Good day everyone, I'm having trouble instructing logcheck to stop sending me mails for a system event that I think is harmless. Some previous additions to the logcheck files for other events seem to have helped, but this time it fails. The event in question is for cyrus (an imap server), e.g.: Apr 20 06:39:58 vanrees cyrus/lmtpd[13926]: DBERROR db3: 2 lockers Sometimes there are more than 2 lockers. According to a FAQ in the cyrus docs this is harmless; the database is apparently not counting correctly. In my case it happens when I get a good bunch of emails sent by rss2email. Nothing seems to go wrong. So let's get rid of this message. The file /etc/logcheck/logcheck.conf has only the following uncommented lines: REPORTLEVEL="server" SENDMAILTO="root" FQDN=1 So if I append some lines to /etc/logcheck/ignore.d.server/cyrus then everything should be fine, right? It might have to be the file cyrus21 which is also present in that directory. This is where those two files come from: # dpkg-query -S /etc/logcheck/ignore.d.server/cyrus logcheck-database: /etc/logcheck/ignore.d.server/cyrus # dpkg-query -S /etc/logcheck/ignore.d.server/cyrus21 cyrus21-common: /etc/logcheck/ignore.d.server/cyrus21 To /etc/logcheck/ignore.d.server/cyrus I added: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9]+ lockers$ And to /etc/logcheck/ignore.d.server/cyrus21 I added: cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9]+ lockers ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9] lockers$ The first line for cyrus21 resembles other lines in that file. The second line resembles lines in cyrus. Anyway, a command line test with echo and egrep seems to indicate that any of these three lines should work just fine. The idea is from /usr/share/doc/logcheck-database/README.logcheck-database.gz vanrees:~# sed -e 's/[[:space:]]*$//' /var/log/syslog | egrep '^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9]+ lockers$' Apr 20 06:39:58 vanrees cyrus/lmtpd[13926]: DBERROR db3: 2 lockers Apr 20 13:39:15 vanrees cyrus/lmtpd[21608]: DBERROR db3: 2 lockers vanrees:~# sed -e 's/[[:space:]]*$//' /var/log/syslog | egrep 'cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9]+ lockers' Apr 20 06:39:58 vanrees cyrus/lmtpd[13926]: DBERROR db3: 2 lockers Apr 20 13:39:15 vanrees cyrus/lmtpd[21608]: DBERROR db3: 2 lockers vanrees:~# sed -e 's/[[:space:]]*$//' /var/log/syslog | egrep '^\w{3} [ :0-9]{11} [._[:alnum:]-]+ cyrus/lmtpd\[[0-9]+\]: DBERROR db3: [0-9] lockers$' Apr 20 06:39:58 vanrees cyrus/lmtpd[13926]: DBERROR db3: 2 lockers Apr 20 13:39:15 vanrees cyrus/lmtpd[21608]: DBERROR db3: 2 lockers But I still receive messages when this DBERROR occurs. Why isn't it working? What am I missing? Something similar is happening with an ssh warning message I think, but let's concentrate on this one. Any help is welcome, thanks. -- Maurits van Rees | http://maurits.vanrees.org/ [Dutch/Nederlands] Public GnuPG key: keyserver.net ID 0x1735C5C2 "Let your advance worrying become advance thinking and planning." - Winston Churchill
Attachment:
signature.asc
Description: Digital signature