Hi,
On Thu, Mar 14, 2024 at 04:18:26PM -0600, Charles Curley wrote:
> Interesting. My logcheck instance works just fine, andmakes no such
> complaints. However, my
> /etc/logcheck/logcheck.logfiles.d/syslog.logfiles has them commented
> out.
You are probably using the journal
On Thu, 14 Mar 2024 11:25:52 -0700
cono...@panix.com (John Conover) wrote:
> Email from logcheck(1) contains:
>
> E: File could not be read: /var/log/syslog
> E: File could not be read: /var/log/auth.log
>
> which do not exist in bookworm 12.5.
>
> The offen
Hi,
On Thu, Mar 14, 2024 at 11:25:52AM -0700, John Conover wrote:
> Email from logcheck(1) contains:
>
> E: File could not be read: /var/log/syslog
> E: File could not be read: /var/log/auth.log
>
> which do not exist in bookworm 12.5.
>
> The offending file
John Conover wrote:
>
> Email from logcheck(1) contains:
>
> E: File could not be read: /var/log/syslog
> E: File could not be read: /var/log/auth.log
>
> which do not exist in bookworm 12.5.
They do as soon as you install rsyslog.
Arguably this should be in rsys
On Thu, Mar 14, 2024 at 11:25:52AM -0700, John Conover wrote:
>
> Email from logcheck(1) contains:
>
> E: File could not be read: /var/log/syslog
> E: File could not be read: /var/log/auth.log
>
> which do not exist in bookworm 12.5.
You'll want to ins
Email from logcheck(1) contains:
E: File could not be read: /var/log/syslog
E: File could not be read: /var/log/auth.log
which do not exist in bookworm 12.5.
The offending file:
/etc/logcheck/logcheck.logfiles.d/syslog.logfiles
contains both filenames.
Thanks,
John
On 30/07/22 10:20, Andy Smith wrote:
Hello,
On Fri, Jul 29, 2022 at 04:30:19PM +1200, Richard Hector wrote:
My thought is to configure rsyslog to create extra logfiles, equivalent to
syslog and auth.log (the two files that logcheck monitors by default), which
only log messages at priority
Hello,
On Fri, Jul 29, 2022 at 04:30:19PM +1200, Richard Hector wrote:
> My thought is to configure rsyslog to create extra logfiles, equivalent to
> syslog and auth.log (the two files that logcheck monitors by default), which
> only log messages at priority 'warning' or a
Hi all,
I've used logcheck for ages, to email me about potential problems from
my log files.
I end up spending a lot of time scanning the emails, and then
occasionally a bunch of time updating the filter rules to stop most of
those messages coming through.
My thought is to conf
On Mon, Apr 04, 2022 at 08:02:45PM -0700, John Conover wrote:
>
> Can /etc/cron.d/sysstat and /etc/cron.daily/sysstat simply be removed?
>
Those files "belong" to the sysstate package. To ensure that your
modifications are preserved on upgrade, then the best way to handle it
is to simply commen
Roberto =?iso-8859-1?Q?C=2E_S=E1nchez?= writes:
> On Mon, Apr 04, 2022 at 12:46:33PM -0700, John Conover wrote:
> >
> > For the past few days, logcheck is sending:
> >
> > Apr 4 11:40:13 john systemd[1]: Starting system activity accounting
> > tool...
>
On Mon, Apr 04, 2022 at 12:46:33PM -0700, John Conover wrote:
>
> For the past few days, logcheck is sending:
>
> Apr 4 11:40:13 john systemd[1]: Starting system activity accounting
> tool...
> Apr 4 11:40:13 john systemd[1]: sysstat-collect.service: Succeeded.
>
For the past few days, logcheck is sending:
Apr 4 11:40:13 john systemd[1]: Starting system activity accounting tool...
Apr 4 11:40:13 john systemd[1]: sysstat-collect.service: Succeeded.
Apr 4 11:40:13 john systemd[1]: Finished system activity accounting tool.
iterated every 10
On Sat, Dec 09, 2017 at 04:49:09PM +0100, Sven Hartge wrote:
> Ulf Volmer wrote:
> > On 09.12.2017 15:37, Sven Hartge wrote:
> >> Richard Hector wrote:
> >>> Nobody else uses logcheck? Everyone is fine with how it works?
I use it on a few dozen servers and I'
On 10/12/17 04:01, Ulf Volmer wrote:
> On 09.12.2017 15:37, Sven Hartge wrote:
>> Richard Hector wrote:
>>
>>> Nobody else uses logcheck? Everyone is fine with how it works?
>>
>> I use logcheck on all systems and I see no need to change it. In fact, I
>>
Ulf Volmer wrote:
> On 09.12.2017 15:37, Sven Hartge wrote:
>> Richard Hector wrote:
>>> Nobody else uses logcheck? Everyone is fine with how it works?
>>
>> I use logcheck on all systems and I see no need to change it. In
>> fact, I *want* the reboot mess
On 09.12.2017 15:37, Sven Hartge wrote:
> Richard Hector wrote:
>
>> Nobody else uses logcheck? Everyone is fine with how it works?
>
> I use logcheck on all systems and I see no need to change it. In fact, I
> *want* the reboot messages and filtering them out would be
Richard Hector wrote:
> Nobody else uses logcheck? Everyone is fine with how it works?
I use logcheck on all systems and I see no need to change it. In fact, I
*want* the reboot messages and filtering them out would be a regression
for me.
Grüße,
Sven.
--
Sigmentation fault. Core dumped.
On Sat, 9 Dec 2017, at 01:19, Richard Hector wrote:
> Nobody else uses logcheck? Everyone is fine with how it works?
Can't say... but having never heard of it I googled it, found my way
to the project page and its mail-lists, and noticed that there's been
hardly any traffic th
On 08/12/17 16:55, Richard Hector wrote:
> Hi all,
>
> I'm generally a happy user of logcheck, but it makes a lot of noise at
> boot time, from kernel messages and startup scripts.
>
> There are two problems with this: Firstly, it's a lot of work to go
> through
Hi all,
I'm generally a happy user of logcheck, but it makes a lot of noise at
boot time, from kernel messages and startup scripts.
There are two problems with this: Firstly, it's a lot of work to go
through and create filters for just me - I started once, and gave up.
Secondly, I don&
Thanks for this Brian, I've patched logcheck as you suggested and left it
running overnight to see what happens. There is no change in its behaviour,
so later on I'll reboot and see if that fixes it.
Thanks again
Sharon.
On 3 January 2013 18:13, Brian wrote:
> On Thu 03 Jan 201
On Thu 03 Jan 2013 at 17:27:56 +, Sharon Kimble wrote:
> I am seeing lots of emails like this from logcheck '/usr/sbin/logcheck:
> line 100: kill: (10554) - No such process' which is bug #657641, and there
> is a patch provided. How do I apply that patch please to my &#x
I am seeing lots of emails like this from logcheck '/usr/sbin/logcheck:
line 100: kill: (10554) - No such process' which is bug #657641, and there
is a patch provided. How do I apply that patch please to my 'logcheck' in
wheezy please?
Thanks
Sharon.
--
A t
the domain in postfix, mailname, etc,
> it showed up the old one. as i changed the domain via dpkg-reconf,
> it also changed in /var/cache/debconf/config.dat, and now logcheck
> is sending with the newdomain.
>
> postfix main.cf is identical before dpkg-reconfigure
>
> i
domain via dpkg-reconf, it
also changed in /var/cache/debconf/config.dat, and now logcheck is
sending with the newdomain.
postfix main.cf is identical before dpkg-reconfigure
i can not imagine how can /var/cache/debconf/config.dat affect this!
On 2011.01.19. 18:05, Camaleón wrote:
El 2011-01
El 2011-01-19 a las 12:10 +0100, Informatik.hu escribió:
(resending to the list)
> On 2011.01.17. 16:04, Camaleón wrote:
>> On Mon, 17 Jan 2011 14:41:11 +0100, Informatik.hu wrote:
>>
>>> I am using logcheck on my squeeze, i have changed the domain name of the
>>&
mails to "root" are not delivered to the current and updated host
>>>> domain? Check your alises database ("cat /etc/alisases") and your
>>>> hostname (hostname -d).
>>> SENDMAILTO="logcheck"
>>>
>>> in aliases
gt; hostname (hostname -d).
> SENDMAILTO="logcheck"
>
> in aliases
>
> logcheck:root
> root:szun
> szun:[where i wanted to send the logcheck mai]
>
> so i changed the sendmailto= to my destination email, and voila, it
> comes with the newdomain!
Were you using t
Hi!
SENDMAILTO="logcheck"
in aliases
logcheck:root
root:szun
szun:[where i wanted to send the logcheck mai]
so i changed the sendmailto= to my destination email, and voila, it
comes with the newdomain!
any suugestions?
On 2011.01.17. 16:04, Camaleón wrote:
On Mon, 17 Jan 201
On Mon, 2011-01-17 at 14:41 +0100, Informatik.hu wrote:
> I am using logcheck on my squeeze, i have changed the domain name of the
> machine from olddomain.com to newdomain.com, everything works fine, but
> logcheck still sends the mails with r...@olddomain.com. How/where can i
>
On Mon, 17 Jan 2011 14:41:11 +0100, Informatik.hu wrote:
> I am using logcheck on my squeeze, i have changed the domain name of the
> machine from olddomain.com to newdomain.com, everything works fine, but
> logcheck still sends the mails with r...@olddomain.com. How/where can i
>
Hi All!
I am using logcheck on my squeeze, i have changed the domain name of the
machine from olddomain.com to newdomain.com, everything works fine, but
logcheck still sends the mails with r...@olddomain.com. How/where can i
a change the sender of logcheck emails?
Vuki
--
To UNSUBSCRIBE
ts from the logs. But I ran the egrep check
on the server itself using the actual logcheck configuration and log
file (fed it to "egrep -f") and it works as expected - stack traces
are filtered out. But when logcheck runs from cron then the stack
traces are not filtered out (using the same
out
(stack traces are present in logcheck emails). When I test manually, I
do the following -
$ cat sample.txt|sed -e 's/[space]*$//' | egrep -v -f ./gigaspaces
I suspect it's because you're using a relative path (./gigaspaces).
You'll need the full path to it from cro
in logcheck emails). When I test manually, I
do the following -
$ cat sample.txt|sed -e 's/[space]*$//' | egrep -v -f ./gigaspaces
(I got this from http://wiki.logcheck.org/DevelTipsTricks)
This works as expected.
To summerise - the symptoms are as follows (with more details
On Wed, 13 Jan 2010 14:07:18 +0300, Ali Jawad wrote:
> Hi
> I did install logcheck, did setup a cronjob, however all emails are sent
> to logcheck at my domain.com.
Have you tried by setting up the "SENDMAILTO=" variable value listed in "/
etc/logcheck/logcheck.conf&quo
Hi
I did install logcheck, did setup a cronjob, however all emails are sent to
logcheck at my domain.com.
I did change aliases and added
logcheck: m...@mydomain.com
and
logcheck: me
But it does not work the emails are still being sent out without the
destination being rewritten.
Please help
On Mon, 21 Jul 2008 14:02:33 +0200
Pavlos Parissis <[EMAIL PROTECTED]> wrote:
[...snip...]
> Thanks Martin for the confirmation on the bug.
>
> I'll file the bug report against logcheck-database packages and not to
> logcheck because /etc/logcheck/violations.d/su is
i.logcheck.org/index.cgi/RuleSubmission
> http://logcheck.org/git.html
Thanks Martin for the confirmation on the bug.
I'll file the bug report against logcheck-database packages and not to logcheck
because /etc/logcheck/violations.d/su is provided by logcheck-database.
# dpkg -S /etc/l
also sprach Pavlos Parissis <[EMAIL PROTECTED]> [2008.07.21.1147 +0200]:
> the issue resides in 3rd and 4th line, the - character should be
> : for matching user:root and root:user strings.
So maybe su changed the format *again*. You should file a wishlist
bug asking for [-:] to be used instead of
Hi,
Before I file a bug report I would like to verify with you guys that I have
found a bug.
As the subject suggests there is an issue with the pattern matching for su in
this file
# cat /etc/logcheck/violations.d/su
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \(pam_[[:alnum
t; Kev
> > [0]
> > egrep "^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[.*\]: \(root\)
> > CMD \(/usr/sbin/getimage" roberto.txt
>
> The way logcheck works is that you specify a regex for stuff to ignore.
>
> The odd thind is that I have a cron job th
re. Is this
> supposed to match what to display or what not to display? is the log
> level set right to exclude this message? not sure as never used that
> app.
> cheers,
> Kev
> [0]
> egrep "^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[.*\]: \(root\)
> CMD \(/usr
On Thu, Oct 12, 2006 at 12:05:51AM -0400, Roberto C. Sanchez wrote:
> On Wed, Oct 11, 2006 at 10:59:31PM -0400, Kevin Mark wrote:
> > >
> > > Please excuse me while I go and beat head against a brick wall.
> > reading debian-devel lately is torture enough x-)
>
> :-)
>
> But, argh!!!
>
> It st
On Wed, Oct 11, 2006 at 10:59:31PM -0400, Kevin Mark wrote:
> >
> > Please excuse me while I go and beat head against a brick wall.
> reading debian-devel lately is torture enough x-)
:-)
But, argh!!!
It still doesn't work:
regex:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[.*\]: \(ro
On Wed, Oct 11, 2006 at 09:43:22PM -0400, Roberto C. Sanchez wrote:
> On Wed, Oct 11, 2006 at 09:35:57PM -0400, Kevin Mark wrote:
> > On Wed, Oct 11, 2006 at 06:08:08PM -0400, Roberto C. Sanchez wrote:
> > > I have the following line in /etc/logcheck/ignore.d.server/local:
> &
On Wed, Oct 11, 2006 at 09:35:57PM -0400, Kevin Mark wrote:
> On Wed, Oct 11, 2006 at 06:08:08PM -0400, Roberto C. Sanchez wrote:
> > I have the following line in /etc/logcheck/ignore.d.server/local:
> >
> > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/BIN/CRON\[.*\]: \(root\)
On Wed, Oct 11, 2006 at 06:08:08PM -0400, Roberto C. Sanchez wrote:
> I have the following line in /etc/logcheck/ignore.d.server/local:
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/BIN/CRON\[.*\]: \(root\) CMD
> \(/usr/sbin/getimage
>
> The level in logcheck.conf is set to ser
I have the following line in /etc/logcheck/ignore.d.server/local:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/BIN/CRON\[.*\]: \(root\) CMD
\(/usr/sbin/getimage
The level in logcheck.conf is set to server. Still, these lines show up
in my logcheck messages every hour:
Oct 11 17:06:01 miami /USR
t want to
use debian's rules:
/etc/logcheck.conf:
# Controls the base directory for rules file location
# This must be an absolute path
#RULEDIR="/etc/logcheck"
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
gnore *less* than what is included. If
you want very verbose output from logcheck, then set your logcheck level
paranoid. The ignore directives included by default for the paranoid
level are quite sparse. You will get *plenty* of output that way.
Regards,
-Roberto
--
Roberto C. Sanchez
h
rried about.
> >
> > This sounds like logcheck's mandate, except that logcheck seems to be
> > more geared towards letting package maintainers define rules for
> > filtering normal entries. For instance, there are a number of rules
> > in
> > ignore.d.paranoid
Logwatch might be an alternative.
Ian D. Leroux wrote:
I'm looking for a way to monitor my logfiles while selectively ignoring
noise, i.e. entries that *I* understand and am not worried about.
This sounds like logcheck's mandate, except that logcheck seems to be
more geared towar
On Sat, Oct 07, 2006 at 09:23:03AM -0400, Ian D. Leroux wrote:
> I'm looking for a way to monitor my logfiles while selectively ignoring
> noise, i.e. entries that *I* understand and am not worried about.
>
> This sounds like logcheck's mandate, except that logcheck see
I'm looking for a way to monitor my logfiles while selectively ignoring
noise, i.e. entries that *I* understand and am not worried about.
This sounds like logcheck's mandate, except that logcheck seems to be
more geared towards letting package maintainers define rules for
filtering norm
Hi
I'm trying add new rules to logcheck, but as soon as it get dynamic
my new rules fails. For instance whenever postfix checks
user/password in my mysql-table, it's written i the log and i get a
mail. Here i tried to add new rules, but only the static works.
# Extras - Mysql Connec
Now that works!
Dankjewel Florian ;) (thanks in dutch for the rest of the list ;))
Pim
On Apr 2, 2006, at 7:07 PM, Florian Kulzer wrote:
Pim Bliek wrote:
Hi list
Logcheck is driving me NUTS. I'm not a regular expression guru so
here's my problem:
Every hour I run a script to ki
Pim Bliek wrote:
Hi list
Logcheck is driving me NUTS. I'm not a regular expression guru so
here's my problem:
Every hour I run a script to kick out ssh brute force script kiddies.
This generates the following in syslog:
Apr 2 17:01:01 zenggi2 /USR/SBIN/CRON[29227]: (root) CMD (
Not an answer to your question...
Can I get a copy of the script you use to block brute force attempts?
thanks
diswill
Pim Bliek wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list
Logcheck is driving me NUTS. I'm not a regular expression guru so
here's my problem:
Ev
Am Sonntag, den 02.04.2006, 17:35 +0200 schrieb Pim Bliek:
> ^[[:alnum:]-]+autodeny[[:alnum:]-]+$
i don't know about logcheck and the regexp syntax it uses, but try
^.*autodeny\.rb.*$
you may have to start and finish the expression with a slash.
Grüße / Regards,
Oliver
--
All things ar
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi list
Logcheck is driving me NUTS. I'm not a regular expression guru so
here's my problem:
Every hour I run a script to kick out ssh brute force script kiddies.
This generates the following in syslog:
Apr 2 17:01:01 zenggi2 /USR
el: eth0: VIA Rhine II at 0xd400,
> 00:0b:6a:b7:c6:dc, IRQ 11.
> Feb 21 09:18:23 localhost kernel: eth0: MII PHY found at address 1,
> status 0x786d advertising 05e1 Link 45e1.
> Feb 21 09:18:23 localhost kernel: eth0: link up, 100Mbps, full-duplex,
> lpa 0x45E1
> Feb 21 09:18:24 loc
900]: creating device node '/dev/vcsa7'
Feb 21 09:18:35 localhost /usr/sbin/cron[5896]: (CRON) INFO (pidfile fd = 3)
Feb 21 09:18:35 localhost /usr/sbin/cron[5915]: (CRON) STARTUP (fork ok)
Feb 21 09:18:36 localhost /usr/sbin/cron[5915]: (CRON) INFO (Running
@reboot jobs)
>>Feb 21
> -Original Message-
> From: Fisher, Jason [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, November 29, 2005 3:20 PM
> To: debian-user@lists.debian.org
> Subject: Logcheck amavisd-new and do_executable/do_unzip
>
> Hi all. I run a server that receives email using exim4 w
Hi all. I run a server that receives email using exim4 which in turn
hands email off to amavisd-new for virus-scanning and spam-checking. I
run logcheck which sends email highlighting specific entries from my
various logs. Logcheck has a series of files named after each program
which tell the
$ ls -ld /var/lock/logcheck/
drwxr-xr-x 2 logcheck logcheck 4096 2005-06-24 09:02 /var/lock/logcheck/
Thanks solved there were bad owner set, I set it with chmod and now it is ok
Thank you very much
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe"
Michal Sedlak wrote:
> Thank fou for response.
> I am nearly sure that there is no lock file in that directory.
> may be it is because of permissions but I do not know how to check it.
> Reinstalling of logcheck didn't help
Hmm. The logcheck package should create the directory
Thank fou for response.
I am nearly sure that there is no lock file in that directory.
may be it is because of permissions but I do not know how to check it.
Reinstalling of logcheck didn't help
best regards
michal sedlak
- Original Message -
From: "Adam Funk" <[EMA
Michal Sedlak wrote:
> Hi
> thank you for response
> This command:
> ps aux|grep logcheck
>
> gives only himself back
> root 8301 0.0 0.0 1840 592 pts/0S+ 17:09 0:00 grep
> logcheck
>
> even when I run logcheck manually it sends me this message:
&g
You may have to change the owner of the lock folder. Try:
chown -R logcheck /var/lock/logcheck/
--
Fabio M. Yamamoto
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi
thank you for response
This command:
ps aux|grep logcheck
gives only himself back
root 8301 0.0 0.0 1840 592 pts/0S+ 17:09 0:00 grep logcheck
even when I run logcheck manually it sends me this message:
Warning: If you are seeing this message, your log files may
Michal Sedlak wrote:
> Hello
> I have problem with logcheck
> logchceck sends me this error message:
>
> Failed to get lockfile: /var/lock/logcheck/logcheck.lock
>
> I do not have any idea why it can be. Can anybody help please?
I've used logcheck for a while and
Hello
I have problem with logcheck
logchceck sends me this error message:
Failed to get lockfile: /var/lock/logcheck/logcheck.lock
I do not have any idea why it can be. Can anybody help please?
Michal Sedlak
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubs
Hi,
I am running logcheck 1.2.28 but am unable to modify the rules to prevent
certain information being mailed to me. I get loads of messages like the
following in the System Events section of the email:
Nov 24 01:08:01 phil cron(pam_unix)[4763]: session opened for user mail by
(uid=0)
Nov 24
[ Up-to-date 'sarge/testing' with kernel-2.4.26-1-686-smp and
logcheck-1.2.28 ]
What I am trying to do is simple: eliminate lines like the following
generated by Shorewall in /var/log/syslog :
Oct 24 11:32:50 msslayer kernel: Shorewall:net2all:DROP:IN=eth0 ...
I created a new
gular expression guru, and I am having severe difficulties
> > > adjusting logcheck to my needs (on a Sid system).
> > >
> > > I get the following stuff mailed by logcheck from my syslog which I
> > > don't want to see:
> > > Sep 29 23:02:02 srv1 postfix/smtp
Thanx!
It was too late yesterday LOL. Off course it was smtpd ;). Also, I was
not aware of the extra rules in /etc/logcheck/violations.d! Stupid,
but I did not think of it. I commented out "failed" there and now it
doesn't show anymore! Now let's hope there are no other
On Wed, Sep 29, 2004 at 11:35:57PM +0200, Pim Bliek wrote:
> Hi All,
>
> I am no regular expression guru, and I am having severe difficulties
> adjusting logcheck to my needs (on a Sid system).
>
> I get the following stuff mailed by logcheck from my syslog which I
> don&#x
Hi All,
I am no regular expression guru, and I am having severe difficulties
adjusting logcheck to my needs (on a Sid system).
I get the following stuff mailed by logcheck from my syslog which I
don't want to see:
Sep 29 23:02:02 srv1 postfix/smtpd[29293]: _sasl_plugin_load fail
On Fri, 2004-06-11 at 12:22, Dana J. Laude wrote:
> Logcheck has changed recently. Make sure logcheck is a member of
> the adm group. Also, /etc/logcheck directory should have the
> owner of root, group - logcheck. Also, the /var/lib/logcheck
> dir should be owner logcheck, group
On Fri, 2004-06-11 at 22:56, Greg Folkert wrote:
> SOMETHING changed the perms in /var/*
>
> they should be :
> drwxrwsr-x2 root staff4096 2000-05-27 14:55 local
> drwxrwxrwt3 root root 4096 2004-06-03 00:58 lock
> drwxrwxrwt4 root r
On Thu, 2004-06-10 at 21:13, Zenaan Harkness wrote:
> tia
> zen
>
> -Forwarded Message-
> > From: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]
> > Subject: Logcheck: zen8100a 2004-06-11 11:02 exiting due to errors
> > Date: Fri, 11 Jun 2004 11:02:0
On Fri, Jun 11, 2004 at 11:13:38AM +1000 or thereabouts, Zenaan Harkness wrote:
> tia
> zen
>
> -Forwarded Message-
> > From: [EMAIL PROTECTED]
> > To: [EMAIL PROTECTED]
> > Subject: Logcheck: zen8100a 2004-06-11 11:02 exiting due to errors
> > D
tia
zen
-Forwarded Message-
> From: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Logcheck: zen8100a 2004-06-11 11:02 exiting due to errors
> Date: Fri, 11 Jun 2004 11:02:01 +1000
>
> Warning: If you are seeing this message, your log files may not have been
>
On Fri, 04 Jun 2004 20:20:09 +0200, "Bojan Baros"
<[EMAIL PROTECTED]> wrote:
> Matthijs said:
> > Jun 4 07:30:54 MyMail kernel: UDP: short packet: 24.5.180.234:10030
> > 2167/119 to 192.168.1.2:10768
> >
> > I'm not really interested in what these packets are for (I guess some
> > kind of worm/Do
On Fri, 04 Jun 2004 19:50:10 +0200, Paul Johnson <[EMAIL PROTECTED]>
wrote:
> Matthijs <[EMAIL PROTECTED]> writes:
>
> > Jun 4 07:30:54 MyMail kernel: UDP: short packet: 24.5.180.234:10030
> > 2167/119 to 192.168.1.2:10768
> >
> > I'm not really interested in what these packets are for (I guess
Matthijs said:
> Since a few days, Logcheck sometimes e-mails me the following warning:
>
> Jun 4 07:30:54 MyMail kernel: UDP: short packet: 24.5.180.234:10030
> 2167/119 to 192.168.1.2:10768
>
> I'm not really interested in what these packets are for (I guess some
>
Matthijs <[EMAIL PROTECTED]> writes:
> Since a few days, Logcheck sometimes e-mails me the following warning:
>
> Jun 4 07:30:54 MyMail kernel: UDP: short packet: 24.5.180.234:10030
> 2167/119 to 192.168.1.2:10768
>
> I'm not really interested in what these packets
Since a few days, Logcheck sometimes e-mails me the following warning:
Jun 4 07:30:54 MyMail kernel: UDP: short packet: 24.5.180.234:10030
2167/119 to 192.168.1.2:10768
I'm not really interested in what these packets are for (I guess some
kind of worm/DoS related packets), but I&#
Suddenly I'm getting a lot of logcheck messages:
System Events
=-=-=-=-=-=-=
May 14 04:06:34 desk getty[7757]: /dev/tty2: already in use
May 14 04:06:44 desk getty[7758]: /dev/tty2: already in use
May 14 04:06:54 desk getty[7759]: /dev/tty2: already in use
May 14 04:07:04 desk getty[7760]:
On Thu, May 06, 2004 at 12:27:30AM -0600, Dana Laude said
> Greetings,
>
> I've been running unstable and noticed that logcheck has
> stopping working. (looks like a cron deal) Anyways, I
> remember during the upgrade it popped up with something
> about adding the group &
Pim Bliek | PingWings.nl wrote:
Hi All,
I get these in the mail via logcheck every hour:
Apr 12 10:55:01 fourtytwo CRON[7688]: (pam_unix) session opened for user
list by (uid=0)
Apr 12 10:55:01 fourtytwo CRON[7688]: (pam_unix) session closed for user
list
Repeat the above a zillion times :)
I
Hi All,
I get these in the mail via logcheck every hour:
Apr 12 10:55:01 fourtytwo CRON[7688]: (pam_unix) session opened for user
list by (uid=0)
Apr 12 10:55:01 fourtytwo CRON[7688]: (pam_unix) session closed for user
list
Repeat the above a zillion times :)
I looked through the config in
Hello,
Does anybody know of a package which provides functionality
similar but opposite to logcheck? What I mean is something
that would monitor logs and mail if something expected
*doesn't* appear in the logs over a certain time period?
This would be a pretty easy job to manually ret
Hello,
I'm experiencing problems running LOGCHECK on Debian 30r2. It runs Ok
and does its job, but I always get an egrep error message:
# logcheck
egrep: Unmatched [ or [^
#
Have anyone a clue of this problem?
Thanks,
Luís Nogueira
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
w
- Original Message -
From: "Brian Brazil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, February 17, 2004 5:47 AM
Subject: Re: Debian Sarge Logcheck Query
> Just a thought - if you don't get any messages how do you know that your
> ma
On Mon, Feb 16, 2004 at 09:31:11PM +1000, Peter A. Cole wrote:
> In fact logcheck didn't even send an email a minute ago when I check, which
> is how I want except for reboots and unexpected events.
Just a thought - if you don't get any messages how do you know that your
mac
- Original Message -
From: "Brian Brazil" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, February 16, 2004 9:19 PM
Subject: Re: Debian Sarge Logcheck Query
> On Mon, Feb 16, 2004 at 09:02:18PM +1000, Peter A. Cole wrote:
> > I'm using
On Mon, Feb 16, 2004 at 09:02:18PM +1000, Peter A. Cole wrote:
> I'm using logcheck to get notifications on my Debian Sarge box, but I would
> really like to get rid of a few extra messages that can be ignored. The
> entries I want to ignore are:
>
> Feb 16 20:49:38 jake in.qp
1 - 100 of 186 matches
Mail list logo
