Bug#340226: [Logcheck-devel] Bug#340226: logcheck does not succeessfully filter postfix/policy-spf or amavis
Lia Treffman
ltreffman at optivel.com
Tue Nov 22 16:24:29 UTC 2005
Hi!
Thanks for the quick response. What should the permissions be?
Lia
Todd Troxell wrote:
>Hi Lia,
>
>On Mon, Nov 21, 2005 at 04:57:26PM -0500, Lia Treffman wrote:
>
>
>>I am using Linux smtp 2.6.8-2-686-smp and libc6 2.3.2.ds1-22.
>>
>>I am running logcheck on a server named smtp, and I would like to filter
>>all lines in /var/log/syslog matching the following expressions:
>>
>>Nov 21 19:29:13 smtp postfix/policy-spf[1429]: blah blah blah
>>Nov 21 19:23:01 smtp amavis[31328]: blah blah blah
>>
>>I have a file called 'noise':
>>
>>smtp postfix/policy-spf.*$
>>smtp amavis.*$
>>
>>When I run 'grep -f noise /var/log/syslog', I get the expected result.
>>For convenience, I have attached 'noise' and 'sample_syslog', which is a
>>sterilized segment of our /var/log/syslog.
>>
>>I have tried running logcheck with 'noise' in the following directories:
>>/etc/logcheck/ignore.d -> ignore.d.server
>>/etc/logcheck/violations.ignore.d
>>/etc/logcheck/cracking.ignore.d
>>
>>I have also tried putting the text of 'noise' in the following files:
>>/etc/logcheck/ignore.d/postfix or amavis (as appropriate)
>>/etc/logcheck/violations.ignore.d/logcheck-postfix or logcheck-amavis
>>(as appropriate)
>>
>>All of the postfix/policy-spf and amavis records appear in the email. I
>>have also tried it with the '^\w{3} [ :0-9]{11} [._[:alnum:]-]+' lead-in
>>to the regex and it doesn't make a difference.
>>
>>There are other regexes in /etc/logcheck/ignore.d files which also do
>>not filter as they are supposed to. However, the postfix/policy-spf and
>>amavis are the most problematic.
>>
>>
>
>I was unable to reproduce this. I dropped your noise file into my
>/etc/logcheck/ignore.d.server/ and ran it through your sample_syslog in both
>1.2.39 and current CVS head to no avail.
>
>Are you sure the permissions are correct on your rule files/dirs?
>
>--
>Todd Troxell
>http://xtat.rapidpacket.com/
>
>
--
Lia Treffman Optivel, Inc. 317-275-2304
Network Systems Developer / DBA Sorcerer's Apprentice ltreffman at optivel.com http://www.optivel.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051122/d61fe53c/attachment.htm
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051122/d61fe53c/attachment.pgp
More information about the Logcheck-devel
mailing list