package: logcheck-database version: 1.3.13 severity: wishlist Hi,
basically daily I get system events like Aug 30 17:18:12 alpha amavis[25542]: (25542-18) Passed SPAM, [128.233.192.41] [60.191.19.150] <akeiaioiw32e...@yahoo.de> -> <hol...@layer-acht.org>, quarantine: l/spam-lqVFlLbHc1ZN.gz, Message-ID: <shareweb13l6qkejmuf00007...@shareweb1.usask.ca>, mail_id: lqVFlLbHc1ZN, Hits: 8.447, size: 3335, queued_as: 136AACACFE1, 458 ms which are quite annoying. The supplied amavisd rules don't catch it and my cusom local rules (attached) neither. I'd be happy if you could point out the error in my rules as well updating the packages rules. Thanks for maintaining logcheck! cheers, Holger
amavis\[[0-9]+\]: +(\([-0-9]+\) +)INFO: no existing header field 'Subject', inserting it$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed CLEAN,( \[(IPv6)?[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: -?[.[:digit:]]*, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed SPAM,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*,( quarantine: ?/spam-[-[:alnum:]]+.gz, )(Message-ID: <[^>]+>)( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed SPAM,( \[(IPv6)?[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*,( quarantine: ?/spam-[-[:alnum:]]+.gz,) Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: -?[.[:digit:]]*, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed UNCHECKED,( \[[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: (-[.[:digit:]]*)+, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed UNCHECKED,( \[(IPv6)?[.:[:xdigit:]]+\]){0,2} <[^>]*> -> <[^>]*>(,<[^>]*>)*, Message-ID: <[^>]+>( \((added by[^)]+|sfid-[_[:xdigit:]]+)\))?,( Resent-Message-ID: <[^>]+>,)? mail_id: [-+[:alnum:]]+, Hits: -?[.[:digit:]]*, size: [[:xdigit:]]+, queued_as: [[:xdigit:]]+( OK id=[-[:alnum:]]+)?, [[:digit:]]+ ms$
_______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-devel