Logcheck devel - Mar 2011 - Bug#617530: log format changed for postfix/smtpd when using XFORWARD

Package: logcheck-database
Version: 1.3.13
Severity: normal
Tags: patch

Hi,
after examining the code for postfix/smtpd, the following parameters for that
specific log line can be present:
client, sasl_method, sasl_username, sasl_sender, orig_queue_id, orig_client

"client" is always present, the others are added where applicable, but
always in the
order explained above.

There have been three different regexps, which can be covered in one.
Please see the attached patch file for details.

Best regards,
Markus


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- no debconf information
-------------- next part --------------
108,110c108
< ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
[[:alnum:]]+: client=[._[:alnum:]-]+\[[[:xdigit:].:]{3,39}\]$
< ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
[[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+,
sasl_username=[-_.@[:alnum:]]+$
< ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
[[:alnum:]]+: client=[^[:space:]]+, sasl_sender=.*$
---
> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]:
[[:alnum:]]+: client=[._[:alnum:]-]+\[[[:xdigit:].:]{3,39}\](,
sasl_method=[-[:alnum:]]+)?(, sasl_username=[-_.@[:alnum:]]+)?(,
sasl_sender=[^[:space:]]+)?(, orig_queue_id=[[:alnum:]]+)?(,
orig_client=[._[:alnum:]-]+\[[[:xdigit:].:]{3,39}\])?$