[Logcheck-users] DSPAM rule not functioning ?
Jamie L. Penman-Smithson
lists at silverdream.org
Sat Feb 18 18:06:50 UTC 2006
Hey Michael,
On 18 Feb 2006, at 17:06, Michael Honkoop wrote:
> I'm using DSPAM and are trying to figure out a rule so the
> following events are ignored :
<snip>
> Feb 18 15:14:00 LX02 dspam[2916]: innocent message from 213.247.50.151
> Feb 18 15:43:30 LX02 dspam[2916]: spam detected from 194.109.127.153
>
> In developing a ruleset for both events i came to these expressions :
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dspam\[[0-9]+\]: spam detected
> from [0-9]+\.[0-9]+\.[0-9]+\.[0-9]$
<snip>
> added tthe rules to /etc/logcheck/ignore.d.server with packagename
> dspam
> but it doesn't seem to pick it up..
<snip>
Firstly, if you come across log messages not filtered by logcheck
(not including debug messages), you should either send them to the
logcheck-devel mailing list <logcheck-devel at lists.alioth.debian.org>
or submit them in a bug against logcheck-database in the BTS - that
way everyone benefits.
If you do add local rules that aren't suitable for inclusion in
logcheck (i.e. they are debug messages), you should add them to local-
foo, instead of foo, since local- files will never be overwritten on
upgrade.
Are you sure that logcheck can read your new rules? Make sure that it
is owned by root:logcheck and chmod 0640.
-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-users/attachments/20060218/c37aba75/PGP.pgp
More information about the Logcheck-users
mailing list