Log Scanner Report - Non Errors reported

This forum is only for reproducible bugs with csf and lfd (i.e. not iptables problems, lack of understanding how to use a feature, etc). Posts must be accompanied with full technical details of the problem and how it can be recreated. Any posts not adhering to this, or not considered bugs, will be moved to the General Discussion (csf) forum.
Post Reply
strange1
Junior Member
Posts: 2
Joined: 18 Jul 2016, 20:32

Log Scanner Report - Non Errors reported

Post by strange1 »

The Log Scanner Report emails contain lines of data from the log that appear to be continuations of previous multi-lined log entries.
It appears that the format of the log entries looks like:
-------------------------------
begin with the date/time in brackets
a space
the type of log entry ( info, warning, error)
a space
a source ( program or procedure ) of the log entry in brackets
a space
The log text... USUALLY single line. but sometimes mutli-lined and terminates with the end of the line before a new line that begins with the date/time in brackets
------------------------------------

a log entry in /usr/local/cpanel/logs/error_log that looks like:
------------------------------------------------------------------------------------------------------------------------
[2016-07-16 12:16:40 -0700] info [autorepair] Successfully verified signature for cpanel (key types: release).
==> cpsrvd 11.56.0.25 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up native SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
==> cpsrvd 11.56.0.25 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up native SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports

[date/time of next log entry -0700].........
---------------------------------------------------------------------------------------------------------------------------
produces a Log Scanner Report email that includes:

---------------------------------------------------------------------------------------------------------------------------
/usr/local/cpanel/logs/error_log:
==> cpsrvd 11.56.0.25 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up native SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports
==> cpsrvd 11.56.0.25 started
==> cpsrvd: loading security policy....Done
==> cpsrvd: Setting up native SSL support ... Done
==> cpsrvd: transferred port bindings
==> cpsrvd: bound to ports

---------------------------------------------------------------------------------------------------------------------------

The reported data appears to be an extended log from the previous "info" line

another example:

---------------------------------------------------------------------------------------------------------------------------
[2016-07-16 17:26:16 -0700] info [rebuild_sprites] File "/usr/local/cpanel/base/frontend/x3/branding/crimson_smoke/bottom_bg.gif" has 783 x 23 dimensions with 18009 pixels.
This is exceeding 8192 pixels and color palette issue may be expected when its associated sprite file is used:
"/usr/local/cpanel/base/frontend/x3/branding/crimson_smoke/heading_sprites_bg_snap_to_smallest_width.png".


[2016-07-16 17:26:17 -0700] info [rebuild_sprites] File "/usr/local/cpanel/base/frontend/x3/branding/the_beach/bottom_bg.gif" has 783 x 23 dimensions with 18009 pixels.
This is exceeding 8192 pixels and color palette issue may be expected when its associated sprite file is used:
"/usr/local/cpanel/base/frontend/x3/branding/the_beach/heading_sprites_bg_snap_to_smallest_width.png".


[2016-07-16 17:26:21 -0700] info [rebuild_sprites] File "/usr/local/cpanel/base/frontend/x3/branding/motor_city/bg.gif" has 400 x 400 dimensions with 160000 pixels.
This is exceeding 8192 pixels and color palette issue may be expected when its associated sprite file is used:
"/usr/local/cpanel/base/frontend/x3/branding/motor_city/ui_sprites_bg_snap_to_smallest_width.png".


[2016-07-16 17:26:26 -0700] info [rebuild_sprites] File "/usr/local/cpanel/base/frontend/x3mail/branding/crimson_smoke/bottom_bg.gif" has 783 x 23 dimensions with 18009 pixels.
This is exceeding 8192 pixels and color palette issue may be expected when its associated sprite file is used:
"/usr/local/cpanel/base/frontend/x3mail/branding/crimson_smoke/heading_sprites_bg_snap_to_smallest_width.png".


[2016-07-16 17:26:30 -0700] info [rebuild_sprites] File "/usr/local/cpanel/base/frontend/x3mail/branding/the_beach/bottom_bg.gif" has 783 x 23 dimensions with 18009 pixels.
This is exceeding 8192 pixels and color palette issue may be expected when its associated sprite file is used:
"/usr/local/cpanel/base/frontend/x3mail/branding/the_beach/heading_sprites_bg_snap_to_smallest_width.png".


[2016-07-16 17:26:30 -0700] info [rebuild_sprites] File "/usr/local/cpanel/base/frontend/x3mail/branding/motor_city/bg.gif" has 400 x 400 dimensions with 160000 pixels.
This is exceeding 8192 pixels and color palette issue may be expected when its associated sprite file is used:
"/usr/local/cpanel/base/frontend/x3mail/branding/motor_city/ui_sprites_bg_snap_to_smallest_width.png".

[date/time of next log entry -0700].........
---------------------------------------------------------------------------------------------------------------------------
produces a Log Scanner Report email that includes:

---------------------------------------------------------------------------------------------------------------------------
/usr/local/cpanel/logs/error_log:

This is exceeding 8192 pixels and color palette issue may be expected when its associated sprite file is used:
"/usr/local/cpanel/base/frontend/x3mail/branding/crimson_smoke/heading_sprites_bg_snap_to_smallest_width.png".
This is exceeding 8192 pixels and color palette issue may be expected when its associated sprite file is used:
"/usr/local/cpanel/base/frontend/x3mail/branding/the_beach/heading_sprites_bg_snap_to_smallest_width.png".
This is exceeding 8192 pixels and color palette issue may be expected when its associated sprite file is used:
"/usr/local/cpanel/base/frontend/x3mail/branding/motor_city/ui_sprites_bg_snap_to_smallest_width.png".
This is exceeding 8192 pixels and color palette issue may be expected when its associated sprite file is used:
"/usr/local/cpanel/base/frontend/x3/branding/crimson_smoke/heading_sprites_bg_snap_to_smallest_width.png".
This is exceeding 8192 pixels and color palette issue may be expected when its associated sprite file is used:
"/usr/local/cpanel/base/frontend/x3/branding/the_beach/heading_sprites_bg_snap_to_smallest_width.png".
This is exceeding 8192 pixels and color palette issue may be expected when its associated sprite file is used:
"/usr/local/cpanel/base/frontend/x3/branding/motor_city/ui_sprites_bg_snap_to_smallest_width.png".

---------------------------------------------------------------------------------------------------------------------------
The reported data appears to be an extended log from the previous "info" line
ForumAdmin
Moderator
Posts: 1524
Joined: 01 Oct 2008, 09:24

Re: Log Scanner Report - Non Errors reported

Post by ForumAdmin »

We were unable to replicate this issue. Please post your /etc/csf/csf.logignore as it may contain a regex that is excluding the timestamp lines.
strange1
Junior Member
Posts: 2
Joined: 18 Jul 2016, 20:32

Re: Log Scanner Report - Non Errors reported

Post by strange1 »

Here is my /etc/csf/csf.logignore file. Didn;t know it existed. I may try to get rid of a few of the messages that I IGNORE anyway! Is there a quick way to test against existing logs ( over and over and over till I get it right?)

###############################################################################
# Copyright 2006-2015, Way to the Web Limited
# URL: http://www.configserver.com
# Email: sales@waytotheweb.com
###############################################################################
# The following is a list of regular expressions for the LOGSCANNER feature.
# If a log line matches it will be ignored, otherwise it will be reported


^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ kernel:\s(\[[^\]]+\]\s)?Firewall:

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ suhosin\[\d+\]: ALERT - script tried to increase memory_limit

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: client .* view internal
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: client .* view external
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: client .* view localhost_resolver
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: connection refused resolving
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: lame server resolving
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: network unreachable resolving
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: unexpected RCODE
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: zone .* loaded serial
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: zone .* sending notifies
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: FORMERR resolving

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(unexpected RCODE REFUSED\)
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(unexpected RCODE SERVFAIL\)
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(host unreachable\)
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(network unreachable\)
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(connection refused \) resolving
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ named\[\d+\]: error \(FORMERR\) resolving

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ pure-ftpd: \([\w\?\@\+\%\.]+\@\d+\.\d+\.\d+\.\d+\) \[(INFO|NOTICE)\]

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ Cp-Wrap\[\d+\]:
^\[\S+\s\S+\s\S+\] info

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ gconfd

^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd: Started Session
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd: Starting Session
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd: Failed to mark scope
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd-logind: New session
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd-logind: Removed session
^(\S+|\S+\s+\d+\s+\S+) [^\s\.]+ systemd: Created slice
sebby
Junior Member
Posts: 48
Joined: 11 Dec 2006, 19:26

Re: Log Scanner Report - Non Errors reported

Post by sebby »

See suggestion here to get rid of the annoying cpsrvd reports.
Post Reply