[Logcheck-users] DSPAM rule not functioning ?

[Michael Honkoop]

I'm using DSPAM and are trying to figure out a rule so the following events are ignored :

System Events
=-=-=-=-=-=-=
Feb 18 15:14:00 LX02 dspam[2916]: innocent message from 213.247.50.151
Feb 18 15:43:30 LX02 dspam[2916]: spam detected from 194.109.127.153

In developing a ruleset for both events i came to these expressions :

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: spam detected from [0-9]+\.[0-9]+\.[0-9]+\.[0-9]$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: innocent message from [0-9]+\.[0-9]+\.[0-9]+\.[0-9]$

when testing those expressions with : 

egrep "^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: spam detected from [0-9]+\.[0-9]+\.[0-9]+\.[0-9]" /var/log/syslog
and 
egrep "^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: innocent message from [0-9]+\.[0-9]+\.[0-9]+\.[0-9]" /var/log/syslog

both give the correct result when running :

for the 1st expression :

Feb 18 10:17:09 LX02 dspam[2916]: spam detected from 194.109.127.152
Feb 18 14:06:54 LX02 dspam[2916]: spam detected from 194.109.127.153
Feb 18 14:06:54 LX02 dspam[2916]: spam detected from 194.109.127.153
Feb 18 14:10:59 LX02 dspam[2916]: spam detected from 192.25.206.28
Feb 18 14:13:26 LX02 dspam[2916]: spam detected from 192.25.206.28
Feb 18 15:43:30 LX02 dspam[2916]: spam detected from 194.109.127.153
Feb 18 16:04:55 LX02 dspam[2916]: spam detected from 194.109.127.153
Feb 18 17:22:31 LX02 dspam[2916]: spam detected from 194.109.127.153

for the 2nd expression : 

Feb 18 09:45:17 LX02 dspam[2916]: innocent message from 213.247.50.151
Feb 18 10:56:06 LX02 dspam[2916]: innocent message from 213.247.50.151
Feb 18 15:14:00 LX02 dspam[2916]: innocent message from 213.247.50.151

So both should work fine ?

added tthe rules to /etc/logcheck/ignore.d.server with packagename dspam

but it doesn't seem to pick it up..

some light to make it work would be appreciated.

Regards, 

Michael Honkoop