> #dkimproxy > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dkimproxy.out\[[0-9]+\]: connect from .*$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dkimproxy.out\[[0-9]+\]: DKIM signing - > signed; .*$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dkimproxy.out\[[0-9]+\]: DKIM signing - > skipped; .*$
No rules at all. Jul 7 12:39:21 hosting dkimproxy.out[1508]: DKIM signing - skipped; message-id=<cb42d0dfb3a2eb598e162cfe3b6ea...@www.xyz.com>, from=<em...@dot.com> Jul 7 12:39:21 hosting dkimproxy.out[1508]: DKIM signing - signed; message-id=<cb42d0dfb3a2eb598e162cfe3b6ea...@www.xyz.com>, from=<em...@dot.com> Jul 7 12:39:21 hosting dkimproxy.out[1508]: connect from 127.0.0.1 > #postfix > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: discarding EHLO > keywords: 8BITMIME STARTTLS$ In 1.3.10, sorry. > #ssh > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: error writing > /proc/self/oom_adj: Operation not permitted$ Not there. > #ntp > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time sync status > change 4001 No config at all > #cron-apt > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cron-apt: After this operation, [:alnum:]+ > disk space will be freed.$ In 1.3.10, sorry. > #syslog-ng > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslog-ng\[[0-9]+\]: Log statistics;.*$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslog-ng\[[0-9]+\]: Configuration reload > request received, reloading configuration;$ syslog-ng[31823]: Log statistics; processed='destination(d_error)=3', processed='destination(d_messages)=298', processed='src.internal(s_src#1)=90', stamp='src.internal(s_src#1)=1278499023', processed='destination(d_syslog)=90', processed='center(received)=0', processed='destination(d_xconsole)=3', processed='destination(d_newscrit)=0', processed='destination(d_auth)=1452', processed='destination(d_daemon)=1', processed='global(payload_reallocs)=0', processed='global(msg_clones)=0', processed='destination(d_mail)=64', processed='destination(d_cron)=711', processed='destination(d_kern)=132', processed='destination(d_uucp)=0', processed='destination(d_debug)=4', processed='destination(d_lpr)=0', processed='destination(d_user)=76', processed='center(queued)=0', processed='global(sdata_updates)=0', processed='destination(d_newsnotice)=0', processed='destination(d_console_all)=3', processed='destination(d_console)=1', processed='source(s_src)=2530', processed='destination(d_newserr)=0' > #shorewall > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Shorewall:.*$ Shorewall can log to an outside file. Logging to syslog is causing every packet drop to be in logcheck. Example: Jul 7 12:40:04 dev kernel: Shorewall:net2fw:DROP:IN=venet0 OUT= PHYSIN=eth0 MAC= SRC=X.Y.Z.A DST=A.B.C.D LEN=404 TOS=0x00 PREC=0x00 TTL=32 ID=54796 PROTO=UDP SPT=2368 DPT=1434 LEN=384 > #libpam-cracklib > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cracklib: no dictionary update necessary.$ Not there. > #modprobe? > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ modprobe: WARNING: Not loading blacklisted > module ipv6.$ Should be in fact: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ modprobe: WARNING: Not loading blacklisted module [:alnum:]+$ > #bind > #success resolving 'www.mac.com/AAAA' (in 'mac.com'?) after reducing the > advertised EDNS UDP packet size to 512 octets > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: success resolving.*$ In 1.3.10, sorry. > #rsyncd > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyncd\[[0-9]+\]: file has vanished: .*$ > Not there. > #netatalk > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: server_child[[:xdigit:]+] > [:xdigit:]+ exited 1$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam.c :PAM: PAM > Success$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam.c :PAM: PAM > Auth OK!$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: login [:alpha:]+ (uid > [:xdigit:]+, gid [:xdigit:]+) AFP3.1$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: dhx login: [:alpha:]+$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: ipc_read: command: .*$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: Setting clientid .*$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: pc_get_session: .*$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: bad function .*$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: ASIP session:.*$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_alarm: child timed out$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [:alpha:]+ read, > [:alpha:]+ written$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: Connection terminated$ > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: server_child[[:xdigit:]+] > [:xdigit:]+ exited 1$ No rules at all. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org