Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#1023755: logcheck-database: New default rsyslog high-precision timestamp breaks most rules
36 views
Skip to first unread message
Stefan Kangas
Nov 9, 2022, 11:10:03 AM11/9/22
to
Package: logcheck-database
Version: 1.3.24
Severity: important
Dear Maintainer,
In rsyslog 8.2210.0-3, the timestamp format was changed to be high
precision by default. It now looks like this:
2022-11-09T15:02:03.157819+01:00
I believe this part of all rules:
^\w{3} [ :[:digit:]]{11}
Must be changed into something like:
^[[:digit:]-T:.+]{32}
I didn't test the above, but it should be easy enough to verify.
I have marked this bug "important" for now, but I'd suggest bumping it
to "serious" as this seems release-critical to me.
See also: https://bugs.debian.org/475303
https://bugs.debian.org/475553
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.0.0-2-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-- Configuration Files:
/etc/logcheck/cracking.d/kernel [Errno 13] Permission denied:
'/etc/logcheck/cracking.d/kernel'
/etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied:
'/etc/logcheck/cracking.d/rlogind'
/etc/logcheck/cracking.d/rsh [Errno 13] Permission denied:
'/etc/logcheck/cracking.d/rsh'
/etc/logcheck/cracking.d/smartd [Errno 13] Permission denied:
'/etc/logcheck/cracking.d/smartd'
/etc/logcheck/cracking.d/tftpd [Errno 13] Permission denied:
'/etc/logcheck/cracking.d/tftpd'
/etc/logcheck/cracking.d/uucico [Errno 13] Permission denied:
'/etc/logcheck/cracking.d/uucico'
/etc/logcheck/ignore.d.paranoid/bind [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/bind'
/etc/logcheck/ignore.d.paranoid/cron [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/cron'
/etc/logcheck/ignore.d.paranoid/incron [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/incron'
/etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/logcheck'
/etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/postfix'
/etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/ppp'
/etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/pureftp'
/etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/qpopper'
/etc/logcheck/ignore.d.paranoid/squid [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/squid'
/etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/ssh'
/etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/stunnel'
/etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/sysklogd'
/etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/telnetd'
/etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/tripwire'
/etc/logcheck/ignore.d.paranoid/usb [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/usb'
/etc/logcheck/ignore.d.server/acpid [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/acpid'
/etc/logcheck/ignore.d.server/amandad [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/amandad'
/etc/logcheck/ignore.d.server/amavisd-new [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/amavisd-new'
/etc/logcheck/ignore.d.server/anacron [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/anacron'
/etc/logcheck/ignore.d.server/anon-proxy [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/anon-proxy'
/etc/logcheck/ignore.d.server/apache [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/apache'
/etc/logcheck/ignore.d.server/apcupsd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/apcupsd'
/etc/logcheck/ignore.d.server/arpwatch [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/arpwatch'
/etc/logcheck/ignore.d.server/asterisk [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/asterisk'
/etc/logcheck/ignore.d.server/automount [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/automount'
/etc/logcheck/ignore.d.server/bind [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/bind'
/etc/logcheck/ignore.d.server/bluez-utils [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/bluez-utils'
/etc/logcheck/ignore.d.server/courier [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/courier'
/etc/logcheck/ignore.d.server/cpqarrayd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cpqarrayd'
/etc/logcheck/ignore.d.server/cpufreqd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cpufreqd'
/etc/logcheck/ignore.d.server/cron [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cron'
/etc/logcheck/ignore.d.server/cron-apt [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cron-apt'
/etc/logcheck/ignore.d.server/cups-lpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cups-lpd'
/etc/logcheck/ignore.d.server/cvs-pserver [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/cvs-pserver'
/etc/logcheck/ignore.d.server/cvsd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cvsd'
/etc/logcheck/ignore.d.server/cyrus [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cyrus'
/etc/logcheck/ignore.d.server/dcc [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dcc'
/etc/logcheck/ignore.d.server/ddclient [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ddclient'
/etc/logcheck/ignore.d.server/dhclient [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dhclient'
/etc/logcheck/ignore.d.server/dhcp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dhcp'
/etc/logcheck/ignore.d.server/dictd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dictd'
/etc/logcheck/ignore.d.server/dkfilter [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dkfilter'
/etc/logcheck/ignore.d.server/dnsmasq [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dnsmasq'
/etc/logcheck/ignore.d.server/dovecot [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dovecot'
/etc/logcheck/ignore.d.server/dropbear [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dropbear'
/etc/logcheck/ignore.d.server/dspam [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dspam'
/etc/logcheck/ignore.d.server/epmd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/epmd'
/etc/logcheck/ignore.d.server/exim4 [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/exim4'
/etc/logcheck/ignore.d.server/fcron [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/fcron'
/etc/logcheck/ignore.d.server/ftpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ftpd'
/etc/logcheck/ignore.d.server/git-daemon [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/git-daemon'
/etc/logcheck/ignore.d.server/gnu-imap4d [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/gnu-imap4d'
/etc/logcheck/ignore.d.server/gps [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/gps'
/etc/logcheck/ignore.d.server/grinch [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/grinch'
/etc/logcheck/ignore.d.server/horde3 [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/horde3'
/etc/logcheck/ignore.d.server/hplip [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/hplip'
/etc/logcheck/ignore.d.server/hylafax [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/hylafax'
/etc/logcheck/ignore.d.server/ikiwiki [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ikiwiki'
/etc/logcheck/ignore.d.server/imap [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/imap'
/etc/logcheck/ignore.d.server/imapproxy [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/imapproxy'
/etc/logcheck/ignore.d.server/imp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/imp'
/etc/logcheck/ignore.d.server/imp4 [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/imp4'
/etc/logcheck/ignore.d.server/innd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/innd'
/etc/logcheck/ignore.d.server/ipppd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ipppd'
/etc/logcheck/ignore.d.server/isdnlog [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/isdnlog'
/etc/logcheck/ignore.d.server/isdnutils [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/isdnutils'
/etc/logcheck/ignore.d.server/jabberd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/jabberd'
/etc/logcheck/ignore.d.server/kernel [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/kernel'
/etc/logcheck/ignore.d.server/klogind [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/klogind'
/etc/logcheck/ignore.d.server/krb5-kdc [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/krb5-kdc'
/etc/logcheck/ignore.d.server/libpam-krb5 [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/libpam-krb5'
/etc/logcheck/ignore.d.server/libpam-mount [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/libpam-mount'
/etc/logcheck/ignore.d.server/logcheck [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/logcheck'
/etc/logcheck/ignore.d.server/login [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/login'
/etc/logcheck/ignore.d.server/maradns [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/maradns'
/etc/logcheck/ignore.d.server/mldonkey-server [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/mldonkey-server'
/etc/logcheck/ignore.d.server/mon [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/mon'
/etc/logcheck/ignore.d.server/mountd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/mountd'
/etc/logcheck/ignore.d.server/nagios [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/nagios'
/etc/logcheck/ignore.d.server/netconsole [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/netconsole'
/etc/logcheck/ignore.d.server/nfs [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/nfs'
/etc/logcheck/ignore.d.server/nntpcache [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/nntpcache'
/etc/logcheck/ignore.d.server/nscd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/nscd'
/etc/logcheck/ignore.d.server/nslcd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/nslcd'
/etc/logcheck/ignore.d.server/openvpn [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/openvpn'
/etc/logcheck/ignore.d.server/otrs [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/otrs'
/etc/logcheck/ignore.d.server/passwd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/passwd'
/etc/logcheck/ignore.d.server/pdns [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/pdns'
/etc/logcheck/ignore.d.server/perdition [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/perdition'
/etc/logcheck/ignore.d.server/policyd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/policyd'
/etc/logcheck/ignore.d.server/popa3d [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/popa3d'
/etc/logcheck/ignore.d.server/postfix [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/postfix'
/etc/logcheck/ignore.d.server/postfix-policyd [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/postfix-policyd'
/etc/logcheck/ignore.d.server/ppp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ppp'
/etc/logcheck/ignore.d.server/pptpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/pptpd'
/etc/logcheck/ignore.d.server/procmail [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/procmail'
/etc/logcheck/ignore.d.server/proftpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/proftpd'
/etc/logcheck/ignore.d.server/pure-ftpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/pure-ftpd'
/etc/logcheck/ignore.d.server/pureftp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/pureftp'
/etc/logcheck/ignore.d.server/qpopper [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/qpopper'
/etc/logcheck/ignore.d.server/rbldnsd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/rbldnsd'
/etc/logcheck/ignore.d.server/rpc_statd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/rpc_statd'
/etc/logcheck/ignore.d.server/rsnapshot [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/rsnapshot'
/etc/logcheck/ignore.d.server/rsync [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/rsync'
/etc/logcheck/ignore.d.server/sa-exim [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/sa-exim'
/etc/logcheck/ignore.d.server/samba [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/samba'
/etc/logcheck/ignore.d.server/saned [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/saned'
/etc/logcheck/ignore.d.server/sasl2-bin [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/sasl2-bin'
/etc/logcheck/ignore.d.server/saslauthd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/saslauthd'
/etc/logcheck/ignore.d.server/schroot [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/schroot'
/etc/logcheck/ignore.d.server/scponly [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/scponly'
/etc/logcheck/ignore.d.server/slapd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/slapd'
/etc/logcheck/ignore.d.server/smartd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/smartd'
/etc/logcheck/ignore.d.server/smbd_audit [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/smbd_audit'
/etc/logcheck/ignore.d.server/smokeping [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/smokeping'
/etc/logcheck/ignore.d.server/snmpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/snmpd'
/etc/logcheck/ignore.d.server/snort [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/snort'
/etc/logcheck/ignore.d.server/spamc [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/spamc'
/etc/logcheck/ignore.d.server/spamd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/spamd'
/etc/logcheck/ignore.d.server/squid [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/squid'
/etc/logcheck/ignore.d.server/ssh [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ssh'
/etc/logcheck/ignore.d.server/stunnel [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/stunnel'
/etc/logcheck/ignore.d.server/su [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/su'
/etc/logcheck/ignore.d.server/sudo [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/sudo'
/etc/logcheck/ignore.d.server/sympa [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/sympa'
/etc/logcheck/ignore.d.server/syslogd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/syslogd'
/etc/logcheck/ignore.d.server/systemd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/systemd'
/etc/logcheck/ignore.d.server/systemd-logind [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/systemd-logind'
/etc/logcheck/ignore.d.server/systemd-timesyncd [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/systemd-timesyncd'
/etc/logcheck/ignore.d.server/teapop [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/teapop'
/etc/logcheck/ignore.d.server/telnetd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/telnetd'
/etc/logcheck/ignore.d.server/tftpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/tftpd'
/etc/logcheck/ignore.d.server/thy [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/thy'
/etc/logcheck/ignore.d.server/ucd-snmp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ucd-snmp'
/etc/logcheck/ignore.d.server/upsd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/upsd'
/etc/logcheck/ignore.d.server/uptimed [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/uptimed'
/etc/logcheck/ignore.d.server/userv [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/userv'
/etc/logcheck/ignore.d.server/vsftpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/vsftpd'
/etc/logcheck/ignore.d.server/watchdog [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/watchdog'
/etc/logcheck/ignore.d.server/wu-ftpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/wu-ftpd'
/etc/logcheck/ignore.d.server/xinetd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/xinetd'
/etc/logcheck/ignore.d.workstation/automount [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/automount'
/etc/logcheck/ignore.d.workstation/bind [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/bind'
/etc/logcheck/ignore.d.workstation/bluetooth-alsa [Errno 13]
Permission denied: '/etc/logcheck/ignore.d.workstation/bluetooth-alsa'
/etc/logcheck/ignore.d.workstation/bluez-utils [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/bluez-utils'
/etc/logcheck/ignore.d.workstation/bonobo [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/bonobo'
/etc/logcheck/ignore.d.workstation/dhcpcd [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/dhcpcd'
/etc/logcheck/ignore.d.workstation/francine [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/francine'
/etc/logcheck/ignore.d.workstation/gconf [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/gconf'
/etc/logcheck/ignore.d.workstation/gdm [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/gdm'
/etc/logcheck/ignore.d.workstation/hald [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/hald'
/etc/logcheck/ignore.d.workstation/hcid [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/hcid'
/etc/logcheck/ignore.d.workstation/ifplugd [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/ifplugd'
/etc/logcheck/ignore.d.workstation/ippl [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/ippl'
/etc/logcheck/ignore.d.workstation/kdm [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/kdm'
/etc/logcheck/ignore.d.workstation/kernel [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/kernel'
/etc/logcheck/ignore.d.workstation/laptop-mode-tools [Errno 13]
Permission denied:
'/etc/logcheck/ignore.d.workstation/laptop-mode-tools'
/etc/logcheck/ignore.d.workstation/libmtp-runtime [Errno 13]
Permission denied: '/etc/logcheck/ignore.d.workstation/libmtp-runtime'
/etc/logcheck/ignore.d.workstation/libpam-gnome-keyring [Errno 13]
Permission denied:
'/etc/logcheck/ignore.d.workstation/libpam-gnome-keyring'
/etc/logcheck/ignore.d.workstation/logcheck [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/logcheck'
/etc/logcheck/ignore.d.workstation/login [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/login'
/etc/logcheck/ignore.d.workstation/net-acct [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/net-acct'
/etc/logcheck/ignore.d.workstation/nntpcache [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/nntpcache'
/etc/logcheck/ignore.d.workstation/polypaudio [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/polypaudio'
/etc/logcheck/ignore.d.workstation/postfix [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/postfix'
/etc/logcheck/ignore.d.workstation/ppp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/ppp'
/etc/logcheck/ignore.d.workstation/proftpd [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/proftpd'
/etc/logcheck/ignore.d.workstation/pump [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/pump'
/etc/logcheck/ignore.d.workstation/sendfile [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/sendfile'
/etc/logcheck/ignore.d.workstation/slim [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/slim'
/etc/logcheck/ignore.d.workstation/squid [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/squid'
/etc/logcheck/ignore.d.workstation/udev [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/udev'
/etc/logcheck/ignore.d.workstation/wdm [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/wdm'
/etc/logcheck/ignore.d.workstation/winbind [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/winbind'
/etc/logcheck/ignore.d.workstation/wpasupplicant [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/wpasupplicant'
/etc/logcheck/ignore.d.workstation/xdm [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/xdm'
/etc/logcheck/ignore.d.workstation/xlockmore [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/xlockmore'
/etc/logcheck/violations.d/kernel [Errno 13] Permission denied:
'/etc/logcheck/violations.d/kernel'
/etc/logcheck/violations.d/logcheck [Errno 13] Permission denied:
'/etc/logcheck/violations.d/logcheck'
/etc/logcheck/violations.d/smartd [Errno 13] Permission denied:
'/etc/logcheck/violations.d/smartd'
/etc/logcheck/violations.d/su [Errno 13] Permission denied:
'/etc/logcheck/violations.d/su'
/etc/logcheck/violations.d/sudo [Errno 13] Permission denied:
'/etc/logcheck/violations.d/sudo'
/etc/logcheck/violations.ignore.d/logcheck-su [Errno 13] Permission
denied: '/etc/logcheck/violations.ignore.d/logcheck-su'
/etc/logcheck/violations.ignore.d/logcheck-sudo [Errno 13] Permission
denied: '/etc/logcheck/violations.ignore.d/logcheck-sudo'
-- no debconf information
Version: 1.3.24
Severity: important
Dear Maintainer,
In rsyslog 8.2210.0-3, the timestamp format was changed to be high
precision by default. It now looks like this:
2022-11-09T15:02:03.157819+01:00
I believe this part of all rules:
^\w{3} [ :[:digit:]]{11}
Must be changed into something like:
^[[:digit:]-T:.+]{32}
I didn't test the above, but it should be easy enough to verify.
I have marked this bug "important" for now, but I'd suggest bumping it
to "serious" as this seems release-critical to me.
See also: https://bugs.debian.org/475303
https://bugs.debian.org/475553
-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.0.0-2-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE,
TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8:en_US
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-- Configuration Files:
/etc/logcheck/cracking.d/kernel [Errno 13] Permission denied:
'/etc/logcheck/cracking.d/kernel'
/etc/logcheck/cracking.d/rlogind [Errno 13] Permission denied:
'/etc/logcheck/cracking.d/rlogind'
/etc/logcheck/cracking.d/rsh [Errno 13] Permission denied:
'/etc/logcheck/cracking.d/rsh'
/etc/logcheck/cracking.d/smartd [Errno 13] Permission denied:
'/etc/logcheck/cracking.d/smartd'
/etc/logcheck/cracking.d/tftpd [Errno 13] Permission denied:
'/etc/logcheck/cracking.d/tftpd'
/etc/logcheck/cracking.d/uucico [Errno 13] Permission denied:
'/etc/logcheck/cracking.d/uucico'
/etc/logcheck/ignore.d.paranoid/bind [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/bind'
/etc/logcheck/ignore.d.paranoid/cron [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/cron'
/etc/logcheck/ignore.d.paranoid/incron [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/incron'
/etc/logcheck/ignore.d.paranoid/logcheck [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/logcheck'
/etc/logcheck/ignore.d.paranoid/postfix [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/postfix'
/etc/logcheck/ignore.d.paranoid/ppp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/ppp'
/etc/logcheck/ignore.d.paranoid/pureftp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/pureftp'
/etc/logcheck/ignore.d.paranoid/qpopper [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/qpopper'
/etc/logcheck/ignore.d.paranoid/squid [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/squid'
/etc/logcheck/ignore.d.paranoid/ssh [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/ssh'
/etc/logcheck/ignore.d.paranoid/stunnel [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/stunnel'
/etc/logcheck/ignore.d.paranoid/sysklogd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/sysklogd'
/etc/logcheck/ignore.d.paranoid/telnetd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/telnetd'
/etc/logcheck/ignore.d.paranoid/tripwire [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/tripwire'
/etc/logcheck/ignore.d.paranoid/usb [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.paranoid/usb'
/etc/logcheck/ignore.d.server/acpid [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/acpid'
/etc/logcheck/ignore.d.server/amandad [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/amandad'
/etc/logcheck/ignore.d.server/amavisd-new [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/amavisd-new'
/etc/logcheck/ignore.d.server/anacron [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/anacron'
/etc/logcheck/ignore.d.server/anon-proxy [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/anon-proxy'
/etc/logcheck/ignore.d.server/apache [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/apache'
/etc/logcheck/ignore.d.server/apcupsd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/apcupsd'
/etc/logcheck/ignore.d.server/arpwatch [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/arpwatch'
/etc/logcheck/ignore.d.server/asterisk [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/asterisk'
/etc/logcheck/ignore.d.server/automount [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/automount'
/etc/logcheck/ignore.d.server/bind [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/bind'
/etc/logcheck/ignore.d.server/bluez-utils [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/bluez-utils'
/etc/logcheck/ignore.d.server/courier [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/courier'
/etc/logcheck/ignore.d.server/cpqarrayd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cpqarrayd'
/etc/logcheck/ignore.d.server/cpufreqd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cpufreqd'
/etc/logcheck/ignore.d.server/cron [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cron'
/etc/logcheck/ignore.d.server/cron-apt [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cron-apt'
/etc/logcheck/ignore.d.server/cups-lpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cups-lpd'
/etc/logcheck/ignore.d.server/cvs-pserver [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/cvs-pserver'
/etc/logcheck/ignore.d.server/cvsd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cvsd'
/etc/logcheck/ignore.d.server/cyrus [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/cyrus'
/etc/logcheck/ignore.d.server/dcc [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dcc'
/etc/logcheck/ignore.d.server/ddclient [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ddclient'
/etc/logcheck/ignore.d.server/dhclient [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dhclient'
/etc/logcheck/ignore.d.server/dhcp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dhcp'
/etc/logcheck/ignore.d.server/dictd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dictd'
/etc/logcheck/ignore.d.server/dkfilter [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dkfilter'
/etc/logcheck/ignore.d.server/dnsmasq [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dnsmasq'
/etc/logcheck/ignore.d.server/dovecot [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dovecot'
/etc/logcheck/ignore.d.server/dropbear [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dropbear'
/etc/logcheck/ignore.d.server/dspam [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/dspam'
/etc/logcheck/ignore.d.server/epmd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/epmd'
/etc/logcheck/ignore.d.server/exim4 [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/exim4'
/etc/logcheck/ignore.d.server/fcron [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/fcron'
/etc/logcheck/ignore.d.server/ftpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ftpd'
/etc/logcheck/ignore.d.server/git-daemon [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/git-daemon'
/etc/logcheck/ignore.d.server/gnu-imap4d [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/gnu-imap4d'
/etc/logcheck/ignore.d.server/gps [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/gps'
/etc/logcheck/ignore.d.server/grinch [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/grinch'
/etc/logcheck/ignore.d.server/horde3 [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/horde3'
/etc/logcheck/ignore.d.server/hplip [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/hplip'
/etc/logcheck/ignore.d.server/hylafax [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/hylafax'
/etc/logcheck/ignore.d.server/ikiwiki [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ikiwiki'
/etc/logcheck/ignore.d.server/imap [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/imap'
/etc/logcheck/ignore.d.server/imapproxy [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/imapproxy'
/etc/logcheck/ignore.d.server/imp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/imp'
/etc/logcheck/ignore.d.server/imp4 [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/imp4'
/etc/logcheck/ignore.d.server/innd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/innd'
/etc/logcheck/ignore.d.server/ipppd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ipppd'
/etc/logcheck/ignore.d.server/isdnlog [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/isdnlog'
/etc/logcheck/ignore.d.server/isdnutils [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/isdnutils'
/etc/logcheck/ignore.d.server/jabberd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/jabberd'
/etc/logcheck/ignore.d.server/kernel [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/kernel'
/etc/logcheck/ignore.d.server/klogind [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/klogind'
/etc/logcheck/ignore.d.server/krb5-kdc [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/krb5-kdc'
/etc/logcheck/ignore.d.server/libpam-krb5 [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/libpam-krb5'
/etc/logcheck/ignore.d.server/libpam-mount [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/libpam-mount'
/etc/logcheck/ignore.d.server/logcheck [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/logcheck'
/etc/logcheck/ignore.d.server/login [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/login'
/etc/logcheck/ignore.d.server/maradns [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/maradns'
/etc/logcheck/ignore.d.server/mldonkey-server [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/mldonkey-server'
/etc/logcheck/ignore.d.server/mon [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/mon'
/etc/logcheck/ignore.d.server/mountd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/mountd'
/etc/logcheck/ignore.d.server/nagios [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/nagios'
/etc/logcheck/ignore.d.server/netconsole [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/netconsole'
/etc/logcheck/ignore.d.server/nfs [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/nfs'
/etc/logcheck/ignore.d.server/nntpcache [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/nntpcache'
/etc/logcheck/ignore.d.server/nscd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/nscd'
/etc/logcheck/ignore.d.server/nslcd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/nslcd'
/etc/logcheck/ignore.d.server/openvpn [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/openvpn'
/etc/logcheck/ignore.d.server/otrs [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/otrs'
/etc/logcheck/ignore.d.server/passwd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/passwd'
/etc/logcheck/ignore.d.server/pdns [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/pdns'
/etc/logcheck/ignore.d.server/perdition [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/perdition'
/etc/logcheck/ignore.d.server/policyd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/policyd'
/etc/logcheck/ignore.d.server/popa3d [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/popa3d'
/etc/logcheck/ignore.d.server/postfix [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/postfix'
/etc/logcheck/ignore.d.server/postfix-policyd [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/postfix-policyd'
/etc/logcheck/ignore.d.server/ppp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ppp'
/etc/logcheck/ignore.d.server/pptpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/pptpd'
/etc/logcheck/ignore.d.server/procmail [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/procmail'
/etc/logcheck/ignore.d.server/proftpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/proftpd'
/etc/logcheck/ignore.d.server/pure-ftpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/pure-ftpd'
/etc/logcheck/ignore.d.server/pureftp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/pureftp'
/etc/logcheck/ignore.d.server/qpopper [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/qpopper'
/etc/logcheck/ignore.d.server/rbldnsd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/rbldnsd'
/etc/logcheck/ignore.d.server/rpc_statd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/rpc_statd'
/etc/logcheck/ignore.d.server/rsnapshot [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/rsnapshot'
/etc/logcheck/ignore.d.server/rsync [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/rsync'
/etc/logcheck/ignore.d.server/sa-exim [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/sa-exim'
/etc/logcheck/ignore.d.server/samba [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/samba'
/etc/logcheck/ignore.d.server/saned [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/saned'
/etc/logcheck/ignore.d.server/sasl2-bin [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/sasl2-bin'
/etc/logcheck/ignore.d.server/saslauthd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/saslauthd'
/etc/logcheck/ignore.d.server/schroot [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/schroot'
/etc/logcheck/ignore.d.server/scponly [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/scponly'
/etc/logcheck/ignore.d.server/slapd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/slapd'
/etc/logcheck/ignore.d.server/smartd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/smartd'
/etc/logcheck/ignore.d.server/smbd_audit [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/smbd_audit'
/etc/logcheck/ignore.d.server/smokeping [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/smokeping'
/etc/logcheck/ignore.d.server/snmpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/snmpd'
/etc/logcheck/ignore.d.server/snort [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/snort'
/etc/logcheck/ignore.d.server/spamc [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/spamc'
/etc/logcheck/ignore.d.server/spamd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/spamd'
/etc/logcheck/ignore.d.server/squid [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/squid'
/etc/logcheck/ignore.d.server/ssh [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ssh'
/etc/logcheck/ignore.d.server/stunnel [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/stunnel'
/etc/logcheck/ignore.d.server/su [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/su'
/etc/logcheck/ignore.d.server/sudo [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/sudo'
/etc/logcheck/ignore.d.server/sympa [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/sympa'
/etc/logcheck/ignore.d.server/syslogd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/syslogd'
/etc/logcheck/ignore.d.server/systemd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/systemd'
/etc/logcheck/ignore.d.server/systemd-logind [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/systemd-logind'
/etc/logcheck/ignore.d.server/systemd-timesyncd [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.server/systemd-timesyncd'
/etc/logcheck/ignore.d.server/teapop [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/teapop'
/etc/logcheck/ignore.d.server/telnetd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/telnetd'
/etc/logcheck/ignore.d.server/tftpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/tftpd'
/etc/logcheck/ignore.d.server/thy [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/thy'
/etc/logcheck/ignore.d.server/ucd-snmp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/ucd-snmp'
/etc/logcheck/ignore.d.server/upsd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/upsd'
/etc/logcheck/ignore.d.server/uptimed [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/uptimed'
/etc/logcheck/ignore.d.server/userv [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/userv'
/etc/logcheck/ignore.d.server/vsftpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/vsftpd'
/etc/logcheck/ignore.d.server/watchdog [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/watchdog'
/etc/logcheck/ignore.d.server/wu-ftpd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/wu-ftpd'
/etc/logcheck/ignore.d.server/xinetd [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.server/xinetd'
/etc/logcheck/ignore.d.workstation/automount [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/automount'
/etc/logcheck/ignore.d.workstation/bind [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/bind'
/etc/logcheck/ignore.d.workstation/bluetooth-alsa [Errno 13]
Permission denied: '/etc/logcheck/ignore.d.workstation/bluetooth-alsa'
/etc/logcheck/ignore.d.workstation/bluez-utils [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/bluez-utils'
/etc/logcheck/ignore.d.workstation/bonobo [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/bonobo'
/etc/logcheck/ignore.d.workstation/dhcpcd [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/dhcpcd'
/etc/logcheck/ignore.d.workstation/francine [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/francine'
/etc/logcheck/ignore.d.workstation/gconf [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/gconf'
/etc/logcheck/ignore.d.workstation/gdm [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/gdm'
/etc/logcheck/ignore.d.workstation/hald [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/hald'
/etc/logcheck/ignore.d.workstation/hcid [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/hcid'
/etc/logcheck/ignore.d.workstation/ifplugd [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/ifplugd'
/etc/logcheck/ignore.d.workstation/ippl [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/ippl'
/etc/logcheck/ignore.d.workstation/kdm [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/kdm'
/etc/logcheck/ignore.d.workstation/kernel [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/kernel'
/etc/logcheck/ignore.d.workstation/laptop-mode-tools [Errno 13]
Permission denied:
'/etc/logcheck/ignore.d.workstation/laptop-mode-tools'
/etc/logcheck/ignore.d.workstation/libmtp-runtime [Errno 13]
Permission denied: '/etc/logcheck/ignore.d.workstation/libmtp-runtime'
/etc/logcheck/ignore.d.workstation/libpam-gnome-keyring [Errno 13]
Permission denied:
'/etc/logcheck/ignore.d.workstation/libpam-gnome-keyring'
/etc/logcheck/ignore.d.workstation/logcheck [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/logcheck'
/etc/logcheck/ignore.d.workstation/login [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/login'
/etc/logcheck/ignore.d.workstation/net-acct [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/net-acct'
/etc/logcheck/ignore.d.workstation/nntpcache [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/nntpcache'
/etc/logcheck/ignore.d.workstation/polypaudio [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/polypaudio'
/etc/logcheck/ignore.d.workstation/postfix [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/postfix'
/etc/logcheck/ignore.d.workstation/ppp [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/ppp'
/etc/logcheck/ignore.d.workstation/proftpd [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/proftpd'
/etc/logcheck/ignore.d.workstation/pump [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/pump'
/etc/logcheck/ignore.d.workstation/sendfile [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/sendfile'
/etc/logcheck/ignore.d.workstation/slim [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/slim'
/etc/logcheck/ignore.d.workstation/squid [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/squid'
/etc/logcheck/ignore.d.workstation/udev [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/udev'
/etc/logcheck/ignore.d.workstation/wdm [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/wdm'
/etc/logcheck/ignore.d.workstation/winbind [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/winbind'
/etc/logcheck/ignore.d.workstation/wpasupplicant [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/wpasupplicant'
/etc/logcheck/ignore.d.workstation/xdm [Errno 13] Permission denied:
'/etc/logcheck/ignore.d.workstation/xdm'
/etc/logcheck/ignore.d.workstation/xlockmore [Errno 13] Permission
denied: '/etc/logcheck/ignore.d.workstation/xlockmore'
/etc/logcheck/violations.d/kernel [Errno 13] Permission denied:
'/etc/logcheck/violations.d/kernel'
/etc/logcheck/violations.d/logcheck [Errno 13] Permission denied:
'/etc/logcheck/violations.d/logcheck'
/etc/logcheck/violations.d/smartd [Errno 13] Permission denied:
'/etc/logcheck/violations.d/smartd'
/etc/logcheck/violations.d/su [Errno 13] Permission denied:
'/etc/logcheck/violations.d/su'
/etc/logcheck/violations.d/sudo [Errno 13] Permission denied:
'/etc/logcheck/violations.d/sudo'
/etc/logcheck/violations.ignore.d/logcheck-su [Errno 13] Permission
denied: '/etc/logcheck/violations.ignore.d/logcheck-su'
/etc/logcheck/violations.ignore.d/logcheck-sudo [Errno 13] Permission
denied: '/etc/logcheck/violations.ignore.d/logcheck-sudo'
-- no debconf information
Richard Lewis
Nov 23, 2022, 7:10:03 PM11/23/22
to
|On Wed, 9 Nov 2022 at 16:09, Stefan Kangas <stefan...@gmail.com> wrote:
> In rsyslog 8.2210.0-3, the timestamp format was changed to be high
> precision by default. It now looks like this:
>
> 2022-11-09T15:02:03.157819+01:00
>
> I believe this part of all rules:
>
> ^\w{3} [ :[:digit:]]{11}
>
> Must be changed into something like:
>
> ^[[:digit:]-T:.+]{32}
>
> In rsyslog 8.2210.0-3, the timestamp format was changed to be high
> precision by default. It now looks like this:
>
> 2022-11-09T15:02:03.157819+01:00
>
> I believe this part of all rules:
>
> ^\w{3} [ :[:digit:]]{11}
>
> Must be changed into something like:
>
> ^[[:digit:]-T:.+]{32}
>
I suggest it needs to keep the 'old' prefix as an alternative - for people that revert the rsyslog setting and for people who enable checking of the journal, which uses the old format. so rules need to begin with the form '^(old|new) ...'
Also we should add NEWS.Debian as this affects all local rules too.
i can submit a patch. but will need the maintainer (Jose) DD to upload.
Also we should add NEWS.Debian as this affects all local rules too.
i can submit a patch. but will need the maintainer (Jose) DD to upload.
> I have marked this bug "important" for now, but I'd suggest bumping it
> to "serious" as this seems release-critical to me.
> to "serious" as this seems release-critical to me.
+1 on this being important. im not sure a higher severity is technically correct. And would it help get it actioned or just result in logcheck being dropped?.... i dont want to see the latter.
We now have two important bugs which affect every user of logcheck in testing. The bookworm freeze is fast approaching...
Jose if you are reading this, how can we help you get these fixed?
Mathias Gibbens
Dec 4, 2022, 12:12:35 AM12/4/22
to
I also would like to see this bug fixed, as a server I've got running
bookworm is spamming log events due to the default date format having
changed in rsyslog.
Jose -- I'd be happy to help out by co-maintaining the logcheck
package. The logcheck repo is in the debian group on salsa, so by
convention technically it's open for any DD to contribute to, but I
don't want to just start doing uploads without first seeing if you
would have any objections.
Stefan and Richard -- Hopefully we'll be able to get this bug
resolved pretty quickly. If you have patches for a suggested change or
(even better) a script to automate changing all the rule files, please
feel free to add it to this bug report, or open a pull request on
salsa.
Mathias
PS -- There might be an email loop, so I've specifically CC'ed Jose
on this email. The current Maintainer email address for logcheck is the
"magic" logc...@packages.debian.org address that will forward messages
to the package's maintainer, but because that's the exact same address
it might be looping/dropping messages. I'm not sure if there's logic in
place to also email "real" addresses listed as Uploaders for a package
or not....
bookworm is spamming log events due to the default date format having
changed in rsyslog.
Jose -- I'd be happy to help out by co-maintaining the logcheck
package. The logcheck repo is in the debian group on salsa, so by
convention technically it's open for any DD to contribute to, but I
don't want to just start doing uploads without first seeing if you
would have any objections.
Stefan and Richard -- Hopefully we'll be able to get this bug
resolved pretty quickly. If you have patches for a suggested change or
(even better) a script to automate changing all the rule files, please
feel free to add it to this bug report, or open a pull request on
salsa.
Mathias
PS -- There might be an email loop, so I've specifically CC'ed Jose
on this email. The current Maintainer email address for logcheck is the
"magic" logc...@packages.debian.org address that will forward messages
to the package's maintainer, but because that's the exact same address
it might be looping/dropping messages. I'm not sure if there's logic in
place to also email "real" addresses listed as Uploaders for a package
or not....
Jose M Calhariz
Dec 5, 2022, 4:40:04 AM12/5/22
to
Hi,
can someone do a minimal patch proposing a way to solve this issue?
So we can discuss the best way to solve it, before doing the big work of solving it.
I am going to check why this is out of my radar.
Kind regards
Jose M Calhariz
can someone do a minimal patch proposing a way to solve this issue?
So we can discuss the best way to solve it, before doing the big work of solving it.
I am going to check why this is out of my radar.
Kind regards
Jose M Calhariz
Richard Lewis
Dec 5, 2022, 8:40:04 PM12/5/22
to
On Mon, 5 Dec 2022, 09:29 Jose M Calhariz, <jo...@calhariz.com> wrote:
can someone do a minimal patch proposing a way to solve this issue?
Hi, Not a patch, but a recipe to patch every rule:
for x in ignore.d.* violations.*; do sed -i -E 's,^\^((\\w|\[\[:alpha:\]\])\{3\} \[ :(0-9|\[:digit:\])\]\{11\}),^(\1|[0-9T:.+-]{32}),' $x/*; done
I make it 183 files modified (I dont know if the "for" loop is really needed, but sed didnt want like than one glob on the line)
This is replacing ^<old prefix> with ^(old prefix|new prefix) in every rulefile. The regex-special chars need escaping in the first bit of sed, but not the replacement. It is safe to run multiple times, but it does modify files, so take care. I have not done a lot of testing on this yet either.
There are several variants of <old prefix> in the package:
^\w{3} [ :0-9]{11} is the most common (eg ignore.d.server/acpid)
^[[:alpha:]]{3} [ :[:digit:]]{11} is used in ignore.d.server/systemd
^\w{3} [ :[:digit:]]{11} is used in ignore.d.paranoid/bind
i didnt check if anything used the fourth variant, ie '^[[:alpha:]]{3} [ :0-9]{11}' but that would also be caught by the expression too
The sed expression preserves these variants, but it would be even better to replace the \1 with whichever variant is preferred.
In the replacement, I we want the old prefix _first_ for future-proofing: rsyslog is being demoted in priority: it may still be pulled in as dependencies, more and more we will see systems without rsyslog installed at all - all the logging will be in the journal. So to remain useful, logcheck will need to enable checking of the systemd journal as well as /var/log/syslog. And the journal lines are extracted by logcheck in the "old" format. So I think we should do this change with that in mind.
The NEWS.Debian needs an entry as users will need to make a similar change in their own rules - i assume no-one uses logcheck without hundreds of local modifications in /etc/logcheck. I can help write that, but I didnt find the time yet.
I didnt do a proper patch yet - i could build one on top of the merge request submitted for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1020827 - i think #1020827 is almost as important to fix as this bug.
Richard
Richard Lewis
Dec 6, 2022, 7:00:04 PM12/6/22
to
On Tue, 6 Dec 2022 at 01:34, Richard Lewis
<richard.le...@googlemail.com> wrote:
> I didnt do a proper patch yet
And now i have: https://salsa.debian.org/debian/logcheck/-/merge_requests/15
<richard.le...@googlemail.com> wrote:
> I didnt do a proper patch yet
Mathias Gibbens
Dec 6, 2022, 8:50:04 PM12/6/22
to
there's no other comments by the end of the week I'll plan to merge it
over the weekend.
Also, you had commented
> In the replacement, I we want the old prefix _first_ for future-
> proofing: rsyslog is being demoted in priority: it may still be
> pulled in as dependencies, more and more we will see systems without
> rsyslog installed at all - all the logging will be in the journal.
> So to remain useful, logcheck will need to enable checking of the
> systemd journal as well as /var/log/syslog. And the journal lines are
> extracted by logcheck in the "old" format. So I think we should do
> this change with that in mind.
there's a bug in the BTS to remind us to properly enable checking
systemd's journal?
Thanks,
Mathias
Richard Lewis
Dec 7, 2022, 7:30:04 AM12/7/22
to
On Wed, 7 Dec 2022, 01:46 Mathias Gibbens, <gib...@debian.org> wrote:
On Tue, 2022-12-06 at 23:55 +0000, Richard Lewis wrote:
> On Tue, 6 Dec 2022 at 01:34, Richard Lewis
> <richard.le...@googlemail.com> wrote:
> > I didnt do a proper patch yet
>
> And now i have:
> https://salsa.debian.org/debian/logcheck/-/merge_requests/15
Thanks, Richard! I've made a few comments on that merge request. If
there's no other comments by the end of the week I'll plan to merge it
over the weekend.
thanks - i will work through. (i cant easily make changes in git/salsa until this evening)
Also, you had commented
> In the replacement, I we want the old prefix _first_ for future-
> proofing: rsyslog is being demoted in priority: it may still be
> pulled in as dependencies, more and more we will see systems without
> rsyslog installed at all - all the logging will be in the journal.
> So to remain useful, logcheck will need to enable checking of the
> systemd journal as well as /var/log/syslog. And the journal lines are
> extracted by logcheck in the "old" format. So I think we should do
> this change with that in mind.
I don't want to accidentally loose this -- could you make sure
there's a bug in the BTS to remind us to properly enable checking
systemd's journal
i will report later (if noone else does). there is a small patch i have to stop logcheck going back over the entire journal (and then beeing OOM-killed) when checking is first enabled that i will include too.
- glad to see some momentum in this package! (i will have to restrain myself from trying to fix all the bugs at once!)
0 new messages