Re: logcheck struggle

To: debian-user@lists.debian.org
Subject: Re: logcheck struggle
From: Pim Bliek <pim.bliek@gmail.com>
Date: Thu, 30 Sep 2004 10:42:38 +0200
Message-id: <[🔎] fc1af19c04093001425b65dfe@mail.gmail.com>
Reply-to: Pim Bliek <pim.bliek@gmail.com>
In-reply-to: <[🔎] 20040929233204.GA5604@walnut.gen.nz>
References: <[🔎] fc1af19c040929143568c36968@mail.gmail.com> <[🔎] 20040929233204.GA5604@walnut.gen.nz>

Thanx!

It was too late yesterday LOL. Off course it was smtpd ;). Also, I was
not aware of the extra rules in /etc/logcheck/violations.d! Stupid,
but I did not think of it. I commented out "failed" there and now it
doesn't show anymore! Now let's hope there are no other serious things
with "failed" :). But I had logcheck running for months now and didn't
get any other, so I guess I should be fine.

Thanks a lot for the help!

Pim


On Thu, 30 Sep 2004 11:32:04 +1200, Richard Hector
<richard@walnut.gen.nz> wrote:
> On Wed, Sep 29, 2004 at 11:35:57PM +0200, Pim Bliek wrote:
> > Hi All,
> >
> > I am no regular expression guru, and I am having severe difficulties
> > adjusting logcheck to my needs (on a Sid system).
> >
> > I get the following stuff mailed by logcheck from my syslog which I
> > don't want to see:
> > Sep 29 23:02:02 srv1 postfix/smtpd[29293]: _sasl_plugin_load failed on
> > sasl_auxprop_plug_init for plugin: sql
> > Sep 29 23:02:02 srv1 postfix/smtpd[29293]: sql_select option missing
> > Sep 29 23:02:02 srv1 postfix/smtpd[29293]: auxpropfunc error no
> > mechanism available
> >
> > I created the following rules at the bottom of the postfix file in
> > /etc/ignore.d.server/:
> > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]:
> > _sasl_plugin_load failed on sasl_auxprop_plug_init for plugin: sql$
> > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: sql_select
> > option missing$
> > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]: auxpropfunc
> > error no mechanism available$
> >
> > I got the ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/lmtp\[[0-9]+\]:
> > part from other lines in the same file.
> 
> You're looking for lmtp instead of smtpd - are there other lines you
> could work from instead?
> 
> Also, you may find that the first and last lines will come through
> anyway in the "Possible Security Violations" section, because they
> contain evil words like "fail" and "error" - you'll need to edit other
> files to stop those, but do it carefully - it's easy to just ignore
> everything by mistake.
> 
> Richard
> 
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>

Reply to:

Follow-Ups:
- Re: logcheck struggle
  - From: Richard Hector <richard@walnut.gen.nz>

References:
- logcheck struggle
  - From: Pim Bliek <pim.bliek@gmail.com>
- Re: logcheck struggle
  - From: Richard Hector <richard@walnut.gen.nz>

Prev by Date: Re: can scp continue/resume during transfer data?
Next by Date: sound/mouse weird problem
Previous by thread: Re: logcheck struggle
Next by thread: Re: logcheck struggle
Index(es):
- Date
- Thread