[Logcheck-devel] Bug#617530: log format changed for postfix/smtpd when using XFORWARD
Markus Treinen
markus at treinen.name
Thu Mar 10 01:13:46 UTC 2011
Package: logcheck-database
Version: 1.3.13
Severity: normal
Tags: patch
Hi,
after examining the code for postfix/smtpd, the following parameters for that
specific log line can be present:
client, sasl_method, sasl_username, sasl_sender, orig_queue_id, orig_client
"client" is always present, the others are added where applicable, but always in the
order explained above.
There have been three different regexps, which can be covered in one.
Please see the attached patch file for details.
Best regards,
Markus
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.32-5-xen-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- no debconf information
-------------- next part --------------
108,110c108
< ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: [[:alnum:]]+: client=[._[:alnum:]-]+\[[[:xdigit:].:]{3,39}\]$
< ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_method=[-[:alnum:]]+, sasl_username=[-_.@[:alnum:]]+$
< ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: [[:alnum:]]+: client=[^[:space:]]+, sasl_sender=.*$
---
> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: [[:alnum:]]+: client=[._[:alnum:]-]+\[[[:xdigit:].:]{3,39}\](, sasl_method=[-[:alnum:]]+)?(, sasl_username=[-_.@[:alnum:]]+)?(, sasl_sender=[^[:space:]]+)?(, orig_queue_id=[[:alnum:]]+)?(, orig_client=[._[:alnum:]-]+\[[[:xdigit:].:]{3,39}\])?$
More information about the Logcheck-devel
mailing list