Users of the logcheck tool for monitoring syslog and auth.log ()

headers Ulrich Huber | 24 Jul 2008 12:42

_______________________________________________
Logcheck-users mailing list
Logcheck-users@...
http://lists.alioth.debian.org/mailman/listinfo/logcheck-users
On Thu, 2008-07-24 at 12:42 +0200, Ulrich Huber wrote:
> Hello...
>  
> I still find messages like these in my inbox
>  
>  
>  
> Security Events
> =-=-=-=-=-=-=-=
> Jul 24 10:23:47 mail amavis[1515]: (01515-04) Passed BAD-HEADER,
> [77.45.19.251] <n4vji@...> -> <user <at> domain>, quarantine:
> badh-Ovuc-BN+aDU3, Message-ID: <20071024122614.2732.qmail <at> home>,
> mail_id: Ovuc-BN+aDU3, Hits: -, queued_as: 250 OK id=1KLw6z-0001NF-LO,
> 4542 ms
> 
> I already tried to get rid of them by editing
> violations.ignore.d/logcheck-amavisd-new an inserting the following
> line:
That will only filter out entries created from patterns in
violations.d/logcheck-amavisd-new.  Assuming you have the right pattern,
the trick is putting it in the right place (directory and filename).
See /usr/share/doc/logcheck-database/README.logcheck-database.gz for the
exact rules.

Ross
>  
> ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]:
> \([-[:digit:]]+\) Passed BAD-HEADER, \[[.[:digit:]]{7,15}\]
> \[[.[:digit:]]{7,15}\] <[^>]+> -> <[^>]+>, quarantine:
> badh-([[:alnum:]]+), Message-ID: <[^>]+>, mail_id: \1, Hits: -,
> queued_as: [[:xdigit:]]+, [[:digit:]]+ ms$
> 
> System Events
> =-=-=-=-=-=-=
> Jul 24 10:33:49 mail amavis[1515]: (01515-06) (!) FWD via SMTP:
> <yrieuhnxe@...> -> user <at> domain, 451 4.6.0 Failed, id=01515-06,
> from MTA([127.0.0.1]:10025): 451 Please try again later
> 
> for this, logcheck/ignore.d..server/amavisd.new contains:
>  
> ^w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: +(\([-0-9]+\) +)?
> \(\!\) FWD via SMTP: \<\> \-\> \<[._[:alnum:]-]+\>\, 451 4.6.0 Failed,
> id= \([-[:digit:]]+\)\, from MTA([127.0.0.1]:10025): 451 Please try
> again later$
> ^w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: +(\([-0-9]+\) +)?
> \(\!\) FWD via SMTP: \<\> \-\> \<[._[:alnum:]-]+\>\, 550 4.6.0 Failed,
> id= \([-[:digit:]]+\)\, from MTA([127.0.0.1]:10025): 550 Rejected$
> 
> Where did I make my (usual) mistake ?
>  
> Thanks for help.....
> _______________________________________________
> Logcheck-users mailing list
> Logcheck-users@...
> http://lists.alioth.debian.org/mailman/listinfo/logcheck-users
--

-- 
Ross Boylan                                      wk:  (415) 514-8146
185 Berry St #5700                               ross@...
Dept of Epidemiology and Biostatistics           fax: (415) 514-8150
University of California, San Francisco
San Francisco, CA 94107-1739                     hm:  (415) 550-1062

1	May 2013
1	March 2013
2	February 2013
1	April 2012
1	March 2012
1	December 2011
1	October 2011
3	June 2011
1	May 2011
1	March 2011
1	February 2011
4	January 2011
1	December 2010
2	October 2010
2	August 2010
4	June 2010
2	May 2010
1	April 2010
1	March 2010
2	November 2009
5	October 2009
4	September 2009
11	August 2009
4	July 2009
2	May 2009
6	April 2009
2	March 2009
3	February 2009
5	January 2009
2	December 2008
2	October 2008
1	August 2008
2	July 2008
6	May 2008
4	March 2008
1	February 2008
4	November 2007
2	September 2007
2	July 2007

Any Ideas ?

Re: Any Ideas ?

Mon	Tue	Wed	Thu	Fri	Sat	Sun

	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31