
On Thu 03 Jan 2013 at 17:27:56 +, Sharon Kimble wrote:
> I am seeing lots of emails like this from logcheck '/usr/sbin/logcheck:
> line 100: kill: (10554) - No such process' which is bug #657641, and there
> is a patch provided. How do I apply that patch please to my 'logcheck' in
> wheezy pl
On Mi, 19 ian 11, 18:37:00, Informatik.hu wrote:
> SOLVED?
>
> so finally i grepped my whole fs. i found the olddomain in
> /var/cache/debconf/config.dat, with postfix owner(some main.cf
> values).
> what i did, run dpkg-reconfigure postfix. altough i have already
> changed the domain in postfix,
SOLVED?
so finally i grepped my whole fs. i found the olddomain in
/var/cache/debconf/config.dat, with postfix owner(some main.cf values).
what i did, run dpkg-reconfigure postfix. altough i have already changed
the domain in postfix, mailname, etc,
it showed up the old one. as i changed the do
El 2011-01-19 a las 12:10 +0100, Informatik.hu escribió:
(resending to the list)
> On 2011.01.17. 16:04, Camaleón wrote:
>> On Mon, 17 Jan 2011 14:41:11 +0100, Informatik.hu wrote:
>>
>>> I am using logcheck on my squeeze, i have changed the domain name of the
>>> machine from olddomain.com to ne
El 2011-01-18 a las 13:42 +0100, Informatik.hu escribió:
(resending to the list)
> On 2011.01.17. 20:34, Camaleón wrote:
>> On Mon, 17 Jan 2011 19:34:56 +0100, Informatik.hu wrote:
>>
>>> On 2011.01.17. 16:04, Camaleón wrote:
>> (..)
>>
Why e-mails to "root" are not delivered to the current
On Mon, 17 Jan 2011 19:34:56 +0100, Informatik.hu wrote:
> On 2011.01.17. 16:04, Camaleón wrote:
(..)
>> Why e-mails to "root" are not delivered to the current and updated host
>> domain? Check your alises database ("cat /etc/alisases") and your
>> hostname (hostname -d).
> SENDMAILTO="logcheck
Hi!
SENDMAILTO="logcheck"
in aliases
logcheck:root
root:szun
szun:[where i wanted to send the logcheck mai]
so i changed the sendmailto= to my destination email, and voila, it
comes with the newdomain!
any suugestions?
On 2011.01.17. 16:04, Camaleón wrote:
On Mon, 17 Jan 2011 14:41:11 +0
On Mon, 2011-01-17 at 14:41 +0100, Informatik.hu wrote:
> I am using logcheck on my squeeze, i have changed the domain name of the
> machine from olddomain.com to newdomain.com, everything works fine, but
> logcheck still sends the mails with r...@olddomain.com. How/where can i
> a change the se
On Mon, 17 Jan 2011 14:41:11 +0100, Informatik.hu wrote:
> I am using logcheck on my squeeze, i have changed the domain name of the
> machine from olddomain.com to newdomain.com, everything works fine, but
> logcheck still sends the mails with r...@olddomain.com. How/where can i
> a change the sen
On Mon, 21 Jul 2008 14:02:33 +0200
Pavlos Parissis <[EMAIL PROTECTED]> wrote:
[...snip...]
> Thanks Martin for the confirmation on the bug.
>
> I'll file the bug report against logcheck-database packages and not to
> logcheck because /etc/logcheck/violations.d/su is provided by
> logcheck-databas
On Mon, 21 Jul 2008 13:40:41 +0200
martin f krafft <[EMAIL PROTECTED]> wrote:
> also sprach Pavlos Parissis <[EMAIL PROTECTED]> [2008.07.21.1147 +0200]:
> > the issue resides in 3rd and 4th line, the - character should be
> > : for matching user:root and root:user strings.
>
> So maybe su changed
also sprach Pavlos Parissis <[EMAIL PROTECTED]> [2008.07.21.1147 +0200]:
> the issue resides in 3rd and 4th line, the - character should be
> : for matching user:root and root:user strings.
So maybe su changed the format *again*. You should file a wishlist
bug asking for [-:] to be used instead of
On Thu, Oct 12, 2006 at 07:29:04PM -0400, Roberto C. Sanchez wrote:
> On Thu, Oct 12, 2006 at 03:36:43AM -0400, Kevin Mark wrote:
> > Hi Roberto,
> > I did 'Oct 11 22:06:01 miami /USR/SBIN/CRON[19062]: (root) CMD
> > (/usr/sbin/getimage' > roberto.txt and used the regex that you did on
> > the text
On Thu, Oct 12, 2006 at 03:36:43AM -0400, Kevin Mark wrote:
> Hi Roberto,
> I did 'Oct 11 22:06:01 miami /USR/SBIN/CRON[19062]: (root) CMD
> (/usr/sbin/getimage' > roberto.txt and used the regex that you did on
> the text and it matched[0]. That leads me to look elsewhere. Is this
> supposed to mat
On Thu, Oct 12, 2006 at 12:05:51AM -0400, Roberto C. Sanchez wrote:
> On Wed, Oct 11, 2006 at 10:59:31PM -0400, Kevin Mark wrote:
> > >
> > > Please excuse me while I go and beat head against a brick wall.
> > reading debian-devel lately is torture enough x-)
>
> :-)
>
> But, argh!!!
>
> It st
On Wed, Oct 11, 2006 at 10:59:31PM -0400, Kevin Mark wrote:
> >
> > Please excuse me while I go and beat head against a brick wall.
> reading debian-devel lately is torture enough x-)
:-)
But, argh!!!
It still doesn't work:
regex:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[.*\]: \(ro
On Wed, Oct 11, 2006 at 09:43:22PM -0400, Roberto C. Sanchez wrote:
> On Wed, Oct 11, 2006 at 09:35:57PM -0400, Kevin Mark wrote:
> > On Wed, Oct 11, 2006 at 06:08:08PM -0400, Roberto C. Sanchez wrote:
> > > I have the following line in /etc/logcheck/ignore.d.server/local:
> > >
> > > ^\w{3} [ :0-
On Wed, Oct 11, 2006 at 09:35:57PM -0400, Kevin Mark wrote:
> On Wed, Oct 11, 2006 at 06:08:08PM -0400, Roberto C. Sanchez wrote:
> > I have the following line in /etc/logcheck/ignore.d.server/local:
> >
> > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/BIN/CRON\[.*\]: \(root\) CMD
> > \(/usr/sbin/geti
On Wed, Oct 11, 2006 at 06:08:08PM -0400, Roberto C. Sanchez wrote:
> I have the following line in /etc/logcheck/ignore.d.server/local:
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/BIN/CRON\[.*\]: \(root\) CMD
> \(/usr/sbin/getimage
>
> The level in logcheck.conf is set to server. Still, these l
Now that works!
Dankjewel Florian ;) (thanks in dutch for the rest of the list ;))
Pim
On Apr 2, 2006, at 7:07 PM, Florian Kulzer wrote:
Pim Bliek wrote:
Hi list
Logcheck is driving me NUTS. I'm not a regular expression guru so
here's my problem:
Every hour I run a script to kick out ssh bru
Pim Bliek wrote:
Hi list
Logcheck is driving me NUTS. I'm not a regular expression guru so
here's my problem:
Every hour I run a script to kick out ssh brute force script kiddies.
This generates the following in syslog:
Apr 2 17:01:01 zenggi2 /USR/SBIN/CRON[29227]: (root) CMD (ruby /root/
aut
Not an answer to your question...
Can I get a copy of the script you use to block brute force attempts?
thanks
diswill
Pim Bliek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list
Logcheck is driving me NUTS. I'm not a regular expression guru so
here's my problem:
Every hour I ru
Am Sonntag, den 02.04.2006, 17:35 +0200 schrieb Pim Bliek:
> ^[[:alnum:]-]+autodeny[[:alnum:]-]+$
i don't know about logcheck and the regexp syntax it uses, but try
^.*autodeny\.rb.*$
you may have to start and finish the expression with a slash.
Grüße / Regards,
Oliver
--
All things are either s
> -Original Message-
> From: Fisher, Jason [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 29, 2005 3:20 PM
> To: debian-user@lists.debian.org
> Subject: Logcheck amavisd-new and do_executable/do_unzip
>
> Hi all. I run a server that receives email using exim4 which
> in turn hands
$ ls -ld /var/lock/logcheck/
drwxr-xr-x 2 logcheck logcheck 4096 2005-06-24 09:02 /var/lock/logcheck/
Thanks solved there were bad owner set, I set it with chmod and now it is ok
Thank you very much
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? C
Michal Sedlak wrote:
> Thank fou for response.
> I am nearly sure that there is no lock file in that directory.
> may be it is because of permissions but I do not know how to check it.
> Reinstalling of logcheck didn't help
Hmm. The logcheck package should create the directory with the correct
p
IL PROTECTED]>
To:
Sent: Thursday, June 23, 2005 3:55 PM
Subject: Re: Logcheck error: Failed to get lockfile:
/var/lock/logcheck/logcheck.lock
Michal Sedlak wrote:
Hi
thank you for response
This command:
ps aux|grep logcheck
gives only himself back
root 8301 0.0 0.0 1840 592 pt
Michal Sedlak wrote:
> Hi
> thank you for response
> This command:
> ps aux|grep logcheck
>
> gives only himself back
> root 8301 0.0 0.0 1840 592 pts/0S+ 17:09 0:00 grep
> logcheck
>
> even when I run logcheck manually it sends me this message:
>
> Warning: If you
You may have to change the owner of the lock folder. Try:
chown -R logcheck /var/lock/logcheck/
--
Fabio M. Yamamoto
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
not have been
checked!
Details:
Failed to get lockfile: /var/lock/logcheck/logcheck.lock
Check temporary directory:
-
Best regards
Michal sedlak
- Original Message -
From: "Adam Funk" <[EMAIL PROTECTED]>
To:
Sent: Tuesday, June 21, 2005 12:28 PM
Subject: Re
Michal Sedlak wrote:
> Hello
> I have problem with logcheck
> logchceck sends me this error message:
>
> Failed to get lockfile: /var/lock/logcheck/logcheck.lock
>
> I do not have any idea why it can be. Can anybody help please?
I've used logcheck for a while and never seen this error, but wit
On Thu, Sep 30, 2004 at 10:42:38AM +0200, Pim Bliek wrote:
> On Thu, 30 Sep 2004 11:32:04 +1200, Richard Hector
> <[EMAIL PROTECTED]> wrote:
> > On Wed, Sep 29, 2004 at 11:35:57PM +0200, Pim Bliek wrote:
> > > Hi All,
> > >
> > > I am no regular expression guru, and I am having severe difficultie
Thanx!
It was too late yesterday LOL. Off course it was smtpd ;). Also, I was
not aware of the extra rules in /etc/logcheck/violations.d! Stupid,
but I did not think of it. I commented out "failed" there and now it
doesn't show anymore! Now let's hope there are no other serious things
with "failed
On Wed, Sep 29, 2004 at 11:35:57PM +0200, Pim Bliek wrote:
> Hi All,
>
> I am no regular expression guru, and I am having severe difficulties
> adjusting logcheck to my needs (on a Sid system).
>
> I get the following stuff mailed by logcheck from my syslog which I
> don't want to see:
> Sep 29 2
On Fri, 04 Jun 2004 20:20:09 +0200, "Bojan Baros"
<[EMAIL PROTECTED]> wrote:
> Matthijs said:
> > Jun 4 07:30:54 MyMail kernel: UDP: short packet: 24.5.180.234:10030
> > 2167/119 to 192.168.1.2:10768
> >
> > I'm not really interested in what these packets are for (I guess some
> > kind of worm/Do
On Fri, 04 Jun 2004 19:50:10 +0200, Paul Johnson <[EMAIL PROTECTED]>
wrote:
> Matthijs <[EMAIL PROTECTED]> writes:
>
> > Jun 4 07:30:54 MyMail kernel: UDP: short packet: 24.5.180.234:10030
> > 2167/119 to 192.168.1.2:10768
> >
> > I'm not really interested in what these packets are for (I guess
Matthijs said:
> Since a few days, Logcheck sometimes e-mails me the following warning:
>
> Jun 4 07:30:54 MyMail kernel: UDP: short packet: 24.5.180.234:10030
> 2167/119 to 192.168.1.2:10768
>
> I'm not really interested in what these packets are for (I guess some
> kind of worm/DoS related packe
Matthijs <[EMAIL PROTECTED]> writes:
> Since a few days, Logcheck sometimes e-mails me the following warning:
>
> Jun 4 07:30:54 MyMail kernel: UDP: short packet: 24.5.180.234:10030
> 2167/119 to 192.168.1.2:10768
>
> I'm not really interested in what these packets are for (I guess some
> kind of
On Thu, May 06, 2004 at 12:27:30AM -0600, Dana Laude said
> Greetings,
>
> I've been running unstable and noticed that logcheck has
> stopping working. (looks like a cron deal) Anyways, I
> remember during the upgrade it popped up with something
> about adding the group "logcheck" and I checked i
Pim Bliek | PingWings.nl wrote:
Hi All,
I get these in the mail via logcheck every hour:
Apr 12 10:55:01 fourtytwo CRON[7688]: (pam_unix) session opened for user
list by (uid=0)
Apr 12 10:55:01 fourtytwo CRON[7688]: (pam_unix) session closed for user
list
Repeat the above a zillion times :)
I lo
On Tue, Dec 23, 2003 at 10:39:29AM +0100, Mark Schouten wrote:
> Well, it *is* the space at the end of the line. Why all the fuzz. Just
> place an '?' behind the space.
No it isn't. So far, all of the messages which have slipped through
have exactly one trailing space... exactly matching the rege
On Fri, Dec 19, 2003 at 09:34:56PM -0600, Greg Norris wrote:
> Every now and then, logcheck complains about syslog messages such as
> the one below. Not a big problem, but it's supposed to filter out
> messages which match the associated regexp... which really should cover
> this case, as far as I
On Sat, Dec 20, 2003 at 04:01:08PM -0500, Bill Marcum wrote:
> On Fri, Dec 19, 2003 at 09:34:56PM -0600, Greg Norris wrote:
> You don't say whether the message is listed as an "event" or a "security
> violation", but I'm guessing it's the latter, and the reason is that
> the email address contains
On Fri, Dec 19, 2003 at 09:34:56PM -0600, Greg Norris wrote:
> Every now and then, logcheck complains about syslog messages such as
> the one below. Not a big problem, but it's supposed to filter out
> messages which match the associated regexp... which really should cover
> this case, as far as I
Hi,
I finally got my problem fixed. You comments were partially helpfull
because I'm still using the version in stable and some tips didn't
make sence (e.g. other file names).
You were correct that in logcheck.violations I had a reject in it that
matched the postfix lines.
I then added to logch
On Sun, Oct 19, 2003 at 12:12:01PM +0200, Rudy Gevaert wrote:
> On Sat, Oct 18, 2003 at 03:39:41PM -0700, Ross Boylan wrote:
...
> > That might also happen if some other patterns in
> > cracking.d or violations.d are picking them out. In particular, if
> > logcheck (the pattern file, not the progr
On Sat, Oct 18, 2003 at 03:39:41PM -0700, Ross Boylan wrote:
> On Sat, Oct 18, 2003 at 11:18:17PM +0200, Rudy Gevaert wrote:
> > On Sat, Oct 18, 2003 at 11:52:15AM +0200, Sven Hoexter wrote:
> >
> > > > I find the documentation of logcheck to confusing.
>
> Me too. I just spent a lot of time sta
On Sat, Oct 18, 2003 at 11:18:17PM +0200, Rudy Gevaert wrote:
> On Sat, Oct 18, 2003 at 11:52:15AM +0200, Sven Hoexter wrote:
>
> > > I find the documentation of logcheck to confusing.
Me too. I just spent a lot of time staring at the source and
submitted a patch with much expanded documentation
On Sat, Oct 18, 2003 at 11:52:15AM +0200, Sven Hoexter wrote:
> > I find the documentation of logcheck to confusing.
> You just need to add the pattern you would like to have ignored
> to the *.ignore files. That's all.
schamper:/etc/logcheck# grep -r postfix *
ignore.d/postfix:postfix
ignore.d.
On Sat, Oct 18, 2003 at 10:20:58AM +0200, Rudy Gevaert wrote:
Hi,
> How can I tell logcheck to ignore everything from postfix exept
> reload|start|..| errors.
>
> I'm using an other logfilter for posftfix.
>
> I find the documentation of logcheck to confusing.
You just need to add the pattern y
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, Jun 12, 2003 at 01:34:37PM -0400, Brian P. Flaherty wrote:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: \[127.0.0.1\]
> Successful lookup: .* , .* : list \(list\)$
>
> What does the word 'list' refer to? I cannot find a place to d
On Tue, Mar 18, 2003 at 12:26:55PM +, Gabriel Granger wrote:
> If you give me an example of what your seeing that you dont want
> logcheck to pick up on, i can give you the information needed to supress
> it from logcheck reports.
I suspect what he's complaining about is the hundreds upon hu
Hi Andreas,
If you give me an example of what your seeing that you dont want
logcheck to pick up on, i can give you the information needed to supress
it from logcheck reports.
- Regards -
Organ Grinder
Ramin Motakef wrote:
Andreas Tille <[EMAIL PROTECTED]> writes:
Hi,
I
Andreas Tille <[EMAIL PROTECTED]> writes:
> Hi,
>
> I wanted to supress PostgreSQL statistics in the logcheck messages by the
> following entry in
>
>/etc/logcheck/ignore.d.server/postgresql.my
>
> .
>
> Believe it or not logcheck is flooding me with messages like crazy:
> Kind regard
On 2 Mar 2003 at 11:27, Martin Kacerovsky wrote:
> > I wanted to rotate that file using logcheck and created a file
>
> I think you mean logrotate and not logcheck, logcheck is a tool used
> to periodic checking of log files and generating e-mail messages about
> unusual events or possible secur
Hi,
On Sun, Mar 02, 2003 at 09:20:18AM -, Chris Evans wrote:
> I am using stable for a small personal server. I have postfix
> copying all my incoming Email to a file /var/log/mailcopy/chris.mail
> as a belt and braces check I get things and to enable me to use
> hypermail to create
hi ya
On Sun, 23 Feb 2003, Sebastian Haase wrote:
> Hi,
> I administer a few Intel pentium machines running Woody.
> I have the logcheck package installed on all of them,
> because I think it's a good habit to monitor what's going
> on "inside those machines".
> BUT somehow logcheck thinks it
On Thu, Jan 02, 2003 at 11:27:35PM -0800, Paul Johnson wrote:
> Running sid, why has logcheck started producing this?
>
> /usr/sbin/logcheck: line 107: /bin/egrep: No such file or directory
As others have said, an NMU of grep moved things around. The fix until
a new logcheck is uploaded is to ad
Paul Johnson said:
> Running sid, why has logcheck started producing this?
> /usr/sbin/logcheck: line 107: /bin/egrep: No such file or directory
perhaps something happened to /bin/egrep?
nate
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [E
Paul Johnson wrote:
> Running sid, why has logcheck started producing this?
[snip]
> /usr/sbin/logcheck: line 107: /bin/egrep: No such file or directory
Because with the newest grep package, egrep is now in /usr/bin. It's
logcheck's fault for hard-coding the path. I understand this will be
fixe
On 2003-01-02 23:27, Paul Johnson wrote:
> Running sid, why has logcheck started producing this?
[...]
> /usr/sbin/logcheck: line 107: /bin/egrep: No such file or directory
[...]
There is some devel discussion about it here:
http://lists.debian.org/debian-devel/2003/debian-devel-200301/msg00064.ht
Hello Nate :
Thank You Very Very Very Very Very Much. ;-)
--
Trust & Unique ...
Axacheng's PGP Public Key http://www.navigation.idv.tw/pgpkey
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> uc-snmp.*61.221.73.226
er try
ucd-snmp.*61.221.73.226
put that on a blank line in logcheck.ignore
next time logcheck runs it should ignore it
nate
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> Hello List :
>
> I got some log report by logcheck, when i was installed MRTG into my
> site.
>
> Jun 24 10:30:01 axanet ucd-snmp[378]: Connection from 61.221.73.226 Jun
> 24 10:35:02 axanet ucd-snmp[378]: Connection from 61.221.73.226 Jun 24
> 10:35:02 axanet ucd-snmp[378]: Connection fro
On Sun, 2 Dec 2001, Volker Schlecht wrote:
> I'm having a major problem with the version of logcheck currently in
> testing. Apparently logcheck has by now decided that log entries by
> iptables (which are found in /var/log/syslog, /var/log/messages AND
> /var/log/kern.log, all of which are neatly
On Mon, 4 Jun 2001, Alvin Oga wrote:
>
> hi ya jiji
>
> > - rebooted which should take care of cron / syslogd / logcheck.sh not
> > running
> > - apt-get --reinstall install logcheck just in case
> > - hacker? that is my fear. How can I find evidence that the @#$@ is in
> > there?
You ma
hi ya francois
my log check sends me an hourly status ... ( its the default log files )
c ya
alvin
On Mon, 4 Jun 2001, Francois Gouget wrote:
> On Mon, 4 Jun 2001, Alvin Oga wrote:
>
> >
> > hi ya jiji
> >
> > > - rebooted which should take care of cron / syslogd / logcheck.sh not
> > > ru
- rebooted which should take care of cron / syslogd / logcheck.sh not running
- apt-get --reinstall install logcheck just in case
- hacker? that is my fear. How can I find evidence that the @#$@ is in there?
On Mon, Jun 04, 2001 at 03:24:05PM -0700, Alvin Oga wrote:
>
> hi jiji
>
> you probabl
hi ya jiji
> - rebooted which should take care of cron / syslogd / logcheck.sh not running
> - apt-get --reinstall install logcheck just in case
> - hacker? that is my fear. How can I find evidence that the @#$@ is in there?
-- what changed since the last time logcheck was working...
-
On Tue, Jun 05, 2001 at 07:58:50AM -0500, hanasaki wrote:
> I have added the following else statement to the script
> so there is always a report. I would appreciate it if the utility's owner
> would
> consider adding this to his/her next revision and giving a small credit if
> they do.
I would
Although hackers are still not ruled out, I may have found the problem.
There were some things added, by me, to the .ignore config file.
This has, most likely, resulted in some runs of logcheck.sh not finding
anything to report. Looking at the logcheck.sh script in more detail,
it looks as if
hi jiji
you probably have a problem with:
- check cron ( restart it even if its running
- check syslogd ( restart it even if its running
- run logcheck.sh manually and see if than reports your status
since the last time
- what happend since the June 1st.
Am 05. Jun, 2001 schwäzte Dave Sherohman so:
> On Tue, Jun 05, 2001 at 07:58:50AM -0500, hanasaki wrote:
>
> > I have added the following else statement to the script so there is
> > always a report. I would appreciate it if the utility's owner would
> > consider adding this to his/her next revis
On Wed, Apr 18, 2001 at 04:34:05PM -0700, [EMAIL PROTECTED] wrote:
> i have logcheck installed on a few systems. i cleared out most
> of the things generating the reports but..it still emails me
> every hour and the only contents of the email are the log entries
> of it sending the previous email(m
On Wed, Apr 18, 2001 at 04:34:05PM -0700, [EMAIL PROTECTED] wrote:
> i have logcheck installed on a few systems. i cleared out most
> of the things generating the reports but..it still emails me
> every hour and the only contents of the email are the log entries
> of it sending the previous email(m
Copy the logcheck entries to /etc/logcheck/logcheck.ignore,
cut out specific stuff like dates, and replace cut out
parts with .* (the entries are regular expressions).
If you still get messages, copy those entries to
logcheck.violations.ignore as well. Be as specific as
possible... and remember tha
At Wed, 18 Apr 2001 16:34:05 -0700 (PDT) , [EMAIL PROTECTED] wrote:
>email to me using postfix). any way to get rid of those so only
>emails that contain something useful are generated? being emailed
>by a program about activities it performs isnt ideal for me :)
rm /etc/cron.d/logcheck
Get you
On Mon, Oct 30, 2000 at 09:15:41AM +, Christopher Clark wrote:
> > The default 'server' config for logcheck ignores almost all of these things.
> > Perhaps you should reconfigure your logcheck package? I suspect that you
> > chose the 'utterly paranoid, report _everything_' configuration last
> The default 'server' config for logcheck ignores almost all of these things.
> Perhaps you should reconfigure your logcheck package? I suspect that you
> chose the 'utterly paranoid, report _everything_' configuration last time
> around...
Just to show my complete ignorance, how do you reconfig
On Fri, Oct 27, 2000 at 01:57:58PM +, Christopher Clark wrote:
> In addition to a firewall (pmfirewall) and portsentry I now have
> logckeck running. Unfortunately I get a lot of mail saying I am under attack
> when I am sure I am not.
I suspect you're just getting notifications of (what logc
"Paul J. Keenan" <[EMAIL PROTECTED]> writes:
> The logcheck script is in /usr/sbin/logcheck.sh - the script uses
> grep to do the pattern matching. From the source and the grep(1)
> manpage, it seems that for the lines to include in the log
> (logcheck.hacking and logcheck.violations) the matchi
Robert Ramiega wrote:
> Maybe You are right but then why this:
> named[.*]: Cleaned cache of .* RRsets
> causes logcheck to exclude matching lines and the line at the top does not
> ??
Are you sure it does ? Perhaps there is another line in your ignore
file which matches it. That line should
On Tue, Dec 14, 1999 at 08:59:49PM +, Paul J. Keenan wrote:
> Robert Ramiega wrote:
>
> > named[.*]: USAGE .* .* CPU=.*/.* CHILDCPU=.*/.*
> > PAM_unix[.*]: (ssh) session opened for user .* by (.*)
> >
> > and i still get in logcheck mails:
> > Dec 13 23:46:53 plukwa named[159]: USAGE 9451252
Robert Ramiega wrote:
> named[.*]: USAGE .* .* CPU=.*/.* CHILDCPU=.*/.*
> PAM_unix[.*]: (ssh) session opened for user .* by (.*)
>
> and i still get in logcheck mails:
> Dec 13 23:46:53 plukwa named[159]: USAGE 945125213 945085613 CPU=61.74u/56.5s
> CHILDCPU=0u/0s
> Dec 13 23:04:55 plukwa PAM_u
On Mon, Dec 13, 1999 at 05:55:57PM -0900, Ethan Benson wrote:
> On 13/12/99 Pollywog wrote:
>
> > > and i still get in logcheck mails:
> > > Dec 13 23:46:53 plukwa named[159]: USAGE 945125213 945085613
> >
> >try
> >named.*: USAGE .*
umm i'm not sure if i tried this, but will check it ASAP
> >
>
On 14-Dec-1999 Ethan Benson wrote:
> i like the idea of logcheck but when it sends so much crap it defeats
> its purpose.
>
> since i see its not just me having problems with it perhaps a bug
> should be filed, this package is useless out of the box on standard
> debian systems.
I did not kno
On 13/12/99 Pollywog wrote:
> and i still get in logcheck mails:
> Dec 13 23:46:53 plukwa named[159]: USAGE 945125213 945085613
try
named.*: USAGE .*
> CPU=61.74u/56.5s CHILDCPU=0u/0s
> Dec 13 23:04:55 plukwa PAM_unix[17035]: (ssh) session opened for user root
> by
> (uid=0)
PAM_unix.*: (ssh
On 13-Dec-1999 Robert Ramiega wrote:
> Hi!
> I'm running Potato on my PPC machine.
> I have one problem with logcheck. It seems i can't create proper ignore
> rules: here is excerpt from logcheck.ignore:
>
> named[.*]: USAGE .* .* CPU=.*/.* CHILDCPU=.*/.*
> PAM_unix[.*]: (ssh) session opened
97 matches
Mail list logo
