[Logcheck-devel] Bug#249074: logcheck: can't get line to be ignored (user error?)
David M. Dowdle
ddowdle at leopard.net
Sun May 16 22:50:44 UTC 2004
output from regex as requested:
clouded:/etc/logcheck/violations.ignore.d# egrep '550Blocked by'
/var/log/mail/mail.log | egrep -v -f ~ddowdle/local-sendmail
May 16 07:57:53 clouded sm-mta[16984]: i4GEvqKk016984: ruleset=check_mail,
arg1=<ztaflxhld at mail333.com>, relay=[61.249.2.181], reject=553 5.3.0
<ztaflxhld at mail333.com>... 550Blocked by
http://www.stearns.org/sa-blacklist/
May 16 10:50:46 clouded sm-mta[19218]: i4GHokEu019218: ruleset=check_mail,
arg1=<gbmnhbocgyjd at simcity.zzn.com>, relay=qmailr at external.dragonpaw.org
[216.218.158.6], reject=553 5.3.0 <gbmnhbocgyjd at simcity.zzn.com>...
550Blocked by http://www.stearns.org/sa-blacklist/
May 16 11:54:35 clouded sm-mta[20026]: i4GIsXW7020026: ruleset=check_mail,
arg1=<jbtwy at mail333.com>, relay=[221.160.199.17], reject=553 5.3.0
<jbtwy at mail333.com>... 550Blocked by http://www.stearns.org/sa-blacklist/
May 16 12:38:09 clouded sm-mta[20699]: i4GJc1VW020699: ruleset=check_mail,
arg1=<np.starr_gl at mdnet.com.br>, relay=[211.206.60.119], reject=553 5.3.0
<np.starr_gl at mdnet.com.br>... 550Blocked by
http://www.stearns.org/sa-blacklist/
May 16 12:42:23 clouded sm-mta[20784]: i4GJgGd5020784: ruleset=check_mail,
arg1=<loganadam at quorahe.attractivereport.com>,
relay=subscriber-122.pprovedsavings.com [69.42.111.122] (may be forged),
reject=553 5.3.0 <loganadam at quorahe.attractivereport.com>... 550Blocked by
http://www.stearns.org/sa-blacklist/
May 16 13:22:19 clouded sm-mta[22101]: i4GKMAVG022101: ruleset=check_mail,
arg1=<marion at beingwithout.com>, relay=[202.108.244.35], reject=553 5.3.0
<marion at beingwithout.com>... 550Blocked by
http://www.stearns.org/sa-blacklist/
May 16 13:22:35 clouded sm-mta[22108]: i4GKMTBd022108: ruleset=check_mail,
arg1=<marion at beingwithout.com>, relay=[202.108.244.35], reject=553 5.3.0
<marion at beingwithout.com>... 550Blocked by
http://www.stearns.org/sa-blacklist/
clouded:/etc/logcheck/violations.ignore.d#
On Sat, 15 May 2004, maks attems wrote:
> On Sat, 15 May 2004, maks attems wrote:
>
> > On Fri, 14 May 2004, David M. Dowdle wrote:
> >
> > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: .* 550Blocked by http
> > >
> > > note that last line was added by me. logcheck is running a "server" level
>
> the attached local-sendmail file contains regexes
> tested on your reported log messages.
> i'll be interested at the lines it doesn't catch,
> i assume there will be!
>
> egrep '550Blocked by' /var/log/mail/mail.log | egrep -v -f local-sendmail
>
> please send us the output of aboves line.
> well if it's enormus please scale it down. ;)
> thanks in advance for your feedback
> a++ maks
>
>
>
-------------- next part --------------
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: ruleset=check_mail, arg1=<.*>, relay=[._[:alnum:]-]+ \[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\], reject=[0-9]+ [0-9]\.[0-9]\.[0-9] <.*>\.\.\. [0-9]+Blocked by [._[:alnum:]:/-]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: ruleset=check_relay, arg1=[._[:alnum:]-]+, arg2=[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}, relay=[._[:alnum:]-]+ \[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\], reject=[0-9]+ [0-9]\.[0-9]\.[0-9] [0-9]+Blocked by [._[:alnum:]:/-]+$
More information about the Logcheck-devel
mailing list