parachute@optonline.net
2005-Nov-08 05:12 UTC
[Logcheck-users] It's not filtering this one specific line...
I keep seeing...
"Nov 7 23:08:09 ns1 amavis[24086]: (24086-06) WARN: all primary
virus scanners failed, considering backups"
And no matter what I try to make a rule filter for it, it won't go
away! I've tested my rules by doing `cat /var/log/mail.log | egrep
"$my_rule"` and it would work and scroll out all the matched output.
Here is one of the rules I tried...
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: +(\([-0-9]+\) +)?
WARN: all primary virus scanners failed, considering backups
I tried shortened versions, and guaranteed versions like just "all
primary virus" but it still shows in my email summaries...
Todd Troxell
2005-Nov-10 21:52 UTC
[Logcheck-users] It's not filtering this one specific line...
Hi! On Mon, Nov 07, 2005 at 11:13:27PM -0500, parachute@optonline.net wrote:> I keep seeing... > "Nov 7 23:08:09 ns1 amavis[24086]: (24086-06) WARN: all primary > virus scanners failed, considering backups" > > And no matter what I try to make a rule filter for it, it won't go > away! I've tested my rules by doing `cat /var/log/mail.log | egrep > "$my_rule"` and it would work and scroll out all the matched output.The problem is that the word "failed" is triggering a security violation. You will need to add it to a file in violations.ignore.d/ For more info see README.logcheck-database -- Todd Troxell http://rapidpacket.com/~xtat