Package: logcheck-database
Version: 1.2.68~bpo40+2
I created a new ruleset for postfix-policyd (see the attachment). Please
consider replacing the old ones.
for postfix-policyd 2 ignore.d.server files are included.
# dpkg -L logcheck-database | grep policyd
/etc/logcheck/ignore.d.server/policyd
/etc/logcheck/ignore.d.server/postfix-policyd
the actual package name is postfix-policyd. Maybe the "policyd" file can
be removed?
- Thomas
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix-policyd: connection from:
[^[:space:]]+ port: [[:digit:]]+ slots: [[:digit:]]+ of [[:digit:]]+ used ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+,
greylist=(new|update|optout|abuse), host=[[:digit:].]+ \([._[:alnum:]-]+\),
from=[^[:space:]]+, to=[^[:space:]]+, size=[/[:digit:]]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+,
(blacklist|blacklist_sender|blacklist_dnsname)=(block), host=[[:digit:].]+
\([._[:alnum:]-]+\), from=[^[:space:]]+, to=[^[:space:]]+, size=[/[:digit:]]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+,
whitelist_sender=update, host=[[:digit:].]+ \([._[:alnum:]-]+\),
from=[^[:space:]]+, to=[^[:space:]]+, size=[/[:digit:]]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+,
throttle=(new\(a\)|clear\(a\)|update\(a\)), host=[[:digit:].]+,
from=[^[:space:]]+, to=[^[:space:]]+, size=[/[:digit:]]+, quota=[/[:digit:]]+,
count=[/[:digit:]\(\)]+, rcpt=[/[:digit:]\(\)]+, threshold=[[:digit:]%\|]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix-policyd: rcpt=[[:digit:]]+,
spamtrap=new, host=[[:digit:].]+ \([._[:alnum:]-]+\), from=[^[:space:]]+,
to=[^[:space:]]+, size=[[:digit:]]+, expire=[[:digit:]]+ ?$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cleanup: clean up process starting: policyd
v[[:digit:].]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cleanup: connecting to mysql database:$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cleanup: connected..$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cleanup: expiring
(validated|unvalidated|helo|trhottlesender|training policies) records older
than [[:digit:]]+ days \([[:digit:]]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cleanup: expiring throttlesender instances
older than [[:digit:]]+ hour \([[:digit:]]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cleanup: expired: [[:digit:]]+ records$
_______________________________________________
Logcheck-devel mailing list
Logcheck-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel