[Logcheck-devel] Bug#340226: logcheck does not succeessfully filter postfix/policy-spf or amavis

[Lia Treffman]

Package: logcheck
Version: 1.2.39

I am using Linux smtp 2.6.8-2-686-smp and libc6 2.3.2.ds1-22.

I am running logcheck on a server named smtp, and I would like to filter
all lines in /var/log/syslog matching the following expressions:

Nov 21 19:29:13 smtp postfix/policy-spf[1429]: blah blah blah
Nov 21 19:23:01 smtp amavis[31328]: blah blah blah

I have a file called 'noise':

smtp postfix/policy-spf.*$
smtp amavis.*$

When I run 'grep -f noise /var/log/syslog', I get the expected result. 
For convenience, I have attached 'noise' and 'sample_syslog', which is a
sterilized segment of our /var/log/syslog.

I have tried running logcheck with 'noise' in the following directories:
/etc/logcheck/ignore.d -> ignore.d.server
/etc/logcheck/violations.ignore.d
/etc/logcheck/cracking.ignore.d

I have also tried putting the text of 'noise' in the following files:
/etc/logcheck/ignore.d/postfix or amavis (as appropriate)
/etc/logcheck/violations.ignore.d/logcheck-postfix or logcheck-amavis
(as appropriate)

All of the postfix/policy-spf and amavis records appear in the email. I
have also tried it with the '^\w{3} [ :0-9]{11} [._[:alnum:]-]+' lead-in
to the regex and it doesn't make a difference.

There are other regexes in /etc/logcheck/ignore.d files which also do
not filter as they are supposed to.  However, the postfix/policy-spf and
amavis are the most problematic.

Thank you for your time and assistance in this matter.

Sincerely,

Lia M. Treffman






-- 
Lia Treffman Optivel, Inc. 317-275-2304
Network Systems Developer / DBA Sorcerer's Apprentice ltreffman at optivel.com http://www.optivel.com

-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: logcheck.conf
Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051121/ab64ed4d/attachment.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: sample_syslog
Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051121/ab64ed4d/attachment-0001.txt 
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: noise
Url: http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051121/ab64ed4d/attachment-0002.txt 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20051121/ab64ed4d/attachment.pgp