[Logcheck-devel] Bug#532484: please incorporate qmail filters
On Tue, Jun 09, 2009 at 10:36:25AM +0200, martin f krafft wrote: The reason for this email to send you a copy of a file that I am using on my FreeBSD system in ignore.d.paranoid to limit the messages that are pulled out as I am now using logcheck to also check my maillog file qmail is actually using syslog? Color me surprised! :) I'm reassigning this bug report to qmail, since qmail-src already comes with a sample logcheck ruleset, albeit in /usr/share/doc. (See #271118 for an explanation.) Hence it was removed from logcheck-database many years ago. The general consensus is that package maintainers can do a far better job at managing logcheck rules, since they actually have a clue about how their programs behave, whereas logcheck-database people can only try and poke the beast with pointy sticks until it stops moving. Jon, don't hesitate to let us know if we can be of any help in this matter. (And FYI, you only need to install as root:root 0640 or 0644.) -- Linux poses a real challenge for those with a taste for late-night hacking (and/or conversations with God). -- Matt Welsh ___ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
[Logcheck-devel] Bug#532484: please incorporate qmail filters
Package: logcheck-database
Severity: wishlist
Tags: patch
Submitter: Robert McKenzie vk...@internode.on.net
- Forwarded message from Robert McKenzie vk...@internode.on.net -
Martin,
The reason for this email to send you a copy of a file that I am using
on my FreeBSD system in ignore.d.paranoid to limit the messages that
are pulled out as I am now using logcheck to also check my maillog file
and as you are actively working with logcheck, thought that you might
like to incorporate it for those who also use qmail.
I must admit that I this is my one attempt at regexp but hope that it
is not unreasonable as I have tried to make it generic enough for anyone
to use.
The first part of the lines is what I ripped from other such files but
from qmail on is the result of my experimentation and seems to do the
job.
As I expect this will be a one off, I did not bother with the mailing
list but would consider it should the need arise.
Regards,
Robert McKenzie.
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ qmail: [0-9]+\.[0-9]+ (new|end) msg
[[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ qmail: [0-9]+\.[0-9]+ info msg [[:digit:]]+:
[[:alpha:]]+ [[:digit:]]+ [[:alnum:]]+
[._[:alnum:]...@[._[:alnum:]-]+\.+[[:alpha:]]{2,4} [[:alpha:]]+ [[:digit:]]+
[[:alpha:]]+ [[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ qmail: [0-9]+\.[0-9]+ starting delivery
[[:digit:]]+: [[:alpha:]]+ [[:digit:]]+ [[:alpha:]]+ [[:alpha:]]+
[._[:alnum:]...@[._[:alnum:]-]+\.+[[:alpha:]]{2,4}$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ qmail: [0-9]+\.[0-9]+ status: [[:alpha:]]+
[[:digit:]]+/[[:digit:]]+ [[:alpha:]]+ [[:digit:]]+/[[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ qmail: [0-9]+\.[0-9]+ delivery [0-9]+:
[[:alpha:]]+: [_/+[:alnum:]-]+$
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/)
___
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
