Dear fellow Logcheck users! Problem description in short: Lines matching /etc/logcheck/violations.d/logcheck are reported as "Security Alert", even if they match a line in /etc/logcheck/violations.ignore.d/local-*. Problem description in long (i.e. how to reproduce): Sometimes, Postfix log files contain (spammer's) e-mail addresses with "bad words", such as "attack". Clearly, these log lines are of no value to me, so I would like to filter them by putting appropriate regexps in a file in violations.ignore.d. For example, my violations.ignore.d/local-postfix contains the following line: garak postfix/ ("garak" is my host name and I use this line just for debugging -- the real regexp is, of course, much more specific.) Now I have a logfile in /tmp/testlog containing the following (fictional, again, just for debugging) line: Apr 5 13:13:10 garak postfix/smtpd[21339]: you got mail from <attackme@example.com> However, running logcheck still shows this line: $ sudo sudo -u logcheck logcheck -oTtl /tmp/testlog This email is sent by logcheck. If you wish to no-longer receive it, you can either deinstall the logcheck package or modify its configuration file (/etc/logcheck/logcheck.conf). Security Alerts =-=-=-=-=-=-=-Apr 5 13:13:10 garak postfix/smtpd[21339]: you got mail from <attackme@example.com> Adding the ignore line to logcheck-postfix rather than to local-postfix does not help either. Any suggestions? Version in use: 1.2.39, Debian stable (sarge). Greetings, Heinzi