Public bug reported:

Ubuntu 24.04 / logcheck 1.4.3. No rsyslog installed, pure journal.

logcheck floods reports with the following lines:

...
Mär 30 05:35:01 ad525 CRON[14991]: pam_unix(cron:session): session opened for 
user root(uid=0) by root(uid=0)
Mär 30 05:39:01 ad525 CRON[15004]: pam_unix(cron:session): session opened for 
user root(uid=0) by root(uid=0)
Mär 30 05:45:01 ad525 CRON[15067]: pam_unix(cron:session): session opened for 
user root(uid=0) by root(uid=0)
Mär 30 05:55:01 ad525 CRON[15102]: pam_unix(cron:session): session opened for 
user root(uid=0) by root(uid=0)
Mär 30 06:05:01 ad525 CRON[15131]: pam_unix(cron:session): session opened for 
user root(uid=0) by root(uid=0)
Mär 30 06:09:01 ad525 CRON[15144]: pam_unix(cron:session): session opened for 
user root(uid=0) by root(uid=0)
Mär 30 06:15:01 ad525 CRON[15205]: pam_unix(cron:session): session opened for 
user root(uid=0) by root(uid=0)
Mär 30 06:17:01 ad525 CRON[15212]: pam_unix(cron:session): session opened for 
user root(uid=0) by root(uid=0)
...

There is a line in /etc/logcheck/ignore.d.server/logcheck that reads

^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
([[:alnum:]]+\[[0-9]+\])?: \(pam_[[:alnum:]]+\) session opened for user
[.[:alnum:]-]+ by (root|LOGIN)?\(uid=0\)$

I guess it should read

^(\w{3} [ :0-9]{11}|[0-9T:.+-]{32}) [._[:alnum:]-]+
([[:alnum:]]+\[[0-9]+\])?: \(pam_[[:alnum:]]+\) session opened for user
[.[:alnum:]-]+(\(uid=[0-9]+\))? by (root|LOGIN)?\(uid=0\)$

(additional line or modified line?)

ProblemType: Bug
DistroRelease: Ubuntu 24.04
Package: logcheck 1.4.3
ProcVersionSignature: Ubuntu 6.8.0-11.11-generic 6.8.0-rc4
Uname: Linux 6.8.0-11-generic x86_64
ApportVersion: 2.28.0-0ubuntu1
Architecture: amd64
CasperMD5CheckResult: unknown
Date: Sun Mar 31 11:43:07 2024
PackageArchitecture: all
ProcEnviron:
 LANG=de_DE.UTF-8
 PATH=(custom, no user)
 SHELL=/bin/bash
 TERM=xterm-256color
 XDG_RUNTIME_DIR=<set>
SourcePackage: logcheck
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.cron.d.logcheck: [modified]
modified.conffile..etc.init.d.apport: [modified]
modified.conffile..etc.logcheck.logcheck.conf: [modified]
mtime.conffile..etc.cron.d.logcheck: 2017-06-17T22:04:13.003673
mtime.conffile..etc.init.d.apport: 2024-02-22T15:20:00
mtime.conffile..etc.logcheck.logcheck.conf: 2023-09-08T09:36:21.031072

** Affects: logcheck (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug noble third-party-packages

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2059857

Title:
  logcheck report flooded with cron session lines

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logcheck/+bug/2059857/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to