** Description changed:
- Binary package hint: logcheck-database
+ IMPACT: up-to one logcheck email generated every hour (in practice this
+ depends on SMTP traffic), makes logcheck a spam source unless config is
+ fixed locally
- The Hardy logcheck-database /etc/logcheck/ignore.d.server/postfix file has
this:
- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics:
max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.:[:xdigit:]]+)?(smtp(s)?|25|submission|587):[.:[:xdigit:]]+\) at \w{3} [
:0-9]{11}$
+ PROPOSED FIX: fix regular expression to allow for this particular log
+ entry
- But that fails on certain logs, resulting in unnecessary logcheck alerts such
as:
- System Events
- =-=-=-=-=-=-=
- Jul 10 19:48:50 hostname postfix/anvil[8482]: statistics: max
connection count 1 for (smtp:unknown) at Jul 10 19:45:05
+ TESTCASE: egrep -vf /etc/logcheck/ignore.d.server/postfix test-logfile
+ (attached)
- Adding an "|unknown" regex alternation solves the problem:
- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics:
max (message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.:[:xdigit:]]+)?(smtp(s)?|25|submission|587):([.:[:xdigit:]]+|unknown)\) at
\w{3} [ :0-9]{11}$
-
-
- Test run:
-
- ## Original line
- # grep 'statistics: max (' postfix
- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.:[:xdigit:]]+)?(smtp(s)?|25|submission|587):[.:[:xdigit:]]+\) at \w{3} [
:0-9]{11}$
-
- ## Test run
- # su -s /bin/bash -c "/usr/sbin/logcheck -tsol /tmp/logtest" logcheck
- This email is sent by logcheck. If you wish to no-longer receive it,
- you can either deinstall the logcheck package or modify its
- configuration file (/etc/logcheck/logcheck.conf).
-
- System Events
- =-=-=-=-=-=-=
- Jul 10 19:48:50 hostname postfix/anvil[8482]: statistics: max connection
count 1 for (smtp:unknown) at Jul 10 19:45:05
- Jul 10 19:48:50 hostname postfix/anvil[8482]: statistics: max connection
count 1 for (smtp:unknown) at Jul 10 19:45:05
- Jul 10 19:48:50 hostname postfix/anvil[8482]: statistics: max connection
count 1 for (smtp:unknown) at Jul 10 19:45:05
-
- ## Fix it
- # vi postfix
-
- ## Fixed line
- # grep 'statistics: max (' postfix
- ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/anvil\[[0-9]+\]: statistics: max
(message|recipient|connection) (count|rate) [/[:digit:]s]+ for
\(([.:[:xdigit:]]+)?(smtp(s)?|25|submission|587):([.:[:xdigit:]]+|unknown)\) at
\w{3} [ :0-9]{11}$
-
- ## Test run
- # su -s /bin/bash -c "/usr/sbin/logcheck -tsol /tmp/logtest" logcheck
-
- ## Now silent as expected
- #
+ REGRESSION POTENTIAL: low overall; conffile prompt while upgrading if
+ any conffiles need to be merged; regular expression might also still be
+ incomplete/incorrect after update, but that wouldn't really be a
+ regression; this comes from tested latest version of logcheck
** Attachment added: "test-logfile"
https://bugs.launchpad.net/ubuntu/+source/logcheck/+bug/247460/+attachment/2500858/+files/logcheck2
** Changed in: logcheck (Ubuntu Hardy)
Assignee: (unassigned) => Loïc Minier (lool)
** Changed in: logcheck (Ubuntu Hardy)
Status: Triaged => In Progress
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/247460
Title:
[hardy] postfix/anvil[1]: statistics: max connection count 1 for
(smtp:unknown)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/logcheck/+bug/247460/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
