Frédéric Brière
2007-Aug-14 17:32 UTC
[Logcheck-devel] Bug#437886: logcheck-database: violations.ignore rule for postfix's SASL auth failure does not match
Package: logcheck-database Version: 1.2.54 Severity: normal violations.ignore.d/logcheck-postfix includes the following rule: ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: [-._[:alnum:]]+\[[.[:digit:]]+\]: SASL (LOGIN|PLAIN|(DIGEST|CRAM)-MD5|APOP) authentication failed:?$ The trailing ":?$" appears to be in error, as the ":" would imply some additional text that would not be matched. (Indeed, all such warnings are "authentication failed: authentication failure" in my case. And no, I don't know who came up with that wording. <g>) I would think that "(:.*)?$" would be more useful, or, if we put on our paranoid hats, "(: authentication failure)?$". -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core) Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash