1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#265176: logcheck: rules for gps policy daemon with postfix

    From Jamie L. Penman-Smithson@1:229/2 to All on Thu Aug 12 04:10:08 2004
    From: [email protected]

    Package: logcheck
    Version: 1.2.24
    Severity: minor

    If you run the gps policy server with postfix, you end up with a lot of unneeded messages:

    Aug 12 01:15:18 lorien gps[27125]: disconnecting from DB
    Aug 12 01:31:47 lorien gps[27264]: started (ver.: 0.7b built: Jul 14
    2004 14:39:53)
    Aug 12 01:31:47 lorien gps[27264]: ok: 'bounce-debian-user=devnull=[email protected]' -> '[email protected]', '146.82.138.6' (1350, 1695 secs)
    Aug 12 01:37:35 lorien gps[27332]: new: '[email protected]' -> '[email protected]', '82.217.137.112'
    Aug 12 01:46:44 lorien gps[27483]: wl nw: 'spamassassin-users-return-14314-devnull=[email protected]' -> '[email protected]', '209.237.227.': apache.org mailing lists

    The following regexps match the above messages:

    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: disconnecting from DB$
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: started \(ver.:
    [a-z0-9\.]+ built: [A-Za-z]+ [0-9[:space:]]+
    [0-9]{2}:[0-9]{2}:[0-9]{2}\)$

    For the other three rules, this is the closest I could get. Really these
    will probably need to be separate rules:

    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: (ok|new|wl nw): '[[:alnum:][:punct:]]+@[[:alnum:][:punct:]]+'.*$

    Thanks,

    --
    -jamie <[email protected]> | spamtrap: [email protected]
    w: http://www.silverdream.org | p: [email protected]
    pgp key @ http://silverdream.org/~jps/pub.key
    04:30:01 up 2 days, 13:39, 13 users, load average: 2.10, 2.19, 2.31


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.5 (GNU/Linux)

    iD8DBQBBGs3A0mxM1DK1CAsRAnvYAJ9FmBX0p8Jvd34JgkpD0f24LmWkRACfS4dv DY0WLEvyF2qLjXIE6udt8gE=
    =ukrN
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From maks attems@1:229/2 to Jamie L. Penman-Smithson on Fri Aug 13 18:00:11 2004
    From: [email protected]

    --aFi3jz1oiPowsTUB
    Content-Type: text/plain; charset=us-ascii
    Content-Disposition: inline
    Content-Transfer-Encoding: quoted-printable

    tags 265176 pending
    thanks

    On Thu, 12 Aug 2004, Jamie L. Penman-Smithson wrote:

    Package: logcheck
    Version: 1.2.24
    Severity: minor

    If you run the gps policy server with postfix, you end up with a lot of unneeded messages:

    Aug 12 01:15:18 lorien gps[27125]: disconnecting from DB
    Aug 12 01:31:47 lorien gps[27264]: started (ver.: 0.7b built: Jul 14
    2004 14:39:53)
    Aug 12 01:31:47 lorien gps[27264]: ok: 'bounce-debian-user=devnull=[email protected]' -> '[email protected]', '146.82.138.6' (1350, 1695 secs)
    Aug 12 01:37:35 lorien gps[27332]: new: '[email protected]' -> '[email protected]', '82.217.137.112'
    Aug 12 01:46:44 lorien gps[27483]: wl nw: 'spamassassin-users-return-14314-devnull=[email protected]' -> '[email protected]', '209.237.227.': apache.org mailing lists

    The following regexps match the above messages:

    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: disconnecting from DB$ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: started \(ver.:
    [a-z0-9\.]+ built: [A-Za-z]+ [0-9[:space:]]+
    [0-9]{2}:[0-9]{2}:[0-9]{2}\)$

    For the other three rules, this is the closest I could get. Really these
    will probably need to be separate rules:

    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: (ok|new|wl nw): '[[:alnum:][:punct:]]+@[[:alnum:][:punct:]]+'.*$

    Thanks,

    nice bug report,
    i've added the attached rules for next release, please test them?
    1 rule unmodified,
    2 rule uses [[:alpha:]] instead of [a-zA-Z] explanations at ("Writing
    rules"): /usr/share/doc/logcheck-database/README.logcheck-database.gz
    3 rule uses [^[:space:]] to match emails, but fails on above 3 log message
    the ip inside there seems very strange '209.237.227.'

    thanks for a review + test


    --
    maks


    --aFi3jz1oiPowsTUB
    Content-Type: text/plain; charset=us-ascii
    Content-Disposition: attachment; filename=local-gps

    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: disconnecting from DB$
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: started \(ver.: [.[:alnum:]]+ built: \w{3} [0-9]{2} [0-9]{4} [0-9:]{8}\)$
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: (new|ok): '[^[:space:]]+' -> '[^[:space:]]+', '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'.*$

    --aFi3jz1oiPowsTUB--

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFBHOCt6//kSTNjoX0RAtkFAJ9QW5TfzbGAiQkDxCpmYJXZ1fcGxgCfW00A hQULsgqc2GcdIEmmeE9cQP4=
    =rXgT
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Jamie L. Penman-Smithson@1:229/2 to maks attems on Fri Aug 13 22:00:15 2004
    From: [email protected]

    On Fri, 2004-08-13 at 16:39, maks attems wrote:
    nice bug report,
    i've added the attached rules for next release, please test them?

    All the three rules work fine. :)

    3 rule uses [^[:space:]] to match emails, but fails on above 3 log message the ip inside there seems very strange '209.237.227.'

    That's because it's a whitelisted block, 209.237.227. means
    209.237.227.* - that type of address only appears in the wl nw
    (whitelisted network) log messages.

    thanks for a review + test

    Happy to help :)

    -j

    --
    -jamie <[email protected]> | spamtrap: [email protected]
    w: http://www.silverdream.org | p: [email protected]
    pgp key @ http://silverdream.org/~jps/pub.key
    20:30:01 up 1 day, 5:05, 11 users, load average: 0.12, 0.08, 0.06


    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.5 (GNU/Linux)

    iD8DBQBBHRoA0mxM1DK1CAsRAl2WAJ47fAlGyud7UodHRYX1euduom5+FgCgqs97 JTHaYwErm5iTQCp0P3ybHaE=
    =C45V
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From maks attems@1:229/2 to Jamie L. Penman-Smithson on Sat Aug 14 01:30:13 2004
    From: [email protected]

    --XBg9NAhDNArbJUtw
    Content-Type: text/plain; charset=us-ascii
    Content-Disposition: inline
    Content-Transfer-Encoding: quoted-printable

    On Fri, 13 Aug 2004, Jamie L. Penman-Smithson wrote:

    On Fri, 2004-08-13 at 16:39, maks attems wrote:

    That's because it's a whitelisted block, 209.237.227. means
    209.237.227.* - that type of address only appears in the wl nw
    (whitelisted network) log messages.

    ok, made those optional, third rule matches now all listed three types :)
    see attached rules..


    thanks for a review + test

    Happy to help :)

    again great feedback, thanks for the quick help
    a++ maks


    --XBg9NAhDNArbJUtw
    Content-Type: text/plain; charset=us-ascii
    Content-Disposition: attachment; filename=local-gps

    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: disconnecting from DB$
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: started \(ver.: [.[:alnum:]]+ built: \w{3} [0-9]{2} [0-9]{4} [0-9:]{8}\)$
    ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gps\[[0-9]+\]: (new|ok|wl nw): '[^[:space:]]+' -> '[^[:space:]]+', '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.([0-9]{1,3})?'.*$

    --XBg9NAhDNArbJUtw--

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFBHUkP6//kSTNjoX0RAtqYAJ9Ypl+nNr9JFJxj/RmGbNiAmM9njQCdEAg5 Dg07SWySUFmzmM8XFRsEc9w=
    =nmUR
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)