1

I've setup a mail server using postfix + dovecot + vmm on postgres. But for some reason, my custom logcheck rules are getting ignored in some cases. As en example: 

Feb 23 10:10:36 xxx dovecot: dict: pgsql(127.0.0.1): Connected to database mailsys

My logcheck-ignore rule looks like:

# Connecting to (vmm)-database
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: auth: pgsql\([[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\): Connected to database [[:alnum:]]+$

When I'm running 

 logcheck-test -l /var/log/mail.info -r /etc/logcheck/ignore.d.server/local-dovecot-vmm

the lines are getting printed out, so IMHO logcheck seems to find the lines with the ignore rule. But when running the cron again, it's not ignored. Any hint maybe?

Improve this question

1 Answer 1

Reset to default
1

Your line from the log file and your regex differ in the word after dovecot. Your log has the term dict, but your regex has the term auth instead. So you want to adjust your rule maybe to the following:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dovecot: (dict|auth): pgsql\([[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\): Connected to database [[:alnum:]]+$
Improve this answer
0

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.