Carlos Alberto Lopez Perez
2012-Nov-14 02:50 UTC
[Logcheck-devel] Bug#693183: Please include ignore.d.server rules for DMA
Package: logcheck-database
Version: 1.3.15
Severity: wishlist
Tags: patch
X-Debbugs-CC: roam at ringlet.net
Hello,
After deploying DMA, I found that logcheck is not filtering the typical
notification messages of mail delivery that any mailer daemon generates.
Here is one example of the logcheck message that I received:
System Events
=-=-=-=-=-=-Nov 14 00:02:04 localhost dma[100dcb]: new mail from user=logcheck
uid=103 envelope_from=<logcheck at localhost>
Nov 14 00:02:04 localhost dma[100dcb]: mail to=<logcheck at localnet.com>
queued as 100dcb.7f9b716f3670
Nov 14 00:02:04 localhost dma[100dcb.7f9b716f3670]: trying delivery
Nov 14 00:02:04 localhost dma[100dcb.7f9b716f3670]: using smarthost
(mail.localnet.com:25)
Nov 14 00:02:04 localhost dma[100dcb.7f9b716f3670]: trying remote delivery to
mail.localnet.com [192.168.122.28] pref 0
Nov 14 00:02:09 localhost dma[100dcb.7f9b716f3670]: delivery successful
I successfully filtered all this notification messages with the following rules
# cat /etc/logcheck/ignore.d.server/dma
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dma\[[0-f.]+\]: new mail from
user=[[:alpha:]]+ uid=[0-9]+ envelope_from=<[@._[:alnum:]-]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dma\[[0-f.]+\]: mail
to=<[@._[:alnum:]-]+> queued as [0-f.]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dma\[[0-f.]+\]: trying delivery$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dma\[[0-f.]+\]: using smarthost
\([._[:alnum:]-]+:[0-9]+\)
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dma\[[0-f.]+\]: trying remote delivery
to [._[:alnum:]-]+ \[[0-9.:]+\] pref [0-9]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dma\[[0-f.]+\]: delivery successful$
Please, consider adding such rules to logcheck-database
CC'ing DMA maintainer (Peter Pentchev)
Regards!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20121114/69b585b0/attachment.pgp>