Logcheck syntax

Hello,

I have been testing to filter out some messages in logcheck.
I have added a local.name to /etc/logcheck/ignore.d.server for my own
filters.

The line I want to filter is:

postfix/smtpd[8782]: reject: RCPT from unknown[211.237.92.198]: 554
Service unavailable; [211.237.92.198] blocked using bl.spamcop.net,
reason: Blocked - see http://www.spamcop.net/bl.shtml?211.237.92.198;
from=<fzcqqnewwbnm@front.ru> to=<duncan@olivier.com>

To filter it out I have the following string:

postfix/smtpd\[.*\]: reject: RCPT from .*\[.*\]: 554 Service
unavailable; \[.*\] blocked using bl.spamcop.net, reason: Blocked
- see http://www.spamcop.net/bl.shtml?.*\; from=.* to=.*

When I run grep -f local.name /var/log/mail.log I receive only similar
lines when I do grep -v -f local.name /var/log/mail.log the line is
ignored.

However when logcheck runs the line is not ignored and shows up in the
report. Any clues to why my filter does not work?

Thanks in advance for your help.

Brian

On 10 Aug 2004 06:14:39 -0700, Brian Olivier
<brian@olivier.com> wrote:
> Hello,
>
> I have been testing to filter out some messages in logcheck.
> I have added a local.name to /etc/logcheck/ignore.d.server for my own
> filters.
>
> However when logcheck runs the line is not ignored and shows up in the
> report. Any clues to why my filter does not work?
>
You probably need to put this filter in violations.ignore.d.


--
The truth you speak has no past and no future. It is, and that's all it
needs to be.