Bug#642467: spampd: Please provide logcheck rules to filter log messages

[Kevin Locke]

Package: spampd
Version: 2.30-22
Severity: wishlist
Tags: patch

Dear Maintainer,

Please consider including logcheck rules for spampd.  In its default
configuration spampd logs messages to syslog for each piece of mail that
is processed, which is a lot of additional messages for logcheck users
to dig through.  It would be nice if these were filtered, to exclude
messages about normal functioning of the program.

I have attached 2 logcheck files that do exactly that.  During
installation, the following files can be installed:

spampd.paranoid.logcheck    =>  /etc/logcheck/ignore.d.paranoid/spampd
spampd.server.logcheck      =>  /etc/logcheck/ignore.d.server/spampd

For more information, see README.Maintainer and README.logcheck-database
in the logcheck documentation.[1]  Of course, feel free to move the
rules around or adjust as you see fit.

Also, the attached rules include matching for the ORCPT command fragment
that appears in the "for ___" statements.  I'm not sure if this is a bug
or intended behavior.  If it's a bug, feel free to remove the ORCPT part
of the regexes and fix spampd to not print it.

Cheers,
Kevin

1.  http://logcheck.org/docs/


-- System Information:
Debian Release: wheezy/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 3.0.4-kevinoid1 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages spampd depends on:
ii  adduser             3.113   
ii  dpkg                1.16.0.3
ii  libnet-server-perl  0.99-2  
ii  lsb-base            3.2-28  
ii  perl                5.12.4-4
ii  spamassassin        3.3.2-2 

spampd recommends no packages.

spampd suggests no packages.

-- Configuration Files:
/etc/spampd.conf [Errno 13] Permission denied: u'/etc/spampd.conf'

-- no debconf information

# Operational messages
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spampd\[[[:digit:]]+\]: (clean 
message|identified spam) (<[^[:space:]]*>|\(unknown\)) 
\(-?[[:digit:].]+/-?[[:digit:].]+\) from (<[^[:space:]]*>|\(unknown\)) for 
(<[^[:space:]]*>([[:space:]]+ORCPT=[^[:space:]]+)?|\(unknown\)) in 
[[:digit:].]+s, [[:digit:]]+ bytes\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spampd\[[[:digit:]]+\]: rules hit for 
(<[^[:space:]]*>|\(unknown\)): 
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spampd\[[[:digit:]]+\]: skipped large 
message \([[:digit:].]+KB\)$

# Startup messages
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spampd\[[[:digit:]]+\]: Binding to TCP 
port [[:digit:]]+ on host [._[:alnum:]-]+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spampd\[[[:digit:]]+\]: Process 
Backgrounded$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spampd\[[[:digit:]]+\]: Setting gid to 
"[[:digit:]]+"$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spampd\[[[:digit:]]+\]: Setting uid to 
"[[:digit:]]+"$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spampd\[[[:digit:]]+\]: 
[[:digit:]/:-]{19} Server closing!$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spampd\[[[:digit:]]+\]: 
[[:digit:]/:-]{19} SpamPD \(type Net::Server::PreForkSimple\) starting! 
pid\([[:digit:]]+\)$

# Operational messages
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spampd\[[[:digit:]]+\]: clean message 
(<[^[:space:]]*>|\(unknown\)) \(-?[[:digit:].]+/-?[[:digit:].]+\) from 
(<[^[:space:]]*>|\(unknown\)) for 
(<[^[:space:]]*>([[:space:]]+ORCPT=[^[:space:]]+)?|\(unknown\)) in 
[[:digit:].]+s, [[:digit:]]+ bytes\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ spampd\[[[:digit:]]+\]: processing 
message (<[^[:space:]]*>|\(unknown\)) for 
(<[^[:space:]]*>([[:space:]]+ORCPT=[^[:space:]]+)?|\(unknown\))$