Package: logcheck-database
Version: 1.2.63
Severity: normal
Currently, violations.ignore.d/logcheck-spamd includes the pattern
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (spamd|check|re(port|voke))\[[0-9]+\]:
(spamd: )?result: [.YN] [ [:digit:]-]+ - ([._[:alnum:],]+
)?scantime=[0-9.]+,size=[0-9]+,(user=[^,]+,uid=[0-9]+,required_score=[0-9.]+,rhost=[._[:alnum:]-]+,raddr=[0-9.]+,rport=[0-9]+,)?mid=(<[^[:space:]]+>|\(unknown\))(rmid=(<[^[:space:]]+>|\(unknown\)),)?,(bayes=[.[:digit:]]+(e-[[:digit:]]+)?,)?autolearn=(ham|spam|no|disabled|unavailable)
*$
This is failing to match for me, since rport is a path name (unix domain
socket). In keeping with your modification in #448510, I propose this
generalization:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (spamd|check|re(port|voke))\[[0-9]+\]:
(spamd: )?result: [.YN] [ [:digit:]-]+ - ([._[:alnum:],]+
)?scantime=[0-9.]+,size=[0-9]+,(user=[^,]+,uid=[0-9]+,required_score=[0-9.]+,rhost=[._[:alnum:]-]+,raddr=[0-9.]+,rport=[/[:alnum:]]+,)?mid=(<[^[:space:]]+>|\(unknown\))(rmid=(<[^[:space:]]+>|\(unknown\)),)?,(bayes=[.[:digit:]]+(e-[[:digit:]]+)?,)?autolearn=(ham|spam|no|disabled|unavailable)
*$
It's the same except for the part after rport. By the way, I'm not
entirely convinced that pattern will match all possible path names,
though it works for me and probably anyone with a standard
installation.
There may be other cases in which the port/socket pattern needs to be
generalized.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (990, 'stable'), (50, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.18-6-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
-- debconf information excluded
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
