debian/0000755000000000000000000000000011716110771007170 5ustar debian/source/0000755000000000000000000000000011715115761010473 5ustar debian/source/format0000644000000000000000000000001411715115761011701 0ustar 3.0 (quilt) debian/install0000644000000000000000000000004311715110401010543 0ustar debian/config-debian/* etc/tenshi/ debian/compat0000644000000000000000000000000211715110401010353 0ustar 7 debian/postinst0000755000000000000000000000170011715110401010764 0ustar #! /bin/sh # postinst script for tenshi set -e case "$1" in configure) if ! getent passwd tenshi 2>&1 >/dev/null; then # the account doesn't exist... time to create it echo "Adding tenshi system user ..." adduser --quiet --system --group --home /var/lib/tenshi tenshi adduser --quiet tenshi adm chown tenshi:root /var/lib/tenshi elif getent passwd tenshi | grep "/var/run/tenshi" 2>&1 >/dev/null; then # change the user's home directory to /var/lib/tenshi on # previous installations echo "Updating tenshi user's home directory ... " usermod -d /var/lib/tenshi tenshi chown tenshi:root /var/lib/tenshi fi chown tenshi:root /etc/tenshi/tenshi.conf ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # #DEBHELPER# # exit 0 debian/changelog0000644000000000000000000001367011716110731011045 0ustar tenshi (0.13-2) unstable; urgency=low * debian/init: - Removed trailing development statement. -- Ignace Mouzannar Mon, 13 Feb 2012 08:29:43 +0400 tenshi (0.13-1) unstable; urgency=low * New upstream release. * Converted to quilt 3.0 source format. * debian/control: - Bumped Standards-Version to 3.9.2. - Added the "DM-Upload-Allowed" field. - Removed the quilt dependency. * debian/rules: - Removed the quilt argument. * debian/source/format: - Changed to "quilt 3.0". * debian/patches: - 20-manpage.diff: updated to correct new spelling error. * debian/init: - Added Description LSB keyword. - Added status option. -- Ignace Mouzannar Fri, 10 Feb 2012 08:23:24 +0400 tenshi (0.12-1) unstable; urgency=low * New upstream release. * debian/patches: - Refreshed 10-Makefile.diff. - Removed 20-manpage.diff as it is not required anymore. -- Ignace Mouzannar Sun, 06 Mar 2011 13:57:24 +0100 tenshi (0.11-2) unstable; urgency=low * debian/control: - Bumped Standards-Version to 3.9.1. - Added Vcs-Svn and Vcs-Browser. - Set debhelper dependency to (>= 7.0.8) as dh_overrides are not used by debian/rules anymore. * debian/postinst: - Changed tenshi user home directory from /var/run/tenshi to /var/lib/tenshi as files in /var/run are cleared at boot time. This made the package upgrade from lenny to squeeze fail. Thank you Lucas Nussbaum for spotting this issue. (Closes: #605240, #606789) * debian/patches: - 20-manpage.diff: Added typo correction in manpage. * debian/source: - Added format file set to "1.0". * debian/rules: - Removed the dh_installinit override, in order to stop the tenshi script before upgrading the package. This will be applicable during the next upgrade. * debian/preinst: - Added this pre-installation script in order to stop the tenshi daemon before starting the upgrade to the current release. This had to be done as the -R flag was passed to dh_installinit in previous release. * debian/postrm: - Replaced deluser(8) with userdel(8) as adduser package is purged before tenshi. Thank you Hideki Yamane for the patch. -- Ignace Mouzannar Mon, 20 Dec 2010 22:43:12 +0100 tenshi (0.11-1) unstable; urgency=low * New maintainer. (Closes: #549956) * New upstream release. * debian/copyright: - License was changed from GPL to ISC. - Upstream's download URL was updated. * debian/watch: - Corrected the uscan regular expression, to get the latest version number. * debian/rules: - Simplified the rules file using dh7 features. - Added the '-R' option to dh_installinit in order to restart the tenshi service after an upgrade. * debian/control: - Updated debhelper dependency to (>= 7.0.50~). - Added dependency on quilt (>= 0.46-7). - Added dependency on libio-bufferedselect-perl. * debian/patches: - Added 10-Makefile.diff: patches the Makefile correcting the documentation installation path, and preventing unwanted files from installing. - Added 20-manpage.diff: corrects lintian warnings "hyphen-used-as-minus-sign" in tenshi's manpage. * debian/config-debian/tenshi.conf: - Updated the default configuration file using upstream's latest version. * debian/init.d: - Renamed debian/init.d as debian/init. * debian/install: - New file, added to install all the files located in debian/config-debian/* (instead of doing this through debian/rules). * debian/postinst: - Uses getent(1) instead of id(1) to check if user exists. * debian/postrm: - Replaced userdel with deluser (which is part of the adduser package). - Removed the "rm -rf" of /etc/tenshi. * debian/dirs: - Added usr/share/man/man8. -- Ignace Mouzannar Wed, 07 Oct 2009 15:10:28 +0200 tenshi (0.4-2) unstable; urgency=low * Orphan package, set maintainer to Debian QA Group. * Correct init.d script dependencies (Closes: #547562). * Make sure to create /var/run/tenshi/ during boot (Closes: #470691). Patch from Albert Damen and Ubuntu. * Update to debhelper 7. * Change standards-version from 3.6.2.1 to 3.8.3. * Add ${misc:Depends} to depends list to make debhelper happy. * Remove redundant call to update-rc.d in postinst. * Add homepage URL in control file. * Update URL in watch file to use new upstream home site. -- Petter Reinholdtsen Tue, 06 Oct 2009 22:45:34 +0200 tenshi (0.4-1.3) unstable; urgency=low * Non-maintainer upload to hopefully fix the final glitches in former NMUs. It seems that some ugly spell has been sent towards tenshi. * Remove the debian/po directory to avoid the package to appear on the l10n coordination pages -- Christian Perrier Fri, 19 Jan 2007 06:44:21 +0100 tenshi (0.4-1.2) unstable; urgency=low * Non-maintainer upload to really fix the issue fixed in the former NMU * Use dh_installdirs instead of "cp -r" to guarantee that subdirs of /etc/tenshi. This really Closes: #407105 -- Christian Perrier Thu, 18 Jan 2007 14:45:38 +0100 tenshi (0.4-1.1) unstable; urgency=low * Non-maintainer upload to fix an RC bug and longstanding debconf abuse * Include the includes-active in directories created under /etc/tenshi * Remove the debconf note. Closes: #357596 This also removes the need for translations. Sorry to the Czech translator. Closes: #360284 This also fixes the incorrect debconf dependency that was blocking the cdebconf transition. * Lintian fix: - Add a LSB header to the init script -- Christian Perrier Tue, 16 Jan 2007 20:19:50 +0100 tenshi (0.4-1) unstable; urgency=low * Initial release Closes: #268259 -- Tadeusz Pietraszek Tue, 21 Feb 2006 18:41:54 +0200 debian/README.Debian0000644000000000000000000000160211715110401011215 0ustar tenshi for Debian ----------------- You have just installed Tenshi - a log monitoring program. Note that (unlike some other programs) this program will only be useful if it has been customized. You're strongly advised to read the package manual (man 8 tenshi) and edit the main configuration file (/etc/tenshi/tenshi.conf). To facilitate the use of the program, we have split service-specific configu- -ration files into many files located under /etc/tenshi/includes-available which can be activated by linking then into /etc/tenshi/includes-active, e.g.: ln -s ../includes-available/ssh (in /etc/includes-active directory) Currently all files are disabled and the package uses a single "catch-all" rule. You are more than welcome to submit your custom-made configuration include to the package maintainer. Have fun. -- Tadek , Thu, 23 Feb 2006 18:41:54 +0200 debian/rules0000755000000000000000000000006111715116235010245 0ustar #!/usr/bin/make -f # -*- makefile -*- %: dh $@ debian/patches/0000755000000000000000000000000011715111040010604 5ustar debian/patches/10-Makefile.diff0000644000000000000000000000131611715110401013372 0ustar Description: - Corrects the documentation installation path in the Makefile - Removes installation on the following files: INSTALL, LICENSE and Changelog Author: Ignace Mouzannar Last-Update: 2011-03-06 --- a/Makefile +++ b/Makefile @@ -5,11 +5,11 @@ bindir = /usr/sbin sysconfdir = /etc -docdir = /usr/share/doc/tenshi-${VERSION} +docdir = /usr/share/doc/tenshi mandir = /usr/share/man libdir = /var/lib/tenshi -DOCS = README INSTALL CREDITS LICENSE Changelog FAQ +DOCS = README CREDITS FAQ SAMPLES = tenshi.conf tenshi.debian-init tenshi.gentoo-init tenshi.solaris-init tenshi.redhat-init tenshi.suse-init tenshi.redhat-spec tenshi.suse-spec BIN = Makefile tenshi MAN = tenshi.8 debian/patches/series0000644000000000000000000000004111715110401012014 0ustar 10-Makefile.diff 20-manpage.diff debian/patches/20-manpage.diff0000644000000000000000000000350211715111040013265 0ustar Description: Corrects typos and hyphen misuse. Author: Ignace Mouzannar Last-Update: 2011-03-06 --- a/tenshi.8 +++ b/tenshi.8 @@ -36,7 +36,7 @@ The program reads a configuration file .RI ( tenshi.conf ) -and then forks a deamon for monitoring the specified log files. +and then forks a daemon for monitoring the specified log files. .SH OPTIONS .SS @@ -62,7 +62,7 @@ and expects log lines to be fed to standard in. When it receives an EOF it will stop processing. No alerts will be sent in this mode, it is used solely for measuring tenshi's line processing speed. For example: -time $(cat /var/log/messages|tenshi -p > /dev/null) +time $(cat /var/log/messages|tenshi \-p > /dev/null) .TP .I -P Define the file containing the PID of the process, this overrides any 'pidfile' @@ -187,7 +187,7 @@ All valid syslog messages are parsed by default, while non-syslog ones are discarded unless the special .I noprefix -queue is set. This option allows to define an additional valid prefix for watching +queue is set. This option allows one to define an additional valid prefix for watching other type of logs. If the regexp is matched then the prefix is removed from the log and the first grouped string is used for the hostname field. This may be specified multiple times to watch many different non-syslog logs. @@ -511,8 +511,8 @@ It also requires Net::SMTP module for mailing reports, which should be included in your perl installation, and IO::BufferedSelect. If you miss any of them you -can grab them at CPAN (http://www.cpan.org) or using the CPAN shell (`perl -e -shell -MCPAN`). +can grab them at CPAN (http://www.cpan.org) or using the CPAN shell (`perl \-e +shell \-MCPAN`). .SH BUGS Double quotation characters present in your logs might break csv output (depending on how you pipe/process debian/control0000644000000000000000000000246111715115670010600 0ustar Source: tenshi Section: admin Priority: optional Maintainer: Ignace Mouzannar DM-Upload-Allowed: yes Build-Depends: debhelper (>= 7.0.8) Standards-Version: 3.9.2 Vcs-Svn: svn://svn.debian.org/collab-maint/ext-maint/tenshi/trunk/ Vcs-Browser: http://svn.debian.org/viewsvn/collab-maint/ext-maint/tenshi/trunk/ Homepage: http://dev.inversepath.com/trac/tenshi Package: tenshi Architecture: all Depends: ${perl:Depends}, ${misc:Depends}, adduser, libio-bufferedselect-perl Description: log monitoring and reporting tool Tenshi is a log monitoring program, designed to watch one or more log files for lines matching user defined regular expressions and report on the matches. The regular expressions are assigned to queues which have an alert interval and a list of mail recipients. . Queues can be set to send a notification as soon as there is a log line assigned to it, or to send periodic reports. . Additionally, uninteresting fields in the log lines (such as PID numbers) can be masked with the standard regular expression grouping operators ( ). This allows cleaner and more readable reports. All reports are separated by hostname and all messages are condensed when possible. . The program reads a configuration file and then forks a daemon for monitoring the specified log files. debian/dirs0000644000000000000000000000014011715110401010034 0ustar usr/sbin etc/tenshi etc/tenshi/includes-available etc/tenshi/includes-active usr/share/man/man8 debian/manpages0000644000000000000000000000001111715110401010663 0ustar tenshi.8 debian/preinst0000755000000000000000000000076211715110401010574 0ustar #! /bin/sh # preinst script for tenshi set -e case "$1" in install) ;; upgrade) if [ -x "/etc/init.d/tenshi" ]; then if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then invoke-rc.d tenshi stop || exit $? else /etc/init.d/tenshi stop || exit $? fi fi ;; abort-upgrade) ;; *) echo "preinst called with unknown argument '$1'" >&2 exit 1 ;; esac #DEBHELPER# exit 0 debian/postrm0000755000000000000000000000076711715110401010441 0ustar #! /bin/sh # postrm script for tenshi set -e case "$1" in purge) rm -rf /var/lib/tenshi ||true if getent passwd tenshi 2>&1 >/dev/null; then echo -n "Removing tenshi system user.." userdel tenshi echo ".done" fi ;; remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) ;; *) echo "postrm called with unknown argument \`$1'" >&2 exit 1 esac #DEBHELPER# exit 0 debian/docs0000644000000000000000000000002511715110401010025 0ustar debian/README.source debian/README.source0000644000000000000000000000022511715110401011333 0ustar This package uses the quilt patch management solution. For more information about how to use it, please refer to: /usr/share/doc/quilt/README.source debian/copyright0000644000000000000000000000215111715110401011107 0ustar This package was debianized by Tadeusz Pietraszek on Sun, 24 Jul 2005 18:41:54 +0200. It was downloaded from http://dev.inversepath.com/trac/tenshi Upstream Authors: Andrea Barisani Rob Holland Copyrights: Copyright (C) 2004-2009 Andrea Barisani Copyright (C) 2004-2009 Rob Holland License: ISC Permission to use, copy, modify, and distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies. THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. debian/watch0000644000000000000000000000012611715110401010205 0ustar version=3 http://dev.inversepath.com/download/tenshi/tenshi-((?!latest).*)\.tar\.gz debian/init0000755000000000000000000000325411716110771010065 0ustar #!/bin/bash # # Debian configuration file - copied from tenshi.debian-init # ### BEGIN INIT INFO # Provides: tenshi # Required-Start: $remote_fs $syslog # Required-Stop: $remote_fs $syslog # Should-Start: $named $mail-transport-agent # Should-Stop: $named $mail-transport-agent # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: tenshi log monitoring and reporting tool # Description: This script starts/stops the tenshi log monitoring and # reporting tool. ### END INIT INFO PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/tenshi NAME=tenshi PIDDIR=/var/run/$NAME PIDFILE=$PIDDIR/$NAME.pid DAEMONUSER=tenshi test -x $DAEMON || exit 0 . /lib/lsb/init-functions do_start() { # make sure we have our PID directory if [ ! -d $PIDDIR ]; then mkdir -p $PIDDIR chown $DAEMONUSER:$DAEMONUSER $PIDDIR fi start-stop-daemon --start -c tenshi --pidfile $PIDFILE --startas $DAEMON -- -P $PIDFILE } case "$1" in start) echo -n "Starting log monitor: tenshi" do_start echo "." ;; stop) echo -n "Stopping log monitor: tenshi" start-stop-daemon --stop --pidfile $PIDFILE echo "." ;; reload|force-reload) echo -n "Reloading log monitor: tenshi" start-stop-daemon --stop --signal 1 --pidfile $PIDFILE echo "." ;; restart) echo -n "Stopping log monitor: tenshi" start-stop-daemon --stop --pidfile $PIDFILE echo "." sleep 1 echo -n "Starting log monitor: tenshi" do_start echo "." ;; status) status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $? ;; *) echo "Usage: /etc/init.d/tenshi {start|stop|status|restart|reload|force-reload}" >&2 exit 1 ;; esac exit 0 debian/config-debian/0000755000000000000000000000000011715110401011642 5ustar debian/config-debian/tenshi.conf0000644000000000000000000000511711715110401014007 0ustar ## ## tenshi 0.11 sample configuration for Debian ## ## Original file modified by Tadeusz Pietraszek (tadek@pietraszek.org) ## and Ignace Mouzannar ## ## It should work "as is" but might be a bit noisy - modify the file to ## suit your needs. ## ## general settings set uid tenshi set gid tenshi set pidfile /var/run/tenshi/tenshi.pid set logfile /var/log/syslog set logfile /var/log/auth.log #set logfile /var/log/messages # set fifo /var/log/tenshi.fifo # set listen 127.0.0.1:514 ## GNU coreutils # set tail /usr/bin/tail -q --follow=name --retry -n 0 set sleep 5 set limit 800 set pager_limit 2 set mask ___ set mailserver localhost set subject tenshi report set hidepid on ## queues # syntax: set queue [pager:] [] set queue mail tenshi@localhost root@localhost [30 18 * * *] set queue nf tenshi@localhost root@localhost [*/30 * * * *] set queue report tenshi@localhost root@localhost [0 9-17/2 * * *] set queue misc tenshi@localhost root@localhost [0 9-17/2 * * *] set queue critical tenshi@localhost root@localhost [now] tenshi CRITICAL report set queue root tenshi@localhost root@localhost [now] set queue pager tenshi@localhost pager:pager@localhost [now] tenshi alert set queue mobile tenshi@localhost pager:93384@localhost,pager:235953@localhost [now] tenshi alert set queue noprefix tenshi@localhost root@localhost [now] tenshi unprefixed alert ## sample filter # set filter report /usr/bin/gpg --clearsign --batch -a -r root@localhost ## regexp definitions # syntax: [,..] ## note: If you are not using the hidepid option for some reason, the regexps ## below will need to be slightly different, for example: # # mail ^sendmail: (.+): to=(.+),(.+)relay=(.+),(.+)stat=Sent(.+) # would need to be: # mail ^sendmail\[(.*)\]: to=(.+),(.+)relay=(.+),(.+)stat=Sent(.+) # in order to match the sendmail line and mask the PID. repeat ^(?:last message repeated|above message repeats) (\\d+) times? trash ^hub.c trash ^usb.c trash ^uhci.c trash ^sda trash ^Initializing USB trash ^scsi0 : SCSI emulation trash ^Vendor: trash ^Type: trash ^Attached scsi removable trash ^SCSI device sda trash ^sda: Write trash ^/dev/scsi trash ^WARNING: USB trash ^USB Mass Storage trash ^/dev trash ^ISO trash ^floppy0 trash ^end_request trash ^Directory trash ^I/O error: dev 08:(.+), sector critical ^Oops critical ^Linux critical ^init #instead of listing all regexps here, we spearated them in multiple ext. files includedir /etc/tenshi/includes-active #catch everything else here misc .* debian/config-debian/includes-available/0000755000000000000000000000000011715110401015366 5ustar debian/config-debian/includes-available/ssh0000644000000000000000000000223511715110401016110 0ustar ## ## ssh rules include rules ## (c)2005 by Tadeusz Pietraszek (tadek@pietraszek.org) ## ## ## The idea is to have all kinds of messages here, interesting ones ## go to mail/critical/..., uninteresting ones go to trash ## There's also a catch rule for all other ssh stuff ## group ^sshd(?:\(pam_unix\))?: report ^sshd: Did not receive identification string from (.+) report ^sshd: fatal: Timeout before authentication for (.+) #critical ^sshd: Illegal user report ^sshd: Illegal user (.+) from report ^sshd: Connection from (.+) report ^sshd: Connection closed (.+) report ^sshd: Closing connection (.+) report ^sshd: Found matching (.+) key: (.+) report ^sshd: Accepted publickey (.+) report ^sshd: Accepted rsa for (?:.+) from (.+) port (.+) report ^sshd: Accepted keyboard-interactive/pam for (.+) from (.+) port (.+) root ^sshd: \(pam_unix\) session opened for user root by root\(uid=0\) root ^sshd: \(pam_unix\) session opened for user root by \(uid=0\) report ^sshd: \(pam_unix\) session closed for user (.+) report ^sshd: \(pam_unix\) session opened for user (?:.+) report ^sshd: \(pam_unix\) authentication failure; logname= group_end debian/config-debian/includes-available/loginsusudo0000644000000000000000000000163411715110401017670 0ustar ## ## su/login/sudo rules include rules ## (c)2005 by Tadeusz Pietraszek (tadek@pietraszek.org) ## ## ## The idea is to have all kinds of messages here, interesting ones ## go to mail/critical/..., uninteresting ones go to trash ## There's also a catch rule for all other loginsusudo stuff ## group ^login\(pam_unix\): critical ^login\(pam_unix\): session opened for user root by root\(uid=0\) critical ^login\(pam_unix\): session opened for user root by \(uid=0\) report ^login\(pam_unix\): session closed for user (.+) report ^login\(pam_unix\): session opened for user (.+) group_end report ^passwd\(pam_unix\): group ^su: \(pam_unix\) root,report ^su: \(pam_unix\) session opened for user root report ^su: \(pam_unix\) session opened for user (.+) report ^su: \(pam_unix\) session closed for user (.+) group_end group ^su: #catch all su report ^su: group_end critical ^(?:/usr/bin)?sudo: debian/config-debian/includes-available/clamav0000644000000000000000000000074411715110401016561 0ustar ## ## clamsmtpd rules include rules ## (c)2005 by Tadeusz Pietraszek (tadek@pietraszek.org) ## ## ## The idea is to have all kinds of messages here, interesting ones ## go to mail/critical/..., uninteresting ones go to trash ## There's also a catch rule for all other postifx stuff ## group ^clamsmtpd: misc ^clamsmtpd: (.+): accepted connection from: 127.0.0.1 misc ^clamsmtpd: (.+): from=(.+), to=(.+), status=CLEAN misc ^clamsmtpd: (.+): from=(.+), to=(.+), status= group_end debian/config-debian/includes-available/spamd0000644000000000000000000000162511715110401016421 0ustar ## ## spamd (Courier) rules include rules ## (c)2005 by Tadeusz Pietraszek (tadek@pietraszek.org) ## ## ## The idea is to have all kinds of messages here, interesting ones ## go to mail/critical/..., uninteresting ones go to trash ## There's also a catch rule for all other postifx stuff ## group ^spamd: misc ^spamd: spamd starting misc ^spamd: server started on port 783/tcp (running version 3.0.3) misc ^spamd: connection from localhost.localdomain \[127.0.0.1\] at port (.+) misc ^spamd: server successfully spawned child process, pid (.+) misc ^spamd: info: setuid to vmail succeeded misc ^spamd: processing message (.+) for vmail:5000 misc ^spamd: processing message (.+) for vmail:5000 in (.+) seconds, (.+) bytes. misc ^spamd: clean message (.+) for vmail:5000 in (.+) seconds, (.+) bytes. misc ^spamd: identified spam (.+) for vmail:5000 in (.+) seconds, (.+) bytes. misc ^spamd: result: (.+) group_end debian/config-debian/includes-available/postfix0000644000000000000000000000376011715110401017013 0ustar ## ## postfix rules include rules ## (c)2005 by Tadeusz Pietraszek (tadek@pietraszek.org) ## ## ## The idea is to have all kinds of messages here, interesting ones ## go to mail/critical/..., uninteresting ones go to trash ## There's also a catch rule for all other postifx stuff ## group ^postfix #smtpd mail ^postfix/smtpd: (?:connect|disconnect) from (.+) trash ^postfix/smtpd: (.+): client=(.+) mail ^postfix/smtpd: (.+): client=(.+), sasl_method=PLAIN, sasl_username=(?:.+) mail ^postfix/smtpd: NOQUEUE: reject: RCPT from (.+) Relay access denied; (.+) mail ^postfix/smtpd: NOQUEUE: reject: RCPT from (.+) Recipient address rejected: User unknown in virtual mailbox table; (.+) trash ^postfix/smtpd: (?:begin|commit) transaction trash ^postfix/smtpd: sql plugin (.+) trash ^postfix/smtpd: sql auxprop plugin (.+) #smtp mail ^postfix/smtp: connect to (.+): Connection refused \(port 25\) mail ^postfix/smtp: connect to (.+): Connection timed out \(port 25\) mail ^postfix/smtp: (.+): to=(.+), relay=(.+), delay=(.+), status=deferred (.+) mail ^postfix/smtp: (.+): to=(.+), relay=(.+), delay=(.+), status=sent (.+) mail ^postfix/smtp: (.+): to=(.+), orig_to=(.+), relay=(.+), delay=(.+), status=sent (.+) #virtual mail ^postfix/virtual: (.+): to=(?:.+), relay=virtual, delay=(.+), status=sent (.+) mail ^postfix/virtual: (.+): to=(?:.+), orig_to=(.+), relay=virtual, delay=(.+), status=sent (.+) ##qmgr trash ^postfix/qmgr: (.+): removed trash ^postfix/qmgr: (.+) from=(.+), size=(.+), nrcpt=(.+) #cleanup trash ^postfix/cleanup: (.+): message-id=(.+) #local mail ^postifx/local: (.+): to=(?:.+), orig_to=(.+), relay=local, delay=(.+), status=sent (.+) mail ^postifx/local: (.+): to=(?:.+), relay=local, delay=(.+), status=sent (.+) mail ^postfix/local: (.+): to=(?:.+), relay=local, delay=(.+), status=sent \(forwarded as (.+)\) #pipe mail ^postfix/pipe: (.+): to=(?:.+), relay=maildrop, delay=(.+), status=sent (.+) #pickup mail ^postfix/pickup: (.+) uid=(.+) from=(?:.+) #everyting else mail ^postfix/ group_end debian/config-debian/includes-available/cron0000644000000000000000000000207011715110401016251 0ustar ## ## cron include rules ## (c)2005 by Tadeusz Pietraszek (tadek@pietraszek.org) ## ## ## The idea is to have all kinds of messages here, interesting ones ## go to mail/critical/..., uninteresting ones go to trash ## There's also a catch rule for all other cron stuff ## #cron group ^CRON trash ^CRON: \(pam_unix\) session (?:opened|closed) for user (?:www-data|root|postgres) report ^CRON: group_end #also cron (don't know what the difference is group ^/USR/SBIN/CRON trash ^/USR/SBIN/CRON: \(www-data\) CMD \(/usr/local/awstats/awstats_updateall\.pl now -config=awstats -update >/dev/null\) trash ^/USR/SBIN/CRON: \(root\) CMD \( \[ -d /var/lib/php4 \] && find /var/lib/php4/ -type f -cmin \+$\(/usr/lib/php4/maxlifetime\) -print0 | xargs -r -0 rm\) trash ^/USR/SBIN/CRON: \(root\) CMD \( run-parts --report /etc/cron\.(.+)\) trash ^/USR/SBIN/CRON: \(postgres\) CMD \(if ! pidof /usr/lib/postgresql/bin/pg_autovacuum > /dev/null && \[ -x /usr/lib/postgresql/bin/do\.maintenance \]; then /usr/lib/postgresql/bin/do\.maintenance -a; fi\) report ^/USR/SBIN/CRON: group_end debian/config-debian/includes-available/zoneserver0000644000000000000000000000103611715110401017513 0ustar ## ## zoneserver include rules ## (c)2005 by Tadeusz Pietraszek (tadek@pietraszek.org) ## ## ## The idea is to have all kinds of messages here, interesting ones ## go to mail/critical/..., uninteresting ones go to trash ## There's also a catch rule for all other stuff ## #zoneserver group ^zoneserver trash ^zoneserver\.etc_maradns_mararc: Log: Root directory changed trash ^zoneserver\.etc_maradns_mararc: Log: Root privledges dropped trash ^zoneserver\.etc_maradns_mararc: Log: Socket opened on TCP port 53 trash ^zoneserver group_end debian/config-debian/includes-available/imapd-ssl0000644000000000000000000000200311715110401017175 0ustar ## ## imapd-ssl (Courier) rules include rules ## (c)2005 by Tadeusz Pietraszek (tadek@pietraszek.org) ## ## ## The idea is to have all kinds of messages here, interesting ones ## go to mail/critical/..., uninteresting ones go to trash ## There's also a catch rule for all other postifx stuff ## group ^imapd-ssl: mail ^imapd-ssl: (LOGIN|LOGOUT|DISCONNECTED), user=(.+), ip=(.+), protocol=IMAP mail ^imapd-ssl: (LOGIN|LOGOUT|DISCONNECTED), user=(.+), ip=(.+), headers=(.+), body=(.+), time=(.+), starttls=1 mail ^imapd-ssl: Connection, ip=(.+) mail ^imapd-ssl: DISCONNECTED, user=(.+), ip=(.+), protocol=IMAP mail ^imapd-ssl: TIMEOUT, user=(?:.+), ip=(.+), headers=(.+), body=(.+), rcvd=(.+), sent=(.+), time=(.+), starttls=(.+) mail ^imapd-ssl: group_end group ^imaplogin: mail ^imaplogin: Connection, ip=(?:.+) mail ^imaplogin: (LOGIN|LOGOUT|DISCONNECTED), user=(?:.+), ip=(?:.+), protocol=IMAP mail ^imaplogin: (LOGIN|LOGOUT|DISCONNECTED), user=(?:.+), ip=(?:.+), headers=(.+), body=(.+), time=(.+) group_end