[Logcheck-devel] Bug#377381: logcheck-database: iptables outgoing logs are not ignored, on purpose?

[Filippo Giunchedi]

Package: logcheck-database
Version: 1.2.44
Severity: wishlist

Hi,
in ignore.d.server/kernel only IN rules are ignored but not
OUT ones, is this on purpose? 
If not it is easy to fix however:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: .*IN=[[:alpha:]]+[0-9]+ OUT=[[:alpha:]]+[0-9]+ MAC=[[:alnum:]:]+ SRC=[.0-9]{7,15} DST=[.0-9]{7,15} LEN=[0-9]+ TOS=0x[0-9]+ PREC=0x[0-9]+ TTL=[0-9]+ ID=[0-9]+ (DF )?PROTO=UDP SPT=[0-9]+ DPT=[0-9]+ LEN=[0-9]+$

also I don't get the last two lines of the same file:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: .*IN=[[:alpha:]]+[0-9]+ OUT= MAC=[[:alnum:]:]+ SRC=[[:alnum:]:]+ DST=[[:alnum:]:]+ LEN=[0-9]+ TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=UDP SPT=5353 DPT=5353 LEN=[0-9]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: .*IN=[[:alpha:]]+[0-9]+ OUT= MAC=[[:alnum:]:]+ SRC=[[:alnum:]:]+ DST=[[:alnum:]:]+ LEN=[0-9]+ TC=0 HOPLIMIT=255 FLOWLBL=0 PROTO=UDP SPT=49342 DPT=5353 LEN=[0-9]+$

thanks,
filippo

-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.32
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages logcheck-database depends on:
ii  debconf [debconf-2.0]         1.5.2      Debian configuration management sy

logcheck-database recommends no packages.

-- debconf information:
  logcheck-database/conffile-cleanup: false
  logcheck-database/rules-directories-note:
  logcheck-database/standard-rename-note: