[Logcheck-devel] Bug#249074: logcheck: can't get line to be ignored (user error?)
David M. Dowdle
ddowdle at clouded.leopard.net
Fri May 14 20:56:17 UTC 2004
Package: logcheck
Version: 1.2.20
Severity: minor
last 2 lines of /etc/logcheck/ignord.d.server/sendmail:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-mta*|sm-msp*)\[[0-9]+\]: [[:alnum:]]+: collect: unexpected
close on connection from (\[[0-9.]+\]|[._[:alnum:]-]+), sender=<[^>]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: .* 550Blocked by http
note that last line was added by me. logcheck is running a "server" level
clouded:/etc/logcheck/ignore.d.server# tail -40 /var/log/mail/mail.log |egrep "^\w{3} [ :0-9]{11}
[._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: .* 550Blocked by http"
May 14 13:42:07 clouded sm-mta[14648]: ruleset=check_relay, arg1=65-57-173-243.forestsavers.com,
arg2=65.57.173.243, relay=65-57-173-243.forestsavers.com [65.57.173.243], reject=553 5.3.0 550Blocked by
http://www.stearns.org/sa-blacklist/
May 14 13:42:11 clouded sm-mta[14649]: ruleset=check_relay, arg1=65-57-173-243.forestsavers.com,
arg2=65.57.173.243, relay=65-57-173-243.forestsavers.com [65.57.173.243], reject=553 5.3.0 550Blocked by
http://www.stearns.org/sa-blacklist/
May 14 13:43:57 clouded sm-mta[14660]: i4EKhvCs014660: ruleset=check_mail,
arg1=<OWNER-NOLIST-DAILY*neopets**rosekitty*-org at sgosvr.com>, relay=smtp106.imgsvr.com [69.8.178.106],
reject=553 5.3.0 <OWNER-NOLIST-DAILY*neopets**rosekitty*-org at sgosvr.com>... 550Blocked by
http://www.stearns.org/sa-blacklist/
my regex appears to function, but these lines still show up in logcheck's security emails (not violations).
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.21
Locale: LANG=C, LC_CTYPE=C
Versions of packages logcheck depends on:
ii adduser 3.53 Add and remove users and groups
ii cron 3.0pl1-83 management of regular background p
ii debconf [debconf 1.4.25 Debian configuration management sy
ii debianutils 2.8.2 Miscellaneous utilities specific t
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logcheck-databas 1.2.20 A database of system log rules for
ii logtail 1.2.20 Returns parts of logfiles that hav
ii mailx 1:8.1.2-0.20031014cvs-2 A simple mail user agent
ii sendmail [mail-t 8.12.11.Final-5 A powerful, efficient, and scalabl
ii sysklogd [system 1.4.1-14 System Logging Daemon
-- debconf information:
* logcheck/noroot:
logcheck/changes:
* logcheck/install-note:
More information about the Logcheck-devel
mailing list