Good day everyone,
I'm having trouble instructing logcheck to stop sending me mails for a
system event that I think is harmless. Some previous additions to the
logcheck files for other events seem to have helped, but this time it
fails.
The event in question is for cyrus (an imap server), e.g.:
Apr 20 06:39:58 vanrees cyrus/lmtpd[13926]: DBERROR db3: 2 lockers
Sometimes there are more than 2 lockers. According to a FAQ in the
cyrus docs this is harmless; the database is apparently not counting
correctly. In my case it happens when I get a good bunch of emails
sent by rss2email. Nothing seems to go wrong. So let's get rid of this
message.
The file /etc/logcheck/logcheck.conf has only the following
uncommented lines:
REPORTLEVEL="server"
SENDMAILTO="root"
FQDN=1
So if I append some lines to /etc/logcheck/ignore.d.server/cyrus then
everything should be fine, right? It might have to be the file cyrus21
which is also present in that directory. This is where those two files
come from:
# dpkg-query -S /etc/logcheck/ignore.d.server/cyrus
logcheck-database: /etc/logcheck/ignore.d.server/cyrus
# dpkg-query -S /etc/logcheck/ignore.d.server/cyrus21
cyrus21-common: /etc/logcheck/ignore.d.server/cyrus21
To /etc/logcheck/ignore.d.server/cyrus I added:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9]+ lockers$
And to /etc/logcheck/ignore.d.server/cyrus21 I added:
cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9]+ lockers
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9] lockers$
The first line for cyrus21 resembles other lines in that file. The
second line resembles lines in cyrus.
Anyway, a command line test with echo and egrep seems to indicate that
any of these three lines should work just fine. The idea is from
/usr/share/doc/logcheck-database/README.logcheck-database.gz
vanrees:~# sed -e 's/[[:space:]]*$//' /var/log/syslog | egrep '^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9]+ lockers$'
Apr 20 06:39:58 vanrees cyrus/lmtpd[13926]: DBERROR db3: 2 lockers
Apr 20 13:39:15 vanrees cyrus/lmtpd[21608]: DBERROR db3: 2 lockers
vanrees:~# sed -e 's/[[:space:]]*$//' /var/log/syslog | egrep 'cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9]+ lockers'
Apr 20 06:39:58 vanrees cyrus/lmtpd[13926]: DBERROR db3: 2 lockers
Apr 20 13:39:15 vanrees cyrus/lmtpd[21608]: DBERROR db3: 2 lockers
vanrees:~# sed -e 's/[[:space:]]*$//' /var/log/syslog | egrep '^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9] lockers$'
Apr 20 06:39:58 vanrees cyrus/lmtpd[13926]: DBERROR db3: 2 lockers
Apr 20 13:39:15 vanrees cyrus/lmtpd[21608]: DBERROR db3: 2 lockers
But I still receive messages when this DBERROR occurs. Why isn't it
working? What am I missing?
Something similar is happening with an ssh warning message I think,
but let's concentrate on this one.
Any help is welcome, thanks.
--
Maurits van Rees | http://maurits.vanrees.org/ [Dutch/Nederlands]
Public GnuPG key: keyserver.net ID 0x1735C5C2
"Let your advance worrying become advance thinking and planning."
- Winston Churchill
Attachment:
signature.asc
Description: Digital signature