[Logcheck-devel] Bug#510832: Updated rules for postfix-policyd

Mon, 05 Jan 2009 00:43:20 -0800 

Package: logcheck-database
Version: 1.2.68~bpo40+2
I created a new ruleset for postfix-policyd (see the attachment). Please consider replacing the old ones. 

for postfix-policyd 2 ignore.d.server files are included.

# dpkg -L logcheck-database | grep policyd
/etc/logcheck/ignore.d.server/policyd
/etc/logcheck/ignore.d.server/postfix-policyd


the actual package name is postfix-policyd. Maybe the "policyd" file can 
be removed?


- Thomas





^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix-policyd: connection from: 
[^[:space:]]+ port: [[:digit:]]+ slots: [[:digit:]]+ of [[:digit:]]+ used ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+, 
greylist=(new|update|optout|abuse), host=[[:digit:].]+ \([._[:alnum:]-]+\), 
from=[^[:space:]]+, to=[^[:space:]]+, size=[/[:digit:]]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+, 
(blacklist|blacklist_sender|blacklist_dnsname)=(block), host=[[:digit:].]+ 
\([._[:alnum:]-]+\), from=[^[:space:]]+, to=[^[:space:]]+, size=[/[:digit:]]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+, 
whitelist_sender=update, host=[[:digit:].]+ \([._[:alnum:]-]+\), 
from=[^[:space:]]+, to=[^[:space:]]+, size=[/[:digit:]]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+, 
throttle=(new\(a\)|clear\(a\)|update\(a\)), host=[[:digit:].]+, 
from=[^[:space:]]+, to=[^[:space:]]+, size=[/[:digit:]]+, quota=[/[:digit:]]+, 
count=[/[:digit:]\(\)]+, rcpt=[/[:digit:]\(\)]+, threshold=[[:digit:]%\|]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+, 
spamtrap=new, host=[[:digit:].]+ \([._[:alnum:]-]+\), from=[^[:space:]]+, 
to=[^[:space:]]+, size=[[:digit:]]+, expire=[[:digit:]]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cleanup: clean up process starting: policyd 
v[[:digit:].]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cleanup: connecting to mysql database:$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cleanup: connected..$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cleanup: expiring 
(validated|unvalidated|helo|trhottlesender|training policies) records older 
than [[:digit:]]+ days \([[:digit:]]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cleanup: expiring throttlesender instances 
older than [[:digit:]]+ hour \([[:digit:]]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cleanup: expired: [[:digit:]]+ records$

_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel





















					Reply via email to