Bug#267587: [Logcheck-devel] Bug#267587: logcheck-database: Additional rule needed for postfix
maks attems
debian at sternwelten.at
Mon Aug 23 22:08:11 UTC 2004
On Mon, 23 Aug 2004, maks attems wrote:
> On Mon, 23 Aug 2004, Russell Coker wrote:
>
> > Package: logcheck-database
> > Version: 1.2.25
> > Severity: normal
> >
> > postfix/smtpd\[[0-9]+\]: lost connection after (CONNECT|DATA|RCPT|RSET|EHLO|HELO|MAIL) from
> >
> > Please include the above line in the ignore.d/server/postfix file. That
> > catches messages that occur very often on busy Postfix servers.
>
> well there is already quite a similar rule in aboves file:
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost
> connection after (AUTH|CONNECT|DATA|HELO|MAIL|RCPT) from
> unknown\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]$
>
> changed in cvs the unknown to match domainnames:
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost
> connection after (AUTH|CONNECT|DATA|HELO|MAIL|RCPT) from
> [._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]$
ooh i must be sleepy overseen stuff of your proposal,
so that's what's now in cvs:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: lost
connection after (AUTH|CONNECT|DATA|EHLO|HELO|MAIL|RCPT|RSET) from
[._[:alnum:]-]+\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\]$
probably more rules will need that update for busy servers?
do not hesitate to point out?
thanks
--
maks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040824/b690bbcc/attachment.pgp
More information about the Logcheck-devel
mailing list