parachute@optonline.net
2005-Nov-08 05:12 UTC
[Logcheck-users] It's not filtering this one specific line...
I keep seeing... "Nov 7 23:08:09 ns1 amavis[24086]: (24086-06) WARN: all primary virus scanners failed, considering backups" And no matter what I try to make a rule filter for it, it won't go away! I've tested my rules by doing `cat /var/log/mail.log | egrep "$my_rule"` and it would work and scroll out all the matched output. Here is one of the rules I tried... ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: +(\([-0-9]+\) +)? WARN: all primary virus scanners failed, considering backups I tried shortened versions, and guaranteed versions like just "all primary virus" but it still shows in my email summaries...
Todd Troxell
2005-Nov-10 21:52 UTC
[Logcheck-users] It's not filtering this one specific line...
Hi! On Mon, Nov 07, 2005 at 11:13:27PM -0500, parachute@optonline.net wrote:> I keep seeing... > "Nov 7 23:08:09 ns1 amavis[24086]: (24086-06) WARN: all primary > virus scanners failed, considering backups" > > And no matter what I try to make a rule filter for it, it won't go > away! I've tested my rules by doing `cat /var/log/mail.log | egrep > "$my_rule"` and it would work and scroll out all the matched output.The problem is that the word "failed" is triggering a security violation. You will need to add it to a file in violations.ignore.d/ For more info see README.logcheck-database -- Todd Troxell http://rapidpacket.com/~xtat