logcheck 1.3.14 source package in Ubuntu
logcheck (1.3.14) unstable; urgency=low [ martin f. krafft ] * ignore.d.server/postfix: - ignore notice about verified TLS connections. * ignore.d.server/openvpn: - broaden filters to catch more messages. [ Hanspeter Kunz ] * ignore.d.server/dovecot: - allow for arbitrary msgids - ignore discarded vacation replies with precedence Bulk and list - ignore notice about managesieve logouts (closes: #637918) * ignore.d.server/postfix: - ignore (temporary) rejects messages when the sender domain is not found - ignore verify cache db cleanups [ Hannes von Haugwitz ] * src/logcheck: - added numeric timezone information to subject line - re-enabled globbing of logfile names (closes: #616103) * docs/README.logcheck-database: - mention logcheck-test in 'TESTING RULES' section * ignore.d.workstation/wpasupplicant: - match 5200, 5300, 5260 and 5680 MHz in 'Trying to associate' message - allow WPA protocol in 'wpa_action: key_mgmt' message - ignore "mode=station" message - ignore "Trying to authenticate" message - allow '/run/sendsigs.omit.d' as location for pidfile (closes: #633030) * ignore.d.server/login: - adjusted rule to match serial terminals * ignore.d.workstation/kernel: - ignore "Spinning up disk" message - ignore 'cfg80211: Calling CRDA for country' message - ignore 'Monitor-Mwait' messages - ignore WLAN 'waiting for beacon' and 'beacon received' messages - allow 'device number' in '(new|reset) (low|full|high) speed USB' and 'USB disconnect' messages * ignore.d.server/cron-apt: - allow optional whitespace between value and unit, thanks to Gabor Kiss (closes: #609649) - allow optional architecture in "Get" message * ignore.d.server/dnsmasq: - allow '-' in interface name, thanks to Jan Evert van Grootheest (closes: #608256) * src/logcheck, etc/logcheck.conf: - added option to compress attachment with gzip * ignore.d.server/snmpd: - adjusted UDP rule to match new SNMP output format, thanks to Robert Naylor (closes: #613124) * docs/logcheck-test.1: - use 'logcheck-test' instead of 'logcheck' in the EXAMPLES * ignore.d.workstation/libpam-gnome-keyring: - adjusted rule to match messages without quotes (closes: #618411) * ignore.d.server/dhclient: - allow '-' in interface name (closes: #622942) * ignore.d.server/spamd: - adjusted 'child cleanup' rule to match new format, thanks to Enno Gröper (closes: #632471) * src/logcheck-test: - allow symbolic link as rule file * ignore.d.workstation/xlockmore: - applied patch by Libor Polčák: ignore local display * logcheck-database.preinst: - deleting ignore.d.server/webmin, package has been removed from debian * ignore.d.server/kernel: - ignore "kvm: emulating exchange as write" message - allow optional ". Opts: (null)" at the end of "mounted filesystem with (writeback|ordered) data mode" message * ignore.d.server/amavisd-new: - allow quarantine in "Passed SPAM" log line - allow subdirectories for quarantine messages and made Message-ID in "Passed BAD-HEADER" log lines optional, thanks to John Clements - allow compressed quarantine messages (closes: #639839) * debian/rules: - added build-indep and build-arch targets * debian/control: - bumped to Standards-Version 3.9.2 (no changes necessary) [ Gerfried Fuchs ] * Remove myself from uploaders. [ Jeremy L. Gaddis ] * ignore.d.server/postfix: - adjust postfix certificate fingerprint rule to match new output format, thanks to Loïc Minier (closes: #616616) * ignore.d.server/amavisd-new: - adjusted rule to match new output format, thanks to Adrian Lang (closes: #624197) * ignore.d.server/ssh: - add rule to ignore AllowGroups denial, thanks to Gerald Turner (closes: #637923) * ignore.d.server/dovecot: - adjusted rule to match IPv6 addresses, thanks to Gerald Turner (closes: #637916) * debian/copyright: - updated copyright year to 2011 - added myself as team member [ Frédéric Brière ] * violations.d/kernel: - ignore whitespace before timestamp * ignore.d.workstation/kernel: - allow '.' in input device name -- Lo?c Minier <email address hidden> Mon, 03 Oct 2011 23:51:48 +0000
- diff from 1.3.13 to 1.3.14 (12.3 KiB)
Binary packages built by this source
- logcheck: mails anomalies in the system logfiles to the administrator
Logcheck helps spot problems and security violations in your logfiles
automatically and will send the results to you in e-mail.
Logcheck was part of the Abacus Project of security tools, but this
version has been rewritten.
- logcheck-database: database of system log rules for the use of log checkers
This database is part of the Logcheck package, but might be used by others.
It brings a database of regular expressions for matching system log entries
after various criteria.
- logtail: Print log file lines that have not been read (deprecated)
This program will read in a standard text file and create an
offset marker when it reads the end. The offset marker is read
the next time logtail is run and the text file pointer is moved
to the offset location. This allows logtail to read in the next
lines of data following the marker. This is good for marking log
files for automatic log file checkers to monitor system events.
The package also provides logtail2, which better deals with rotated log
files: If logtail2 finds that the inode of the file was changed, it assumes
that the log has been rotated, and tries to find the file it was rotated to
using heuristic plugins. If it finds the file, it will print the remainder of
the file starting at the offset saved to the offset file. If a file with the
correct inode was not found, logtail2 will only print the new file in its
entirety before writing a new offset file.