[Logcheck-devel] Bug#334342: logcheck-database: regexp for postfix/anvil is too restrictive
flavien
flavien-debian at lebarbe.net
Mon Oct 17 10:24:18 UTC 2005
Package: logcheck-database
Version: 1.2.39
Severity: normal
postfix configuration (master.cf) allows the administrator to specify a
machine name/IP before the "smtp" keyword. For example, I have :
1.2.3.4:smtp inet n - n - - smtpd
In this case, when remote server 4.5.6.7 connects too fast, anvil logs
look like :
Oct 17 06:27:33 red postfix/anvil[10531]: statistics: max connection rate 1/60s for (1.2.3.4:smtp:4.5.6.7) at Oct 17 06:09:23
Because of the "1.2.3.4:" before "smtp", the current regexp in
/etc/logcheck/ignore.d.server/postfix does not match.
I suggest it to be changed to:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max connection (count|rate) [/[:digit:]s]+ for \(([.[:alnum:]-]+:)?smtp(s)?:[.:[:digit:]]+\) at \w{3} [ :0-9]{11}$
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy
More information about the Logcheck-devel
mailing list