[Logcheck-devel] Bug#254133: logcheck: additional innd rules
Jamie L. Penman-Smithson
jamie at silverdream.org
Sun Jun 13 10:02:24 UTC 2004
On Sun, 2004-06-13 at 01:46, Jamie L. Penman-Smithson wrote:
> Package: logcheck
> Version: 1.2.22a
> Severity: minor
>
> There are some messages from INN which are not being filtered:
They are currently listed as Sec Events:
Security Events
=-=-=-=-=-=-=-=
Jun 13 02:03:31 lorien innfeed[24951]: news.uhro.net checkpoint seconds
4200 offered 287 accepted 5 refused 98 rejected 183 missing 1 accsize
15459 rejsize 659172 spooled 0 on_close 0 unspooled 3 deferred 0/0.0
requeued 0 queue 0.0/200:100,0,0,0,0,0
I forgot to say that they should go in
logcheck.violations.d/logcheck-innd
In addition I just noticed:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ innd:
(localhost\:[0-9]+|[[[:alnum:]]+:[0-9]+) (closed|checkpoint) seconds
[0-9]+ accepted [0-9]+ refused [0-9]+ rejected [0-9]+ duplicate [0-9]+
accepted size [0-9]+ duplicate size [0-9]+$
..which doesn't work. As I understand it [[[:alnum:]]+:[0-9]+ will only
match if the hostname is an IP, which is not always going to be the
case? It also does not match on innd [...] final seconds [...] messages.
-j
--
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
w: http://www.silverdream.org | p: sms at silverdream.org
pgp key @ http://silverdream.org/~jps/pub.key
10:30:01 up 3 days, 31 min, 13 users, load average: 1.13, 0.99, 0.75
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040613/dc3f63c1/attachment.pgp
More information about the Logcheck-devel
mailing list