Public bug reported: Ubuntu 24.04 / logcheck 1.4.3. No rsyslog installed, pure journal.
logcheck floods reports with the following lines: ... Mär 30 05:35:01 ad525 CRON[14991]: pam_unix(cron:session): session opened for user root(uid=0) by root(uid=0) Mär 30 05:39:01 ad525 CRON[15004]: pam_unix(cron:session): session opened for user root(uid=0) by root(uid=0) Mär 30 05:45:01 ad525 CRON[15067]: pam_unix(cron:session): session opened for user root(uid=0) by root(uid=0) Mär 30 05:55:01 ad525 CRON[15102]: pam_unix(cron:session): session opened for user root(uid=0) by root(uid=0) Mär 30 06:05:01 ad525 CRON[15131]: pam_unix(cron:session): session opened for user root(uid=0) by root(uid=0) Mär 30 06:09:01 ad525 CRON[15144]: pam_unix(cron:session): session opened for user root(uid=0) by root(uid=0) Mär 30 06:15:01 ad525 CRON[15205]: pam_unix(cron:session): session opened for user root(uid=0) by root(uid=0) Mär 30 06:17:01 ad525 CRON[15212]: pam_unix(cron:session): session opened for user root(uid=0) by root(uid=0) ... There is a line in /etc/logcheck/ignore.d.server/logcheck that reads ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ ([[:alnum:]]+\[[0-9]+\])?: \(pam_[[:alnum:]]+\) session opened for user [.[:alnum:]-]+ by (root|LOGIN)?\(uid=0\)$ I guess it should read ^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+ ([[:alnum:]]+\[[0-9]+\])?: \(pam_[[:alnum:]]+\) session opened for user [.[:alnum:]-]+(\(uid=[0-9]+\))? by (root|LOGIN)?\(uid=0\)$ (additional line or modified line?) ProblemType: Bug DistroRelease: Ubuntu 24.04 Package: logcheck 1.4.3 ProcVersionSignature: Ubuntu 6.8.0-11.11-generic 6.8.0-rc4 Uname: Linux 6.8.0-11-generic x86_64 ApportVersion: 2.28.0-0ubuntu1 Architecture: amd64 CasperMD5CheckResult: unknown Date: Sun Mar 31 11:43:07 2024 PackageArchitecture: all ProcEnviron: LANG=de_DE.UTF-8 PATH=(custom, no user) SHELL=/bin/bash TERM=xterm-256color XDG_RUNTIME_DIR=<set> SourcePackage: logcheck UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.cron.d.logcheck: [modified] modified.conffile..etc.init.d.apport: [modified] modified.conffile..etc.logcheck.logcheck.conf: [modified] mtime.conffile..etc.cron.d.logcheck: 2017-06-17T22:04:13.003673 mtime.conffile..etc.init.d.apport: 2024-02-22T15:20:00 mtime.conffile..etc.logcheck.logcheck.conf: 2023-09-08T09:36:21.031072 ** Affects: logcheck (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug noble third-party-packages -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2059857 Title: logcheck report flooded with cron session lines To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/logcheck/+bug/2059857/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs