Package: logcheck-database Version: 1.3.15 Severity: wishlist Tags: patch X-Debbugs-CC: r...@ringlet.net
Hello,
After deploying DMA, I found that logcheck is not filtering the typical
notification messages of mail delivery that any mailer daemon generates.
Here is one example of the logcheck message that I received:
System Events
=-=-=-=-=-=-=
Nov 14 00:02:04 localhost dma[100dcb]: new mail from user=logcheck uid=103
envelope_from=<logcheck@localhost>
Nov 14 00:02:04 localhost dma[100dcb]: mail to=<logch...@localnet.com> queued
as 100dcb.7f9b716f3670
Nov 14 00:02:04 localhost dma[100dcb.7f9b716f3670]: trying delivery
Nov 14 00:02:04 localhost dma[100dcb.7f9b716f3670]: using smarthost
(mail.localnet.com:25)
Nov 14 00:02:04 localhost dma[100dcb.7f9b716f3670]: trying remote delivery to
mail.localnet.com [192.168.122.28] pref 0
Nov 14 00:02:09 localhost dma[100dcb.7f9b716f3670]: delivery successful
I successfully filtered all this notification messages with the following rules
# cat /etc/logcheck/ignore.d.server/dma
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dma\[[0-f.]+\]: new mail from
user=[[:alpha:]]+ uid=[0-9]+ envelope_from=<[@._[:alnum:]-]+>$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dma\[[0-f.]+\]: mail
to=<[@._[:alnum:]-]+> queued as [0-f.]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dma\[[0-f.]+\]: trying delivery$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dma\[[0-f.]+\]: using smarthost
\([._[:alnum:]-]+:[0-9]+\)
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dma\[[0-f.]+\]: trying remote delivery
to [._[:alnum:]-]+ \[[0-9.:]+\] pref [0-9]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dma\[[0-f.]+\]: delivery successful$
Please, consider adding such rules to logcheck-database
CC'ing DMA maintainer (Peter Pentchev)
Regards!
signature.asc
Description: OpenPGP digital signature
