Hi, On Thu, Jun 28, 2007 at 01:54:28PM -0700, cls@truffula.sj.ca.us wrote: > I want to use logcheck but it sends way too much > trivia, mostly irrelevant postfix messages. > I've tried adding regexes to > /etc/logcheck/violations.ignore.d/logcheck-postfix violations.ignore.d is for items in the "security" section of the report, so if the lines aren't appearing there then no need. > and /etc/logcheck//etc/logcheck/ignore.d.server/postfix > and they match the messages I want to suppress, > but they come through anyway. Are you 100% sure they match? Have you confirmed this on the command line with your regexp and egrep? Are you 100% sure that some unrelated part of the line is not matching another rule? e.g. I have a host called "admin" and one of the "violations" rules says that any line with "admin" in should go in the potential security violations section. Thus, all syslog messages were reported by logcheck > At this point I want to > just drop all postfix-related messages. > How to find the regular expression which causes > the postfix lines to be *included* in the email barrage? First verify that your rules really do match, to exclude. If so then you can manually use egrep with each file in violations.d and your maillog to see which one makes them appear. Cheers, Andy -- http://bitfolk.com/ -- No-nonsense VPS hosting Encrypted mail welcome - keyid 0x604DE5DB
Attachment:
signature.asc
Description: Digital signature