[Logcheck-commits] r1569 - in logcheck/trunk: debian rulefiles/linux/ignore.d.server

Mon May 21 22:11:14 UTC 2007

Author: madduck
Date: 2007-05-21 22:11:14 +0000 (Mon, 21 May 2007)
New Revision: 1569

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/ignore.d.server/spamd
Log:
* ignore.d.server/spamd:
  - add rules to ignore messages related to --allow-tell
  - add (temporary) rules for messages generated by razor2 until the
    maintainer adds them (I hope).
  - beefed up the regexp to match more names in virtual setups.

Modified: logcheck/trunk/debian/changelog
===================================================================

--- logcheck/trunk/debian/changelog	2007-05-21 08:22:06 UTC (rev 1568)
+++ logcheck/trunk/debian/changelog	2007-05-21 22:11:14 UTC (rev 1569)
@@ -22,11 +22,15 @@
   * ignore.d.server/ntp:
     - ignore kernel time sync status change.
 
+  * ignore.d.server/spamd:
+    - add rules to ignore messages related to --allow-tell
+    - add (temporary) rules for messages generated by razor2 until the
+      maintainer adds them (I hope).
+    - beefed up the regexp to match more names in virtual setups.
+
   * Made dependency on logtail unversioned.
-  *
-  * 
 
- -- martin f. krafft <madduck at debian.org>  Mon, 21 May 2007 10:21:54 +0200
+ -- martin f. krafft <madduck at debian.org>  Tue, 22 May 2007 00:10:17 +0200
 
 logcheck (1.2.56) unstable; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/spamd
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/spamd	2007-05-21 08:22:06 UTC (rev 1568)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/spamd	2007-05-21 22:11:14 UTC (rev 1569)
@@ -1,13 +1,21 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)? connection from [._[:alnum:]-]+ \[[\.[:digit:]]+\] at port [0-9]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (spamd|check)\[[0-9]+\]:( spamd:)? connection from [._[:alnum:]-]+ \[[\.[:digit:]]+\] at port [0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)? (info: )?setuid to [[:alnum:]-]+ succeeded(, reading scores from SQL)?$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)? (clean message|identified spam) \([0-9.-]+/[0-9.]+\) for [-._+=[:alnum:]]+(@[-.[:alnum:]]+)?(:[[:digit:]]+)? in [0-9.]+ seconds, [0-9]+ bytes\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (spamd|check)\[[0-9]+\]:( spamd:)? (clean message|identified spam) \([0-9.-]+/[0-9.]+\) for [-._+=[:alnum:]]+(@[-.[:alnum:]]+)?(:[[:digit:]]+)? in [0-9.]+ seconds, [0-9]+ bytes\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: prefork: child states: [[:upper:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)? got connection over [/[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)? handled cleanup of child pid [0-9]+ due to SIGCHLD$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)? server successfully spawned child process, pid [0-9]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)? using default config for [-._+=[:alnum:]]+(@[-.[:alnum:]]+)?: /[-./_[:alnum:]]+/\.spamassassin/user_prefs$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)? (process|check)ing message (<[^>]+>( aka <[^>]+>)?|\(unknown\)) for [-._+=[:alnum:]]+(@[-.[:alnum:]]+:[[:digit:]]+|:[[:digit:]]+)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (spamd|check)\[[0-9]+\]:( spamd:)? using default config for [-._+=[:alnum:]]+(@[-._[:alnum:]]+)?: /[-./_[:alnum:]]+/\.spamassassin/user_prefs$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (spamd|check)\[[0-9]+\]:( spamd:)? (process|check)ing message (<[^>]+>( aka <[^>]+>)?|\(unknown\)) for [-._+=[:alnum:]]+(@[-.[:alnum:]]+)?(:[[:digit:]]+)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]:( spamd:)? server pid: [[:digit:]]{1,5}$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: logger: removing stderr method$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (spamd: )?result: [.YN] [ [:digit:]-]+ - [._[:alnum:],]+ scantime=[0-9.]+,size=[0-9]+,(user=[^,]+,uid=[0-9]+,required_score=[0-9.]+,rhost=[._[:alnum:]-]+,raddr=[0-9.]+,rport=[0-9]+,)?mid=<[^[:space:]]+>,(bayes=[.[:digit:]]+(e-[[:digit:]]+)?,)?autolearn=(ham|spam|no)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (spamd|check)\[[0-9]+\]: (spamd: )?result: [.YN] [ [:digit:]-]+ -( [._[:alnum:],]+)? scantime=[0-9.]+,size=[0-9]+,(user=[^,]+,uid=[0-9]+,required_score=[0-9.]+,rhost=[._[:alnum:]-]+,raddr=[0-9.]+,rport=[0-9]+,)?mid=<[^[:space:]]+>(,rmid=<[^[:space:]]+>)?,(bayes=[.[:digit:]]+(e-[[:digit:]]+)?,)?autolearn=(ham|spam|no|disabled)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: FuzzyOcr: FuzzyOcr stopped, message got [[:digit:]]+ points by other FuzzyOcr tests \([.[:digit:]]+>[.[:digit:]]+\)\.$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (spamd: )?Tell: Setting (local|remote|local,remote) for [-._+=[:alnum:]]+(@[-.[:alnum:]]+)?(:[[:digit:]]+)? in [.[:digit:]]+ seconds, [[:digit:]]+ bytes$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: (spamd: )?Tell: Did nothing for [-._+=[:alnum:]]+(@[-.[:alnum:]]+)?(:[[:digit:]]+)? in [.[:digit:]]+ seconds, [[:digit:]]+ bytes$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: reporter: spam reported to (DCC|SpamCop)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: reporter: could not report spam to ((Py|Ra)zor|SpamCop)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: reporter: no revoke methods available, so couldn't revoke$
+# razor, temporary I hope
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ check\[[0-9]+\]: \[ 2\] \[bootup\] Logging initiated LogDebugLevel=[[:digit:]]+ to sys-syslog$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ check\[[0-9]+\]: \[ 3\] mail [[:digit:]]+ is (not )?known spam\.$


