|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Need some help with a regex for a logcheck rule ..
|
On Thu, 18 Jan 2007, Mike Leone wrote:
> ^\w{3} [ :0-9]{11} cliff-clavin postfix/smptd\[[0-9]+\]: NOQUEUE: reject:
> RCPT from.$
>
> This will ignore ALL "NOQUEUE: reject:" messages in my mail log, I think.
> Yes?
>
> I guess I should just be ignoring the "Recipient address rejected: Access
> denied;" ones. But I don't know how to phrase that.
How about
Recipient address rejected: Access denied
If you want to match "NOQUEUE: reject:", then just use the regex
NOQUEUE: reject:
I'm not familiar with logcheck's details, but the above should work
just about anywhere. You don't need any special regex characters, as
this is straight string-matching.
Don't match the beginning of the string if you don't need to...but if the
string you are matching for always occurs at the beginning of the line,
definitely use the '^' anchor, as it will typically be faster. (Same goes
for '$' - don't use it if you don't need it (and your above will
probably fail, as the last '.' will match only the first character after
from; any more characters will cause the match to fail, as the end of
the line must follow immediately; you probably meant '.*').
Caveat: I haven't used logcheck, so the above is conjectural.
> Can anybody lend a hand?
HTH,
pls
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|