Armin Berres
2007-Jan-27 20:00 UTC
[Logcheck-devel] Bug#408700: logcheck-database: a first set of rules for policyd-weight
Package: logcheck-database
Severity: wishlist
Tags: patch
Please consider the attached file as ignore.d.server/policyd-weight.
It is a first set of rules which matches most of the output generated by
policyd-weight.
I hope the rules are qualitative ok for you. I not just tell me and I'll try
to
fix them.
/Armin
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1,
'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.18-99
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]:
decided action=PREPEND X-policyd-weight: using cached result; rate:
(-)?[[:digit:].]+
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]:
decided action=(450 |550) (Mail appeared to be SPAM or forged. Ask your
Mail/DNS-Administrator to correct HELO and DNS MX settings or to get removed
from DNSBLs(; in [^[:space:]]+)*|Your MTA is listed in too many DNSBLs; check
[^[:space:]]+) $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policyd-weight\[[[:digit:]]+\]:
(weighted check|decided action=PREPEND X-policyd-weight):
([_[:alpha:]]+=(-)?[[:digit:].]+ )+\(check from: [^[:space:]]+ - helo:
[^[:space:]]+ - helo-domain: [^[:space:]]+\)
([\()/_[:alpha:]]+=(-)?[[:digit:].]+ )+<client=[^[:space:]]+>
<helo=[^[:space:]]+> <from=[^[:space:]]+> <to=[^[:space:]]+>,
rate: (-)?[[:digit:].]+ $
Armin Berres
2007-Jan-28 10:37 UTC
[Logcheck-devel] Bug#408700: logcheck-database: a first set of rules for policyd-weight
I just noticed three things. 1) I was missing a $ in the first line of the file 2) Logcheck eliminates whitespace at the end of lines (why? this way you can't directly use the logfile for testing...). 3) policyd-weight rules should be appended to ignore.d.server/postfix. Attached you find an updated patch. It's working here without problems. /Armin -------------- next part -------------- A non-text attachment was scrubbed... Name: policyd-weight.patch Type: text/x-patch Size: 1432 bytes Desc: not available Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20070128/8fe8e149/attachment.bin
Reasonably Related Threads
- [PATCH] i.d.s/postfix: fixed policyd-weight patterns
- Bug#583155: logcheck-database: Please create rules for amavis(d-new)
- Bug#303661: logcheck-database: openntpd rules
- Bug#632471: logcheck-database: spamd child cleanup message broken after upgrade to squeeze
- Bug#566107: logcheck-database: with violations.d/logcheck empty most rules in violations.ignore.d look useless