[Logcheck-commits] r1273 - in logcheck/trunk: debian rulefiles/linux/ignore.d.server rulefiles/linux/violations.ignore.d

madduck at users.alioth.debian.org madduck at users.alioth.debian.org
Thu Oct 19 08:41:25 UTC 2006 

Author: madduck
Date: 2006-10-19 08:41:24 +0000 (Thu, 19 Oct 2006)
New Revision: 1273

Modified:
   logcheck/trunk/debian/changelog
   logcheck/trunk/rulefiles/linux/ignore.d.server/postfix
   logcheck/trunk/rulefiles/linux/ignore.d.server/squid
   logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix
Log:
* ignore.d.server/postfix: also ignore bare port 25 in log messages; thanks
  to Bernd Zeimetz (closes: #385001).
* ignore.d.server/squid: ignore informational aioSync messages; thanks to
  Elmar Hoffmann (closes: #385982).
* violations.ignore.d/logcheck-postfix: also filter rejections even if rcpt
  is not yet known; thanks to Micah Anderson (closes: #382442).

Modified: logcheck/trunk/debian/changelog
===================================================================
--- logcheck/trunk/debian/changelog	2006-10-19 08:33:06 UTC (rev 1272)
+++ logcheck/trunk/debian/changelog	2006-10-19 08:41:24 UTC (rev 1273)
@@ -27,8 +27,14 @@
     Marco Nenciarini (closes: #389047).
   * ignore.d.server/postfix: ignore lost connections after any SMTP command;
     thanks to Micah Anderson (closes: #387000).
+  * ignore.d.server/postfix: also ignore bare port 25 in log messages; thanks
+    to Bernd Zeimetz (closes: #385001).
+  * ignore.d.server/squid: ignore informational aioSync messages; thanks to
+    Elmar Hoffmann (closes: #385982).
+  * violations.ignore.d/logcheck-postfix: also filter rejections even if rcpt
+    is not yet known; thanks to Micah Anderson (closes: #382442).
 
- -- martin f. krafft <madduck at debian.org>  Thu, 19 Oct 2006 10:32:31 +0200
+ -- martin f. krafft <madduck at debian.org>  Thu, 19 Oct 2006 10:40:33 +0200
 
 logcheck (1.2.49~unreleased.2) UNRELEASED; urgency=low
 

Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/postfix
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/postfix	2006-10-19 08:33:06 UTC (rev 1272)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/postfix	2006-10-19 08:41:24 UTC (rev 1273)
@@ -69,7 +69,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=[^[:space:]]+,( conn_use=[[:digit:]]+,)? delay=[.0-9]+,( delays=[.0-9/]+, dsn=[0-9.]+,)? status=sent \(250 [0-9.]+ Ok((, id=[-0-9]+, from MTA(\([^[:space:]]+\))?: 250 ([0-9.]+ )?Ok: queued as [0-9A-F]+|, discarded, UBE, id=[-0-9]+))*\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/local\[[0-9]+\]: [[:upper:][:digit:]]+: to=<[^[:space:]]+>,( orig_to=<[^[:space:]]+>,)* relay=local, delay=[0-9]+, status=sent \(delivered to command: exec /usr/bin/procmail\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/policy-spf\[[0-9]+\]: : SPF pass: smtp_comment=.*: [.[:alnum:]]+ MX [.[:alnum:]]+ A [0-9a-f.:]+, header_comment=[.[:alnum:]+: domain of [%[:punct:][:alnum:]]+@[.[:alnum:]]+ designates [0-9a-f.:]{3,39} as permitted sender$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for \(([.[:digit:]]{1,16}:)?(smtp(s)?|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for \(([.[:digit:]]{1,16}:)?(smtp(s)?|25|587):[.[:digit:]]+\) at \w{3} [ :0-9]{11}$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max cache size [[:digit:]]+ at \w{3} [ :0-9]{11}$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: start interval \w{3} [ :0-9]{11}$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/scache\[[0-9]+\]: statistics: (domain|address) lookup hits=[0-9]+ miss=[0-9]+ success=[0-9]+%$

Modified: logcheck/trunk/rulefiles/linux/ignore.d.server/squid
===================================================================
--- logcheck/trunk/rulefiles/linux/ignore.d.server/squid	2006-10-19 08:33:06 UTC (rev 1272)
+++ logcheck/trunk/rulefiles/linux/ignore.d.server/squid	2006-10-19 08:41:24 UTC (rev 1273)
@@ -53,6 +53,8 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: helperOpenServers: Starting [[:digit:]]+ '[-._[:alnum:]]+' processes$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: Cache dir '[/[:alnum:]]+' size remains unchanged at [[:digit:]]+ KB$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: fqdncacheParse: No PTR record for '[.[:digit:]]{7,15}'$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: aioSync: flushing pending I/O operations$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: aioSync: done$
 # squidguard
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: CACHEMGR: <unknown>@127.0.0.1 requesting 'storedir'$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: CACHEMGR: <unknown>@127.0.0.1 requesting 'counters'$

Modified: logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix
===================================================================
--- logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix	2006-10-19 08:33:06 UTC (rev 1272)
+++ logcheck/trunk/rulefiles/linux/violations.ignore.d/logcheck-postfix	2006-10-19 08:41:24 UTC (rev 1273)
@@ -1,6 +1,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [.[:digit:]]+: hostname [^[:space:]]+ verification failed: (Host not found|Host name has no address|Name or service not known|Temporary failure in name resolution)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:alnum:]]+: reject: RCPT from [^[:space:]]+: [0-9]+ Client host rejected: cannot find your hostname, [^[:space:]]+; from=[^[:space:]]+ to=[^[:space:]]+ proto=(ESMTP|SMTP) helo=[^[:space:]]+$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: (Sender|Recipient) address rejected: .+; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: (Sender|Recipient) address rejected: .+; from=<[^[:space:]]*>( to=<[^[:space:]]+>)? proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] <[^[:space:]]+>: Helo command rejected: .+; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [0-9]{3} <[^[:space:]]+>: Relay access denied; from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [[:upper:]0-9]+: reject: RCPT from [^[:space:]]+: [45][0-9][0-9] Service unavailable; Sender address \[[^[:space:]]+\] blocked using [._[:alnum:]-]+;( .*;)? from=<[^[:space:]]*> to=<[^[:space:]]+> proto=(ESMTP|SMTP) helo=<[^[:space:]]+>$

More information about the Logcheck-commits mailing list