Home » Tag

Debian

logcheck Regel Update 3 - Entfernen der Clamav Installation outdated Warnung

Anbei ist das dritte logcheck Regel Update, um folgende drei Zeilen auszufiltern:

Dec 22 06:52:39 server freshclam[358]: WARNING: Your ClamAV installation is OUTDATED!
Dec 22 06:52:39 server freshclam[358]: WARNING: Local version: 0.98.7 Recommended version: 0.99
Dec 22 06:52:39 server freshclam[358]: DON'T PANIC! Read http://www.clamav.net/support/faq

Das Update der Regeln spiegelt folgender Patch wider:

/etc/logcheck/ignore.d.server# git diff
diff --git a/logcheck/ignore.d.server/clamav-freshclam b/logcheck/ignore.d.server/clamav-freshclam
index 2608bd3..47e2cbe 100644
--- a/logcheck/ignore.d.server/clamav-freshclam
+++ b/logcheck/ignore.d.server/clamav-freshclam
@@ -5,3 +5,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: --------------------------------------$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Database updated \([0-9]+ signatures\) from .* \(IP: [0-9.]+\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Downloading daily-[0-9]+.cdiff \[100%\] ?$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: WARNING: Your ClamAV installation is OUTDATED!$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: DON'T PANIC! Read http://www.clamav.net/support/faq$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: WARNING: Local version: [0-9.]+ Recommended version: [0-9.]+$

Vergangene logcheck Regel Updates: #1 #2

Dezember 22, 2015 · 1 Minute

logcheck Regel Update #2

Hier das zweite Update meiner logcheck Regeln. Aktuell nutze ich logcheck 1.3.17 unter Debian GNU/Linux 8.

diff --git a/logcheck/ignore.d.server/amavisd-new b/logcheck/ignore.d.server/amavisd-new
index fb794bd..a6121f3 100644
--- a/logcheck/ignore.d.server/amavisd-new
+++ b/logcheck/ignore.d.server/amavisd-new
@@ -3,5 +3,5 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) NOTICE: Not sending DSN in response to bulk mail from <[^.]*> containing [[:upper:] ]+, mail intentionally dropped$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) INFO: unfolded [[:digit:]]+ illegal all-whitespace continuation lines$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) WARN: address modified \((sender|recipient)\): <[^>]+> -> <[^>]+>$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (BAD-HEADER-[[:digit:]]|UNCHECKED|CLEAN|SPAM(MY)?) {(RelayedInbound|RelayedTaggedInbound|RelayedOpenRelay|RelayedInternal)(,Quarantined)?},( LOCAL)? (\[[.[:digit:]]+\]:[[:digit:]]+ )?(\[[.:[:alnum:]]+\] )?<([._-=@[:alnum:]]+)?> -> <([._-=@[:alnum:]]+)?>,( quarantine: [._-=/@[:alnum:]]+,)? (Queue-ID: [[:alnum:]]+, )?(Message-ID: <.*>, )?mail_id: [-_[:alnum:]]+, Hits: -?[.[:xdigit:]]*, size: [[:digit:]]+, queued_as: [_[:alnum:]]+, [[:digit:]]+ ms$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (BAD-HEADER-[[:digit:]]|UNCHECKED|CLEAN|SPAM(MY)?|UNCHECKED-ENCRYPTED) {(RelayedInbound|RelayedTaggedInbound|RelayedOpenRelay|RelayedInternal)(,Quarantined)?},( LOCAL)? (\[[.[:digit:]]+\]:[[:digit:]]+ )?(\[[.:[:alnum:]]+\] )?<([._-=@[:alnum:]]+)?> -> <([._-=@[:alnum:]]+)?>,( quarantine: [._-=/@[:alnum:]]+,)? (Queue-ID: [[:alnum:]]+, )?(Message-ID: <.*>, )?mail_id: [-_[:alnum:]]+, Hits: -?[.[:xdigit:]]*, size: [[:digit:]]+, queued_as: [_[:alnum:]]+, [[:digit:]]+ ms$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Blocked BANNED \(.*\) {(No)?BouncedInbound,Quarantined}, (\[[.[:digit:]]+\]:[[:digit:]]+ )?(\[[.:[:alnum:]]+\] )?<([._-=@[:alnum:]]+)?> -> <([._-=@[:alnum:]]+)?>, (quarantine: [[:alnum:]]/.*, )?(Queue-ID: [[:alnum:]]+, )?(Message-ID: <[._-$%@[:alnum:]]+>, )?mail_id: [-_[:alnum:]]+, Hits: -?[.[:xdigit:]]*, size: [[:digit:]]+, (queued_as: [_[:alnum:]]+, )?[[:digit:]]+ ms$

diff --git a/logcheck/ignore.d.server/clamav-freshclam b/logcheck/ignore.d.server/clamav-freshclam
index 73df35f..2608bd3 100644
--- a/logcheck/ignore.d.server/clamav-freshclam
+++ b/logcheck/ignore.d.server/clamav-freshclam
@@ -1,6 +1,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: ClamAV update process started at .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Received signal: (wake up|re-opening log file)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (daily|main)\.c(l|v)d (is up to date|updated) \(version: [0-9]+, sigs: [0-9]+, f-level: [0-9]+, builder: \w+\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: (bytecode|daily|main)\.c(l|v)d (is up to date|updated) \(version: [0-9]+, sigs: [0-9]+, f-level: [0-9]+, builder: \w+\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Clamd successfully notified about the update\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: --------------------------------------$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Database updated \([0-9]+ signatures\) from .* \(IP: [0-9.]+\)$

diff --git a/logcheck/ignore.d.server/dovecot b/logcheck/ignore.d.server/dovecot
index 643a4e4..047fb97 100644
--- a/logcheck/ignore.d.server/dovecot
+++ b/logcheck/ignore.d.server/dovecot
@@ -28,4 +28,5 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: (Disconnected|Aborted login)(: Inactivity)? \(
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\): Disconnected
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([-_.@[:alnum:]]+\): sieve: msgid=.*: stored mail into mailbox '[-.[:alnum:]]+'$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([-_.@[:alnum:]]+\): sieve: msgid=.*: marked message to be discarded if not explicitly delivered \(discard action\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth-worker\([-_.[:alnum:]]+\): (pg|my)sql\([.:[:xdigit:]]+\): Connected to database [-_.[:alnum:]]+$

diff --git a/logcheck/ignore.d.server/apache b/logcheck/ignore.d.server/apache
index 9faac7e..040caa2 100644
--- a/logcheck/ignore.d.server/apache
+++ b/logcheck/ignore.d.server/apache
@@ -1 +1,2 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ apache: nss_ldap: reconnect(ing|ed) to LDAP server(\.\.\.| after [0-9]+ attempt\(s\))$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ apache2\[[0-9]+\]: Reloading web server: apache2.$

diff --git a/logcheck/ignore.d.server/rsyslog b/logcheck/ignore.d.server/rsyslog
index 171f20e..594b869 100644
--- a/logcheck/ignore.d.server/rsyslog
+++ b/logcheck/ignore.d.server/rsyslog
@@ -3,3 +3,5 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] start$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] exiting on signal [0-9]+.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd: \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+" x-info="http://www.rsyslog.com"\] rsyslogd was HUPed$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd(-)?[0-9]+: action 'action 17' resumed \(module 'builtin:ompipe'\) \[try http://www.rsyslog.com/e/[0-9]+ \]$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd(-)?[0-9]+: action 'action 17' suspended, next retry is \w{3} \w{3} [ :0-9]{16} \[try http://www.rsyslog.com/e/[0-9]+ \]$

Neu hinzugekommen ist eine Datei für systemd und systemd-login mit dem folgenden Inhalt:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd\[[0-9]+\]: Reload(ed|ing) LSB: Apache2 web server.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd\[[0-9]+\]: Start(ed|ing) Cleanup of Temporary Directories[.]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd\[[0-9]+\]: Start(ed|ing) Session [0-9]+ of user [._[:alnum:]-]+\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd-logind\[[0-9]+\]: New session [0-9]+ of user [._[:alnum:]-]+\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd-logind\[[0-9]+\]: Removed session [0-9]+\.$

Vergangene logcheck Regel Updates: #1

August 9, 2015 · 3 Minuten

Weitere logcheck Regeln für amavisd-new, dovecot und postfix unter Debian Wheezy

Ich habe soeben wieder logcheck in Betrieb genommen und erst einmal die paar folgenden, weiteren Regeln hinzugefügt bzw. bestehende leicht modifiziert.


diff --git a/logcheck/ignore.d.server/amavisd-new b/logcheck/ignore.d.server/amavisd-new
index 2dce777..d0d8743 100644
--- a/logcheck/ignore.d.server/amavisd-new
+++ b/logcheck/ignore.d.server/amavisd-new
@@ -3,3 +3,5 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) NOTICE: Not sending DSN in response to bulk mail from <[^.]*> containing [[:upper:] ]+, mail intentionally dropped$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) INFO: unfolded [[:digit:]]+ illegal all-whitespace continuation lines$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) WARN: address modified \((sender|recipient)\): <[^>]+> -> <[^>]+>$&lt;br />
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Passed (BAD-HEADER-[:digit:]|UNCHECKED|CLEAN|SPAM(MY)?) {(RelayedInbound|RelayedTaggedInbound|RelayedOpenRelay|RelayedInternal)(,Quarantined)?},( LOCAL)? (\[[.[:digit:]]+\]:[[:digit:]]+ )?(\[[.:[:alnum:]]+\] )?<([._-=@[:alnum:]]+)?> -> <([._-=@[:alnum:]]+)?>,( quarantine: [._-=/@[:alnum:]]+,)? (Queue-ID: [[:alnum:]]+, )?(Message-ID: &lt;.*>, )?mail_id: [-_[:alnum:]]+, Hits: -?[.[:xdigit:]]*, size: [[:digit:]]+, queued_as: [_[:alnum:]]+, [[:digit:]]+ ms$&lt;br />
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ amavis\[[[:digit:]]+\]: \([-[:digit:]]+\) Blocked BANNED \(.*\) {(No)?BouncedInbound,Quarantined}, (\[[.[:digit:]]+\]:[[:digit:]]+ )?(\[[.:[:alnum:]]+\] )?<([._-=@[:alnum:]]+)?> -> <([._-=@[:alnum:]]+)?>, (quarantine: [[:alnum:]]/.*, )?(Queue-ID: [[:alnum:]]+, )?(Message-ID: &lt;[._-$%@[:alnum:]]+>, )?mail_id: [-_[:alnum:]]+, Hits: -?[.[:xdigit:]]*, size: [[:digit:]]+, (queued_as: [_[:alnum:]]+, )?[[:digit:]]+ ms$&lt;br />
diff --git a/logcheck/ignore.d.server/dovecot b/logcheck/ignore.d.server/dovecot
index 8f4dcb6..643a4e4 100644
--- a/logcheck/ignore.d.server/dovecot
+++ b/logcheck/ignore.d.server/dovecot
@@ -7,12 +7,13 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_unix\(dovecot:[[:alnum:]]+\): check pass; user unknown$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot-auth: pam_ldap: error trying to bind as user \".*\" \(Invalid credentials\)$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (imap|pop3)-login: Login: [.[:alnum:]@-]+ \[[.:[:xdigit:]]+\]$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \([[:digit:]]+ authentication attempts\))?: (user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Aborted login( \([[:digit:]]+ authentication attempts\))?: (user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: (Disconnected|Aborted login)(: Inactivity)? (\(no auth attempts\):|\(auth failed, [[:digit:]]+ attempts\): user=<[-_.@[:alnum:]]+>, method=PLAIN,|\(aborted authentication\): method=PLAIN,) rip=[.[:digit:]]+, lip=[.[:digit:]]+, (TLS|SSL)(( handshaking)?(: Disconnected)?|: SSL_read\(\) syscall failed: Connection reset by peer)?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: ((Too many invalid commands|Inactivity): )?(user=<[-_.@[:alnum:]]+>, )?(method=[[:alnum:]-]+, )?rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Disconnected: Logged out$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, (TLS( handshake)?|secured))?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: Login: user=<[-_.@[:alnum:]]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+(, mpid=[[:digit:]]+)?(, (TLS( handshake)?|secured))?
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: IMAP\([-_.@[:alnum:]]+\): Connection closed(: Connection reset by peer)?( bytes=[[:digit:]]+/[[:digit:]]+)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\): Connection closed(: Connection reset by peer)?( in=[[:digit:]]+ out=[[:digit:]]+)?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: IMAP\([-_.@[:alnum:]]+\): Disconnected(: Logged out| for inactivity|: Disconnected| in [[:upper:]]+|: Too many invalid IMAP commands\.)?( bytes=[[:digit:]]+/[[:digit:]]+)?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: IMAP\([-_.@[:alnum:]]+\): Fixed index file /[-._/[:alnum:]&#038;]+/dovecot\.index: first_(recent|unseen)_uid_lowwater [[:digit:]]+ -> [[:digit:]]+$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: POP3\([-_.@[:alnum:]]+\): Disconnected(: Logged out| for inactivity|: Disconnected)? top=[[:digit:]]+/[[:digit:]]+, retr=[[:digit:]]+/[[:digit:]]+, del=[[:digit:]]+/[[:digit:]]+, size=[[:digit:]]+$
@@ -22,5 +23,9 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth\([[:alnum:]]+\): client in: CONT<hidden>
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth\([[:alnum:]]+\): client out: CONT[[:space:]]+[[:digit:]]+[[:space:]]+[[:alnum:]]+$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: ssl-build-param: SSL parameters regeneration completed$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: managesieve-login: Login: user=<[._[:alnum:]-]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS( handshake)?|secured)$
-^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: MANAGESIEVE\([._[:alnum:]-]+\): (Connection closed|Disconnected: Logged out)( bytes=[[:digit:]]+/[[:digit:]]+)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: managesieve-login: Login: user=<[._[:alnum:]-]+>, method=[[:alnum:]-]+, rip=[.:[:xdigit:]]+, lip=[.:[:xdigit:]]+, (TLS( handshake)?|secured)
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: managesieve\([._[:alnum:]-]+\): (Connection closed|Disconnected: Logged out)( bytes=[[:digit:]]+/[[:digit:]]+)?$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (pop3|imap)-login: (Disconnected|Aborted login)(: Inactivity)? \(
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: imap\([-_.@[:alnum:]]+\): Disconnected
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: lda\([-_.@[:alnum:]]+\): sieve: msgid=.*: stored mail into mailbox '[-.[:alnum:]]+'$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth-worker\([-_.[:alnum:]]+\): (pg|my)sql\([.:[:xdigit:]]+\): Connected to database [-_.[:alnum:]]+$
diff --git a/logcheck/ignore.d.server/movim b/logcheck/ignore.d.server/movim
new file mode 100644
index 0000000..64eef12
--- /dev/null
+++ b/logcheck/ignore.d.server/movim
@@ -0,0 +1,5 @@
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ movim\[[[:digit:]]+\]: movim.ERROR: Undefined (index|offseti|variable): [[:alnum:]]+ \[\] \[\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ movim\[[[:digit:]]+\]: movim.ERROR: array_key_exists() expects parameter 2 to be array, boolean given \[\] \[\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ movim\[[[:digit:]]+\]: movim.ERROR: Use of undefined constant FAIL_SAFE - assumed 'FAIL_SAFE' \[\] \[\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ movim\[[[:digit:]]+\]: movim.ERROR: Trying to get property of non-object \[\] \[\]$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ movim\[[[:digit:]]+\]: movim.ERROR: Invalid argument supplied for foreach() \[\] \[\]$
diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix
index 7346aec..297771a 100644
--- a/logcheck/ignore.d.server/postfix
+++ b/logcheck/ignore.d.server/postfix
@@ -168,3 +168,4 @@
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/trivial-rewrite\[[[:digit:]]+\]: warning: valid_ipv4_hostaddr: invalid octet count: ?$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: TLS library problem: [[:digit:]]+:error:[[:xdigit:]]+:SSL routines:SSL23_GET_CLIENT_HELLO:(unknown protocol|http request):s23_srvr\.c:[[:digit:]]+:$
 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/verify\[[[:digit:]]+\]: cache [-._[:alnum:]/]+ full cleanup: retained=[[:digit:]]+ dropped=[[:digit:]]+ entries$
+^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ postfix/smtpd\[[[:digit:]]+\]: warning: hostname [-._[:alnum:]]+ does not resolve to address [.[:digit:]]+$

Updated 07.05.14

Updated 08.05.14

Updated 26.05.14

Updated 27.06.14 (also added movim logcheck rules)

Mai 2, 2014 · 4 Minuten

amavis suicide cause of TROUBLE in pre_loop_hook

The last day I got trouble with my amavis. Everything worked fine but after some time the amavis was started it killed itself with the following log messages shown up in /var/log/syslog:

Jul  4 10:31:23 server amavis[9941]: (!!)TROUBLE in pre_loop_hook: db_init: BDB no dbS: __fop_file_setup:  Retry limit (100) exceeded, File exists. at (eval 97) line 309.
Jul  4 10:31:23 server amavis[9941]: (!)_DIE: Suicide () TROUBLE in pre_loop_hook: db_init: BDB no dbS: __fop_file_setup:  Retry limit (100) exceeded, File exists. at (eval 97) line 309.

The solution was pretty easy: Clean up the cache for the database (as root of course):

rm /var/lib/amavis/db/*

That’s it. After the next start of amavis the problem did not occur anymore.

Juli 5, 2013 · 1 Minute

mysql: symbol lookup error: /usr/lib/libmysqlclient.so.16: undefined symbol

Aus bisher unbekannten Gründen trat bei meinem Server* der Fehler im syslog auf:

mysql: symbol lookup error: /usr/lib/libmysqlclient.so.16: undefined symbol: _ZN5yaSSL8HMaC_MD5C1EPKhj, version libmysqlclient_16

Der Fehler trat außerdem bei folgendem Kommando auf:

mysql -u root -p

Ein

aptitude reinstall libmysqlclient16

reparierte das Problem. Puh!

*Debian Squueze

Dezember 18, 2011 · 1 Minute