Micah Anderson
2006-Aug-11 01:27 UTC
[Logcheck-devel] Bug#382440: logcheck-database: Postfix rule missing in violations.ignore.d
Package: logcheck-database
Version: 1.2.47
Severity: normal
Tags: patch
Without the following logcheck line in
/etc/logcheck/violations.ignore.d, lines such as the following are
reported:
postfix/smtp[30054]: 824E9A2C1E: to=<nooneisillegal at someplace.net>,
relay=0.0.0.0[0.0.0.0], delay=1, status=sent (250 2.6.0 Ok, id=30274-22,
from MTA: 250 Ok: queued as 15140A2D0A)
This is because of the keyword "illegal" other accounts with words
such
as "attack" in their username also get reported. Adding the following
seems to resolve this:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+:
to=[^[:space:]]+, relay=[^[:space:]]+, delay=[.0-9]+, (delays=[.0-9/]+,
dsn=[.0-9]+, )?status=[[:alnum:]]+ \(.*\)$
Micah
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-vserver-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.5.3 Debian configuration management sy
logcheck-database recommends no packages.
-- debconf information:
logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
Apparently Analagous Threads
- Bug#368313: logcheck-database: new postfix violations ignore rule
- Bug#369603: logcheck-database: new rule for dhcpd
- Bug#425967: logcheck-database: The patterns for courier-imap-ssl do not match imap, only imap-ssl
- Bug#363336: logcheck-database: incomplete regexp for popa3d log message
- Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match
Wisdom of the Ancients
