Bug#265176: [Logcheck-devel] Bug#265176: logcheck: rules for gps policy daemon with postfix

[maks attems]

tags 265176 pending
thanks

On Thu, 12 Aug 2004, Jamie L. Penman-Smithson wrote:

> Package: logcheck
> Version: 1.2.24
> Severity: minor
> 
> If you run the gps policy server with postfix, you end up with a lot of
> unneeded messages:
> 
> Aug 12 01:15:18 lorien gps[27125]: disconnecting from DB
> Aug 12 01:31:47 lorien gps[27264]: started (ver.: 0.7b built: Jul 14
> 2004 14:39:53)
> Aug 12 01:31:47 lorien gps[27264]: ok:
> 'bounce-debian-user=devnull=silverdream.org at lists.debian.org' ->
> 'devnull at silverdream.org', '146.82.138.6' (1350, 1695 secs)
> Aug 12 01:37:35 lorien gps[27332]: new: 'tseun at loyalistc.on.ca' ->
> 'brad.smith at bluemelon.net', '82.217.137.112'
> Aug 12 01:46:44 lorien gps[27483]: wl nw:
> 'spamassassin-users-return-14314-devnull=silverdream.org at incubator.apache.org' -> 'devnull at silverdream.org', '209.237.227.': apache.org mailing lists
> 
> The following regexps match the above messages:
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: disconnecting from DB$
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: started \(ver.:
> [a-z0-9\.]+ built: [A-Za-z]+ [0-9[:space:]]+
> [0-9]{2}:[0-9]{2}:[0-9]{2}\)$
> 
> For the other three rules, this is the closest I could get. Really these
> will probably need to be separate rules:
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: (ok|new|wl nw):
> '[[:alnum:][:punct:]]+@[[:alnum:][:punct:]]+'.*$
> 
> Thanks,

nice bug report, 
i've added the attached rules for next release, please test them?
1 rule unmodified, 
2 rule uses [[:alpha:]] instead of [a-zA-Z] explanations at ("Writing
rules"): /usr/share/doc/logcheck-database/README.logcheck-database.gz
3 rule uses [^[:space:]] to match emails, but fails on above 3 log message
the ip inside there seems very strange '209.237.227.'

thanks for a review + test


--
maks

-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: disconnecting from DB$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: started \(ver.: [.[:alnum:]]+ built: \w{3} [0-9]{2} [0-9]{4} [0-9:]{8}\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: (new|ok): '[^[:space:]]+' -> '[^[:space:]]+', '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'.*$
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040813/5c4ebe16/attachment.pgp