[Logcheck-devel] Bug#334342: logcheck-database: regexp for postfix/anvil is too restrictive

[flavien]

Package: logcheck-database
Version: 1.2.39
Severity: normal


postfix configuration (master.cf) allows the administrator to specify a
machine name/IP before the "smtp" keyword. For example, I have :

1.2.3.4:smtp inet       n       -       n       -       - smtpd

In this case, when remote server 4.5.6.7 connects too fast, anvil logs 
look like :
Oct 17 06:27:33 red postfix/anvil[10531]: statistics: max connection rate 1/60s for (1.2.3.4:smtp:4.5.6.7) at Oct 17 06:09:23 

Because of the "1.2.3.4:" before "smtp", the current regexp in 
/etc/logcheck/ignore.d.server/postfix does not match. 

I suggest it to be changed to:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max connection (count|rate) [/[:digit:]s]+ for \(([.[:alnum:]-]+:)?smtp(s)?:[.:[:digit:]]+\) at \w{3} [ :0-9]{11}$

-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.4.30.13  Debian configuration management sy