Micah Anderson
2006-Aug-11 01:27 UTC
[Logcheck-devel] Bug#382440: logcheck-database: Postfix rule missing in violations.ignore.d
Package: logcheck-database Version: 1.2.47 Severity: normal Tags: patch Without the following logcheck line in /etc/logcheck/violations.ignore.d, lines such as the following are reported: postfix/smtp[30054]: 824E9A2C1E: to=<nooneisillegal at someplace.net>, relay=0.0.0.0[0.0.0.0], delay=1, status=sent (250 2.6.0 Ok, id=30274-22, from MTA: 250 Ok: queued as 15140A2D0A) This is because of the keyword "illegal" other accounts with words such as "attack" in their username also get reported. Adding the following seems to resolve this: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: [[:alnum:]]+: to=[^[:space:]]+, relay=[^[:space:]]+, delay=[.0-9]+, (delays=[.0-9/]+, dsn=[.0-9]+, )?status=[[:alnum:]]+ \(.*\)$ Micah -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.16-2-vserver-686 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages logcheck-database depends on: ii debconf [debconf-2.0] 1.5.3 Debian configuration management sy logcheck-database recommends no packages. -- debconf information: logcheck-database/rules-directories-note: logcheck-database/standard-rename-note: logcheck-database/conffile-cleanup: false
Apparently Analagous Threads
- Bug#368313: logcheck-database: new postfix violations ignore rule
- Bug#369603: logcheck-database: new rule for dhcpd
- Bug#425967: logcheck-database: The patterns for courier-imap-ssl do not match imap, only imap-ssl
- Bug#363336: logcheck-database: incomplete regexp for popa3d log message
- Bug#551340: [logcheck-database] Rule in /etc/logcheck/violations.ignore.d/logcheck-su does not match