Public bug reported:
Binary package hint: logcheck-database
The Hardy logcheck-database /etc/logcheck/ignore.d.server/postfix file has this:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics:
max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.:[:xdigit:]]+)?(smtp(s)?|25|submission|587):[.:[:xdigit:]]+\) at \w{3} [
:0-9]{11}$
But that fails on certain logs, resulting in unnecessary logcheck alerts such
as:
System Events
=-=-=-=-=-=-=
Jul 10 19:48:50 hostname postfix/anvil[8482]: statistics: max
connection count 1 for (smtp:unknown) at Jul 10 19:45:05
Adding an "|unknown" regex alternation solves the problem:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics:
max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.:[:xdigit:]]+)?(smtp(s)?|25|submission|587):([.:[:xdigit:]]+|unknown)\) at
\w{3} [ :0-9]{11}$
Test run:
## Original line
# grep 'statistics: max (' postfix
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.:[:xdigit:]]+)?(smtp(s)?|25|submission|587):[.:[:xdigit:]]+\) at \w{3} [
:0-9]{11}$
## Test run
# su -s /bin/bash -c "/usr/sbin/logcheck -tsol /tmp/logtest" logcheck
This email is sent by logcheck. If you wish to no-longer receive it,
you can either deinstall the logcheck package or modify its
configuration file (/etc/logcheck/logcheck.conf).
System Events
=-=-=-=-=-=-=
Jul 10 19:48:50 hostname postfix/anvil[8482]: statistics: max connection count
1 for (smtp:unknown) at Jul 10 19:45:05
Jul 10 19:48:50 hostname postfix/anvil[8482]: statistics: max connection count
1 for (smtp:unknown) at Jul 10 19:45:05
Jul 10 19:48:50 hostname postfix/anvil[8482]: statistics: max connection count
1 for (smtp:unknown) at Jul 10 19:45:05
## Fix it
# vi postfix
## Fixed line
# grep 'statistics: max (' postfix
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.:[:xdigit:]]+)?(smtp(s)?|25|submission|587):([.:[:xdigit:]]+|unknown)\) at
\w{3} [ :0-9]{11}$
## Test run
# su -s /bin/bash -c "/usr/sbin/logcheck -tsol /tmp/logtest" logcheck
## Now silent as expected
#
** Affects: logcheck (Ubuntu)
Importance: Undecided
Status: New
--
logcheck postfix/anvil ignore bug
https://bugs.launchpad.net/bugs/247460
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
