[Logcheck-devel] Bug#249074: logcheck: can't get line to be ignored (user error?)

David M. Dowdle ddowdle at clouded.leopard.net
Fri May 14 20:56:17 UTC 2004 

Package: logcheck
Version: 1.2.20
Severity: minor


last 2 lines of /etc/logcheck/ignord.d.server/sendmail:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-mta*|sm-msp*)\[[0-9]+\]: [[:alnum:]]+: collect: unexpected 
close on connection from (\[[0-9.]+\]|[._[:alnum:]-]+), sender=<[^>]+>$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: .* 550Blocked by http

note that last line was added by me. logcheck is running a "server" level


clouded:/etc/logcheck/ignore.d.server# tail -40 /var/log/mail/mail.log |egrep "^\w{3} [ :0-9]{11} 
[._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: .* 550Blocked by http"
May 14 13:42:07 clouded sm-mta[14648]: ruleset=check_relay, arg1=65-57-173-243.forestsavers.com, 
arg2=65.57.173.243, relay=65-57-173-243.forestsavers.com [65.57.173.243], reject=553 5.3.0 550Blocked by 
http://www.stearns.org/sa-blacklist/
May 14 13:42:11 clouded sm-mta[14649]: ruleset=check_relay, arg1=65-57-173-243.forestsavers.com, 
arg2=65.57.173.243, relay=65-57-173-243.forestsavers.com [65.57.173.243], reject=553 5.3.0 550Blocked by 
http://www.stearns.org/sa-blacklist/
May 14 13:43:57 clouded sm-mta[14660]: i4EKhvCs014660: ruleset=check_mail, 
arg1=<OWNER-NOLIST-DAILY*neopets**rosekitty*-org at sgosvr.com>, relay=smtp106.imgsvr.com [69.8.178.106], 
reject=553 5.3.0 <OWNER-NOLIST-DAILY*neopets**rosekitty*-org at sgosvr.com>... 550Blocked by 
http://www.stearns.org/sa-blacklist/


my regex appears to function, but these lines still show up in logcheck's security emails (not violations).



-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.21
Locale: LANG=C, LC_CTYPE=C

Versions of packages logcheck depends on:
ii  adduser          3.53                    Add and remove users and groups
ii  cron             3.0pl1-83               management of regular background p
ii  debconf [debconf 1.4.25                  Debian configuration management sy
ii  debianutils      2.8.2                   Miscellaneous utilities specific t
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logcheck-databas 1.2.20                  A database of system log rules for
ii  logtail          1.2.20                  Returns parts of logfiles that hav
ii  mailx            1:8.1.2-0.20031014cvs-2 A simple mail user agent
ii  sendmail [mail-t 8.12.11.Final-5         A powerful, efficient, and scalabl
ii  sysklogd [system 1.4.1-14                System Logging Daemon

-- debconf information:
* logcheck/noroot: 
  logcheck/changes: 
* logcheck/install-note:

More information about the Logcheck-devel mailing list