[Logcheck-devel] Bug#254133: logcheck: additional innd rules

Jamie L. Penman-Smithson jamie at silverdream.org
Sun Jun 13 10:02:24 UTC 2004


On Sun, 2004-06-13 at 01:46, Jamie L. Penman-Smithson wrote:
> Package: logcheck
> Version: 1.2.22a
> Severity: minor
> 
> There are some messages from INN which are not being filtered:

They are currently listed as Sec Events:

Security Events
=-=-=-=-=-=-=-=
Jun 13 02:03:31 lorien innfeed[24951]: news.uhro.net checkpoint seconds
4200 offered 287 accepted 5 refused 98 rejected 183 missing 1 accsize
15459 rejsize 659172 spooled 0 on_close 0 unspooled 3 deferred 0/0.0
requeued 0 queue 0.0/200:100,0,0,0,0,0

I forgot to say that they should go in
logcheck.violations.d/logcheck-innd

In addition I just noticed:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ innd:
(localhost\:[0-9]+|[[[:alnum:]]+:[0-9]+) (closed|checkpoint) seconds
[0-9]+ accepted [0-9]+ refused [0-9]+ rejected [0-9]+ duplicate [0-9]+
accepted size [0-9]+ duplicate size [0-9]+$

..which doesn't work. As I understand it [[[:alnum:]]+:[0-9]+ will only
match if the hostname is an IP, which is not always going to be the
case? It also does not match on innd [...] final seconds [...] messages.

-j

-- 
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
 w: http://www.silverdream.org | p: sms at silverdream.org
 pgp key @ http://silverdream.org/~jps/pub.key
 10:30:01 up 3 days, 31 min, 13 users,  load average: 1.13, 0.99, 0.75

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040613/dc3f63c1/attachment.pgp 


More information about the Logcheck-devel mailing list