[Logcheck-commits] CVS logcheck/rulefiles/linux/ignore.d.workstation

CVS User maks-guest logcheck-devel@lists.alioth.debian.org
Sat, 10 Jul 2004 11:35:13 -0600 

Update of /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.workstation
In directory haydn:/tmp/cvs-serv23468/rulefiles/linux/ignore.d.workstation

Modified Files:
	postfix 
Log Message:

lots of new postfix rules, for those who include /var/log/mail.log
tested on a nice logfile (88079 lines).

first run with logcheck 1.2.23:
logcheck -w -t -o -l /var/log/mail.log | wc
  12033  123547 1176331
 
second run with those new rules:
logcheck -w -t -o -l /var/log/mail.log | wc  
    194    2100   27548


--- /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.workstation/postfix	2004/04/19 18:22:05	1.1.1.1
+++ /cvsroot/logcheck/logcheck/rulefiles/linux/ignore.d.workstation/postfix	2004/07/10 17:35:13	1.2
@@ -1,4 +1,17 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/postfix-script: starting the Postfix mail system$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/postfix-script: stopping the Postfix mail system$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/postfix-script: (starting|stopping) the Postfix mail system$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/postfix-script: refreshing the Postfix mail system$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/master\[[0-9]+\]: terminating on signal 15$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/master\[[0-9]+\]: daemon started -- version [.[:alnum:]]+$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/master\[[0-9]+\]: reload configuration$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/virtual\[[0-9]+\]: [[:alnum:]]+: to=[^[:space:]]+, relay=[^[:space:]]+, delay=[0-9]+, status=[[:alnum:]]+ \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/virtual\[[0-9]+\]: [[:alnum:]]+: to=[^[:space:]]+, orig_to=[^[:space:]]+, relay=[^[:space:]]+, delay=[0-9]+, status=[[:alnum:]]+ \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: starting TLS engine$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost connection after (AUTH|CONNECT|DATA|MAIL|RCPT) from unknown\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:before/accept initialization$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:before/accept initialization$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:(error in )?SSL(v2/v3|v3) read client (hello|certificate) (A|B)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:error in SSL(v2/v3|v3) read certificate verify A$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:SSLv3 read client (hello|key exchange) A$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:SSLv3 write (certificate|server hello|key exchange|server done|change cipher spec) A$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:SSLv3 flush data$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: SSL_accept:SSLv3 (read|write) finished A$