Logcheck devel - Oct 2004 - Bug#275946: Acknowledgement (newline not recognized when logcheck sends emails)

I upgraded to 1.2.28, same results.

Here are the rules I added.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: [^[:space:]]+ \[NOTICE\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: [^[:space:]]+ \[INFO\]
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ exact\[[0-9]+\]:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ slapd\[[0-9]+\]:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: IN-inet:IN
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: NEW TCP
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: SYN FLOOD:IN
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+:
reject: RCPT from [^[:space:]]+: [0-9]{3} <[^[:space:]]+>: Relay access
denied; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP)
helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+:
reject: RCPT from [^[:space:]]+: [0-9]{3} <[^[:space:]]+>: User unknown in
local recipient table; from=<[^[:space:]]*> to=<[^[:space:]]+>
proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/imapd\[[0-9]+\]: SQUAT failed.*$

On Mon, 11 Oct 2004, Brendon Baumgartner wrote:
> I upgraded to 1.2.28, same results.
> 
> Here are the rules I added.
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect:
fixed in latest cvs.
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: [^[:space:]]+ \[NOTICE\]
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pure-ftpd: [^[:space:]]+ \[INFO\]
please show us the loglines you want to ignore with
those.
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ exact\[[0-9]+\]:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ slapd\[[0-9]+\]:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from
pretty tooo generic, with those you trust any message of aboves 2 daemons,
again please send logmessages.
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: IN-inet:IN
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: NEW TCP
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: SYN FLOOD:IN
what that? iptables?
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+:
> reject: RCPT from [^[:space:]]+: [0-9]{3} <[^[:space:]]+>: Relay
access
> denied; from=<[^[:space:]]*> to=<[^[:space:]]+>
proto=(ESMTP|SMTP)
> helo=<[^[:space:]]+>$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+:
> reject: RCPT from [^[:space:]]+: [0-9]{3} <[^[:space:]]+>: User
unknown in
> local recipient table; from=<[^[:space:]]*> to=<[^[:space:]]+>
> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
thanks now fixed in cvs,
we ignored NOQUEUE, which other are appearing, curious about the log
messages?
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/imapd\[[0-9]+\]: SQUAT failed.*$
please no '.*' without reasons,
logmessages would help.

i don't see a reason why your logcheck messages are linewrapped,
because of aboves new rules, could you please try to send the
local-* files in attached form and try to reproduce it with
an open and free mailer like mozilla.

thanks for your bugreport.

--
maks