Logcheck devel - Jun 2006 - Bug#376106: idea: interpolation in filter files

Package: logcheck
Severity: wishlist

Since logcheck processes all filter files anyway (instead of just
feeding them to egrep -f), the following may be trivial to
implement:

It would be nice if logcheck filter files would honour variables,
e.g.:

  # LEAD=^\w{3} [ :[:digit:]]{11} [-._[:alnum:]]+
  # PROCNAME_SMTPD=postfix/smtpd\[[[:digit:]]+\]
  # QUEUEID=(NOQUEUE|[[:upper:][:digit:]]+)
  # IP=([:digit:]{1,3}\.){3}[:digit:]{1,3}

  @LEAD@ @PROCNAME_SMTPD@: $QUEUEID@: reject: RCPT from @HOSTNAME@\[@IP@\] ...

Then, it would also make sense to define a default LEAD, or default
matches for IP addresses and hostnames etc, which can be overridden.

-- 
Please do not send copies of list mail to me; I read the list!
 
 .''`.     martin f. krafft <madduck at debian.org>
: :'  :    proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060630/33523a81/attachment.pgp

Please find attached a reference implementation of this feature,
using make.

-- 
Please do not send copies of list mail to me; I read the list!
 
 .''`.     martin f. krafft <madduck at debian.org>
: :'  :    proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system
-------------- next part --------------
#: LEAD       = ^\w{3} [ :[:digit:]]{11} @HOSTNAME@
#: HOSTNAME   = [-_[:alnum:]]+
#: PID        = [[:digit:]]{1,5}
#: PROC_SMTPD = postfix/smtpd\[@PID@\]
#: QUEUE_ID   = (NOQUEUE|[[:upper:][:digit:]]+)
#: DN         = [-_.[:alnum:]]+
#: FQDN       = @DN@\.[[:alpha:]]{2,4}
#: IPADDR     = ([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}
#: STATUS     = [45][[:digit:]]{2}
#: EXT_STATUS = @STATUS@ ([[:digit:]]+\.){2}[[:digit:]]+
#: EMAIL      = <[-_.+[:alnum:]]+@@DN@>
#: PROTO      = proto=E?SMTP
#: FROM       = from=@EMAIL@
#: TO         = to=@EMAIL@
#: HELO       = helo=<@DN@>
#: EOL        = $

@LEAD@ @PROC_SMTPD@: @QUEUE_ID@: reject: RCPT from @FQDN@\[@IPADDR@\]:
@EXT_STATUS@ @EMAIL@: Relay access denied; @FROM@ @TO@ @PROTO@ @HELO@@EOL@
-------------- next part --------------
#/usr/bin/make -f
#
# logcheck interpolation Makefile
#
# The Makefile allows for the automatic generation of logcheck/egrep -f files,
# using interpolation. Any lines starting with '#: ' and specifying a
variable
# assignment are parsed into variable/value pairs, which are then subsequently
# interpolated recursively into the rest of the file, replacing occurrences of
# the variable name enclosed with 'at' signes (@).
#
# Example:
#
#   #: MYVAR = myval @ANOTHER@
#   #: ANOTHER = foo
#
#   @MYVAR@
#
# This will yield
#
#   myval foo
#
# Limitations:
# - no way to work around the situation when a string /@[_[:alnum:]]+@/ should
#   actually be part of the result.
#
# Copyright ? 2006 martin f. krafft <madduck at debian.org>
# Released under the terms of the Artistic Licence
#
# Revision: 2006.06.30.1253
#

all: $(patsubst %.in,%,$(wildcard *.in))

LEAD = ^\#:
VAR = [_[:alnum:]]+
VAR_ASSIGN = ($(VAR))[[:space:]]*=[[:space:]]*(.*)
ESCAPES = s,\\,\\\\\\,g;s,/,\\/,g

%: SEDSCRIPT = $(shell sed -rne '$(ESCAPES)' -e 's,$(LEAD)
$(VAR_ASSIGN),s/@\1@/\2/g;,p' $<)
%: %.in
	sed -re '/$(LEAD) /d' \
			-e '/^(#|[[:space:]]*$$)/d' \
		$< > $@
	while egrep -q '@$(VAR)@' $@; do \
		md5sum=$$(md5sum $@); \
		sed -i -e "$(SEDSCRIPT)" $@; \
		if [ "$$(md5sum $@)" = "$$md5sum" ]; then \
			VAR="$$(sed -rne 's,.*@([^@]+)@.*,\1,p' $@)"; \
			echo "E: found the variable $$VAR but did not know what to
substitute." >&2; \
			exit 1; \
		fi; \
		cat $@; \
	done
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url :
http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060630/727e7417/attachment.pgp