Ross Boylan
2008-Mar-31 17:01 UTC
[Logcheck-devel] Bug#473619: logcheck-spamd: another modification for unix sockets
Package: logcheck-database
Version: 1.2.63
Severity: normal
Currently, violations.ignore.d/logcheck-spamd includes the pattern
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (spamd|check|re(port|voke))\[[0-9]+\]:
(spamd: )?result: [.YN] [ [:digit:]-]+ - ([._[:alnum:],]+
)?scantime=[0-9.]+,size=[0-9]+,(user=[^,]+,uid=[0-9]+,required_score=[0-9.]+,rhost=[._[:alnum:]-]+,raddr=[0-9.]+,rport=[0-9]+,)?mid=(<[^[:space:]]+>|\(unknown\))(rmid=(<[^[:space:]]+>|\(unknown\)),)?,(bayes=[.[:digit:]]+(e-[[:digit:]]+)?,)?autolearn=(ham|spam|no|disabled|unavailable)
*$
This is failing to match for me, since rport is a path name (unix domain
socket). In keeping with your modification in #448510, I propose this
generalization:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (spamd|check|re(port|voke))\[[0-9]+\]:
(spamd: )?result: [.YN] [ [:digit:]-]+ - ([._[:alnum:],]+
)?scantime=[0-9.]+,size=[0-9]+,(user=[^,]+,uid=[0-9]+,required_score=[0-9.]+,rhost=[._[:alnum:]-]+,raddr=[0-9.]+,rport=[/[:alnum:]]+,)?mid=(<[^[:space:]]+>|\(unknown\))(rmid=(<[^[:space:]]+>|\(unknown\)),)?,(bayes=[.[:digit:]]+(e-[[:digit:]]+)?,)?autolearn=(ham|spam|no|disabled|unavailable)
*$
It's the same except for the part after rport. By the way, I'm not
entirely convinced that pattern will match all possible path names,
though it works for me and probably anyone with a standard
installation.
There may be other cases in which the port/socket pattern needs to be
generalized.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (990, 'stable'), (50,
'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-6-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-- debconf information excluded
Debian Bug Tracking System
2008-Jun-03 22:54 UTC
[Logcheck-devel] Bug#473619: marked as done (logcheck-spamd: another modification for unix sockets)
Your message dated Tue, 03 Jun 2008 22:47:04 +0000 with message-id <E1K3fHU-0000Mf-Mf at ries.debian.org> and subject line Bug#473619: fixed in logcheck 1.2.64 has caused the Debian Bug report #473619, regarding logcheck-spamd: another modification for unix sockets to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner at bugs.debian.org immediately.) -- 473619: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=473619 Debian Bug Tracking System Contact owner at bugs.debian.org with problems -------------- next part -------------- An embedded message was scrubbed... From: Ross Boylan <RossBoylan at stanfordalumni.org> Subject: logcheck-spamd: another modification for unix sockets Date: Mon, 31 Mar 2008 10:01:30 -0700 Size: 3608 Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20080603/3e10eced/attachment.eml -------------- next part -------------- An embedded message was scrubbed... From: maximilian attems <maks at debian.org> Subject: Bug#473619: fixed in logcheck 1.2.64 Date: Tue, 03 Jun 2008 22:47:04 +0000 Size: 9508 Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20080603/3e10eced/attachment-0001.eml