Bug#316619: [Logcheck-devel] Bug#316619: exim logs?

[Rainer Zocholl]

debian at sternwelten.at(maximilian attems)  06.07.05 11:27

>well without some fresh log messages the rules can't be improved.
>of course you are welcome to try yourself to add to that file
>fine regexes.

The rules you posted fits very good.
I added the rule for 3 further log entries, that need not be reported.

#2005-07-18 10:02:24 1DuQZz-0006So-7V => local.part at do-main.tld <localpart at do-main> R=smarthost T=remote_smtp_smarthost H=server [100.100.100.100]
#2005-07-18 10:02:29 1DuQa3-0002aw- => localpart <localpart at domain> D=real_local T=local_delivery
#2005-07-18 10:02:30 1DuQa3-0002aw-00 => local.part at do-main.tld <localpart at do-main> R=smarthost T=remote_smtp H=smtp.ser-ver [10.10.10.10]
^[-0-9]{10} [0-9:]{8} (Start|End) queue run: pid=[0-9]+$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ <= <> R=[_[:alnum:]-]+ U=[_[:alnum:]-]+ P=local S=[0-9]+$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ <= [@._[:alnum:]-]+ H=[._[:alnum:]-]+ \[[.0-9]{7,15}\] P=esmtp S=[0-9]+ id=[@._[:alnum:]-]+$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ <= [@._[:alnum:]-]+ U=[_[:alnum:]-]+ P=local S=[0-9]+( id=[@._[:alnum:]-]+)?$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ => [@._[:alnum:]-]+ <[@._[:alnum:]-]+> D=real_local T=local_delivery$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ => [@._[:alnum:]-]+ <[@._[:alnum:]-]+> R=dnslookup T=remote_smtp H=[._[:alnum:]-]+ \[[.0-9]{7,15}\]$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ => [@._[:alnum:]-]+ <[@._[:alnum:]-]+> R=smarthost T=remote_smtp H=[._[:alnum:]-]+ \[[.0-9]{7,15}\]$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ => [@._[:alnum:]-]+ <[@._[:alnum:]-]+> R=smarthost T=remote_smtp_smarthost H=[._[:alnum:]-]+ \[[.0-9]{7,15}\]$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ => [@._[:alnum:]-]+ R=dnslookup T=remote_smtp H=[._[:alnum:]-]+ \[[.0-9]{7,15}\] X=TLS-1.0:RSA_AES_256_CBC_SHA:32$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ => [_[:alnum:]-]+ <[@._[:alnum:]-]+> R=local_user T=mail_spool$
^[-0-9]{10} [0-9:]{8} [-[:alnum:]]+ Completed$


There are (maybe) 2 exim directories if one upgraded to exim4:

# these files will be checked by logcheck
/var/log/exim/mainlog
/var/log/exim4/mainlog





Rainer