Logcheck devel - Jun 2009 - Bug#532484: please incorporate qmail filters

Package: logcheck-database
Severity: wishlist
Tags: patch
Submitter: Robert McKenzie <vk7rb at internode.on.net>

----- Forwarded message from Robert McKenzie <vk7rb at internode.on.net>
-----

Martin,

The reason for this email to send you a copy of a file that I am using
on my FreeBSD system in "ignore.d.paranoid" to limit the messages that
are pulled out as I am now using logcheck to also check my maillog file
and as you are actively working with logcheck, thought that you might
like to incorporate it for those who also use qmail.

I must admit that I this is my one attempt at "regexp" but hope that
it
is not unreasonable as I have tried to make it generic enough for anyone
to use.

The first part of the lines is what I ripped from other such files but
from qmail on is the result of my experimentation and seems to do the
job.

As I expect this will be a one off, I did not bother with the mailing
list but would consider it should the need arise.

Regards,
Robert McKenzie.

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ qmail: [0-9]+\.[0-9]+ (new|end) msg
[[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ qmail: [0-9]+\.[0-9]+ info msg [[:digit:]]+:
[[:alpha:]]+ [[:digit:]]+ [[:alnum:]]+
<[._[:alnum:]-]+@[._[:alnum:]-]+\.+[[:alpha:]]{2,4}> [[:alpha:]]+
[[:digit:]]+ [[:alpha:]]+ [[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ qmail: [0-9]+\.[0-9]+ starting delivery
[[:digit:]]+: [[:alpha:]]+ [[:digit:]]+ [[:alpha:]]+ [[:alpha:]]+
[._[:alnum:]-]+@[._[:alnum:]-]+\.+[[:alpha:]]{2,4}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ qmail: [0-9]+\.[0-9]+ status: [[:alpha:]]+
[[:digit:]]+/[[:digit:]]+ [[:alpha:]]+ [[:digit:]]+/[[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ qmail: [0-9]+\.[0-9]+ delivery [0-9]+:
[[:alpha:]]+: [_/+[:alnum:]-]+$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/)
URL:
<http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20090609/9e4c3e64/attachment.pgp>

On Tue, Jun 09, 2009 at 10:36:25AM +0200, martin f krafft
wrote:
> The reason for this email to send you a copy of a file that I am using
> on my FreeBSD system in "ignore.d.paranoid" to limit the messages
that
> are pulled out as I am now using logcheck to also check my maillog file
qmail is actually using syslog?  Color me surprised!  :)

I'm reassigning this bug report to qmail, since qmail-src already comes
with a sample logcheck ruleset, albeit in /usr/share/doc.  (See #271118
for an explanation.)  Hence it was removed from logcheck-database many
years ago.

The general consensus is that package maintainers can do a far better
job at managing logcheck rules, since they actually have a clue about
how their programs behave, whereas logcheck-database people can only try
and poke the beast with pointy sticks until it stops moving.

Jon, don't hesitate to let us know if we can be of any help in this
matter.  (And FYI, you only need to install as root:root 0640 or 0644.)


-- 
Linux poses a real challenge for those with a taste for late-night
hacking (and/or conversations with God).
		-- Matt Welsh