[Logcheck-devel] so, about preprocessing... (#376106)
martin f krafft
madduck at debian.org
Mon Jul 3 22:52:35 UTC 2006
Hi,
I have been given commit access to logcheck by Todd and I am
definitely inclined to help out with rule maintenance, but I would
like to bring #376106 up onto the table.
I've been playing around with my little Makefile and am really
pleased with it. Instead of cryptic regexps, I can just define rules
like so:
@LEAD@ @PROC_SMTP@: @QUEUE_ID@: @TO@, relay=@DNIP@, @DELAY@,
@DSNS@, status=deliverable \(@SMTP_SSTATUS@ recipient @EMAIL@
ok\)@EOL@
which will expand to
^[[:upper:]][[:alpha:]]{2} ([[:digit:]]{2}| [[:digit:]])
([[:digit:]]{2}:){2}[[:digit:]]{2} seamus
postfix/smtp\[[[:digit:]]{1,5}\]: (NOQUEUE|[A-F[:digit:]]+):
to=<([-_.+=[:alnum:]]+@[-_.[:alnum:]]+|[[:alnum:]]+)>(,
orig_to=<([-_.+=[:alnum:]]+@[-_.[:alnum:]]+|[[:alnum:]]+)>)?,
relay=([-_.[:alnum:]]+|([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}|unknown)\[([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}\](:[[:digit:]]{1,5})?,
delay=[[:digit:]]+(\.[[:digit:]]+)?,
delays=([[:digit:]]+(\.[[:digit:]]+)?/){3}[[:digit:]]+(\.[[:digit:]]+)?,
dsn=2\.[[:digit:]]+\.[[:digit:]]+, status=deliverable
\(2[[:digit:]]{2} recipient
<([-_.+=[:alnum:]]+@[-_.[:alnum:]]+|[[:alnum:]]+)> ok\)$
OMG you might say, and rightly so... the generated rules are even
less readable to humans, but this way, I can make sure that e.g. an
IP address is always the same:
"([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}" (which could be even more
refined). This makes rule maintenance far easier IMHO, and also
provides for greater consistency in the rules.
I think I could implement this in logcheck non-intrusively, but I'd
want to hear what people have to say first.
So, any comments?
--
.''`. martin f. krafft <madduck at debian.org>
: :' : proud Debian developer and author: http://debiansystem.info
`. `'`
`- Debian - when you have better things to do than fixing a system
i welcome your constructive criticism and corrections.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060704/04938f7a/attachment.pgp
More information about the Logcheck-devel
mailing list