[Logcheck-devel] so, about preprocessing... (#376106)

Mon, 03 Jul 2006 15:53:10 -0700 

Hi,

I have been given commit access to logcheck by Todd and I am
definitely inclined to help out with rule maintenance, but I would
like to bring #376106 up onto the table.

I've been playing around with my little Makefile and am really
pleased with it. Instead of cryptic regexps, I can just define rules
like so:

  @LEAD@ @PROC_SMTP@: @QUEUE_ID@: @TO@, [EMAIL PROTECTED]@, @DELAY@,
    @DSNS@, status=deliverable \(@SMTP_SSTATUS@ recipient @EMAIL@
    ok\)@EOL@

which will expand to

  ^[[:upper:]][[:alpha:]]{2} ([[:digit:]]{2}| [[:digit:]])
  ([[:digit:]]{2}:){2}[[:digit:]]{2} seamus
  postfix/smtp\[[[:digit:]]{1,5}\]: (NOQUEUE|[A-F[:digit:]]+):
  to=<([-_.+=[:alnum:[EMAIL PROTECTED]:alnum:]]+|[[:alnum:]]+)>(,
  orig_to=<([-_.+=[:alnum:[EMAIL PROTECTED]:alnum:]]+|[[:alnum:]]+)>)?,
  
relay=([-_.[:alnum:]]+|([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}|unknown)\[([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}\](:[[:digit:]]{1,5})?,
  delay=[[:digit:]]+(\.[[:digit:]]+)?,
  delays=([[:digit:]]+(\.[[:digit:]]+)?/){3}[[:digit:]]+(\.[[:digit:]]+)?,
  dsn=2\.[[:digit:]]+\.[[:digit:]]+, status=deliverable
  \(2[[:digit:]]{2} recipient
  <([-_.+=[:alnum:[EMAIL PROTECTED]:alnum:]]+|[[:alnum:]]+)> ok\)$

OMG you might say, and rightly so... the generated rules are even
less readable to humans, but this way, I can make sure that e.g. an
IP address is always the same:
"([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}" (which could be even more
refined). This makes rule maintenance far easier IMHO, and also
provides for greater consistency in the rules.

I think I could implement this in logcheck non-intrusively, but I'd
want to hear what people have to say first.

So, any comments?

-- 
 .''`.     martin f. krafft <[EMAIL PROTECTED]>
: :'  :    proud Debian developer and author: http://debiansystem.info
`. `'`
  `-  Debian - when you have better things to do than fixing a system
 
i welcome your constructive criticism and corrections.

Attachment: signature.asc
Description: Digital signature (GPG/PGP)

_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel

Reply via email to