[Logcheck-devel] so, about preprocessing... (#376106)

martin f krafft madduck at debian.org
Mon Jul 3 22:52:35 UTC 2006


I have been given commit access to logcheck by Todd and I am
definitely inclined to help out with rule maintenance, but I would
like to bring #376106 up onto the table.

I've been playing around with my little Makefile and am really
pleased with it. Instead of cryptic regexps, I can just define rules
like so:

  @LEAD@ @PROC_SMTP@: @QUEUE_ID@: @TO@, relay=@DNIP@, @DELAY@,
    @DSNS@, status=deliverable \(@SMTP_SSTATUS@ recipient @EMAIL@

which will expand to

  ^[[:upper:]][[:alpha:]]{2} ([[:digit:]]{2}| [[:digit:]])
  ([[:digit:]]{2}:){2}[[:digit:]]{2} seamus
  postfix/smtp\[[[:digit:]]{1,5}\]: (NOQUEUE|[A-F[:digit:]]+):
  dsn=2\.[[:digit:]]+\.[[:digit:]]+, status=deliverable
  \(2[[:digit:]]{2} recipient
  <([-_.+=[:alnum:]]+@[-_.[:alnum:]]+|[[:alnum:]]+)> ok\)$

OMG you might say, and rightly so... the generated rules are even
less readable to humans, but this way, I can make sure that e.g. an
IP address is always the same:
"([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}" (which could be even more
refined). This makes rule maintenance far easier IMHO, and also
provides for greater consistency in the rules.

I think I could implement this in logcheck non-intrusively, but I'd
want to hear what people have to say first.

So, any comments?

 .''`.     martin f. krafft <madduck at debian.org>
: :'  :    proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system
i welcome your constructive criticism and corrections.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060704/04938f7a/attachment.pgp 

More information about the Logcheck-devel mailing list