-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello+ACE
I am trying to write a regex filter to drop some log entries. Here is
what I currently have, but it doesn't seem to work. If I change the
regex to simply +ACI-192.168.1.2+ACI that does work, but I'm trying to be very
granular and would prefer a more complex regex. Any ideas on what is
wrong with my syntax?
:msg, regex, +ACI-warning: hostname sub.domain.tld does not resolve to address 192.168.1.2+ACI stop
:msg, regex, +ACI-connect from unknown+AFwAWw-11:22:33:44::55+AFwAXQAi stop
:msg, regex, +ACI-connect from unknown+AFwAWw-192.168.1.2+AFwAXQAi stop
Log entries:
Jun 6 21:37:09 toaster postfix/smtpd+AFs-2855+AF0: warning: hostname sub.domain.tld does not resolve to address 11:22:33:44::55
Jun 6 21:37:09 toaster postfix/smtpd+AFs-2855+AF0: connect from unknown+AFs-11:22:33:44::55+AF0
tia,
- -Jim P.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmR/p90ACgkQPcxbabkK
GJ+KuQ/+JFDTg+YOJlfwhjhKH1fF8GNa7YevufCdWqW/Eh6XP2bulZBvaxQ0l4d+
Q4Q2QXVmLV2gx2EOu/JmCT6RDbg7Ke7IEGt+L0yYtVPc2qrEoAb1dUFi3Woa9bbq
V2oTvsn8YjTJUrSgkPQuhsM7MlhhxYxafndNmMuwEEUk54HDNZdMFK/M3oIwy05X
l2xQ8eq1/xfonKfcRhZJnHjOBsmOGIsPOWC9SzQISo0YMcaAhwmLcR5hERsHsLhB
YanOKlmzbPMyS2jfYSQ8j6vrg+41JEIm+zXAPF++V9vjpx4GdKaoYeHxobpsHZKh
2OJvp0g3SCvSPTZou6kLwtTI4BUXEky31NZxt3CyXJhVfGq5hgmp8ZSIyiHvSB4b
unMg9xhEjkjYE3MtkoQfiUbkkt1VjXoqvk5D2r9HqphtVpN78WAIdmidMsRKeETR
WtOXtZcp3ROYGAIvpCH9u78tSSnRgXQhjeDW0qNvutcw6eDeKYdqeYU5jgpPKq8k
4Ex8yIbC/M2jyLsgW/tL1hW8JrfieM01dn/h7L6Wx7itIhlGCZo6oTp5s64bIrLi
OCvkjnto6lrKakYyiYo2AqrGH25Z05pLyjDeMvXqeDFo6z9WTsXRKIpLTpEWvkEH
ySioyjVRz1pMuZ1TstcocXzz0JCWdAg3Uxw6caBp7RcAqsJ4DDY=
=KnsH
-----END PGP SIGNATURE-----
Hash: SHA256
Hello+ACE
I am trying to write a regex filter to drop some log entries. Here is
what I currently have, but it doesn't seem to work. If I change the
regex to simply +ACI-192.168.1.2+ACI that does work, but I'm trying to be very
granular and would prefer a more complex regex. Any ideas on what is
wrong with my syntax?
:msg, regex, +ACI-warning: hostname sub.domain.tld does not resolve to address 192.168.1.2+ACI stop
:msg, regex, +ACI-connect from unknown+AFwAWw-11:22:33:44::55+AFwAXQAi stop
:msg, regex, +ACI-connect from unknown+AFwAWw-192.168.1.2+AFwAXQAi stop
Log entries:
Jun 6 21:37:09 toaster postfix/smtpd+AFs-2855+AF0: warning: hostname sub.domain.tld does not resolve to address 11:22:33:44::55
Jun 6 21:37:09 toaster postfix/smtpd+AFs-2855+AF0: connect from unknown+AFs-11:22:33:44::55+AF0
tia,
- -Jim P.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE3RmV4WutJ2KyCS2zPcxbabkKGJ8FAmR/p90ACgkQPcxbabkK
GJ+KuQ/+JFDTg+YOJlfwhjhKH1fF8GNa7YevufCdWqW/Eh6XP2bulZBvaxQ0l4d+
Q4Q2QXVmLV2gx2EOu/JmCT6RDbg7Ke7IEGt+L0yYtVPc2qrEoAb1dUFi3Woa9bbq
V2oTvsn8YjTJUrSgkPQuhsM7MlhhxYxafndNmMuwEEUk54HDNZdMFK/M3oIwy05X
l2xQ8eq1/xfonKfcRhZJnHjOBsmOGIsPOWC9SzQISo0YMcaAhwmLcR5hERsHsLhB
YanOKlmzbPMyS2jfYSQ8j6vrg+41JEIm+zXAPF++V9vjpx4GdKaoYeHxobpsHZKh
2OJvp0g3SCvSPTZou6kLwtTI4BUXEky31NZxt3CyXJhVfGq5hgmp8ZSIyiHvSB4b
unMg9xhEjkjYE3MtkoQfiUbkkt1VjXoqvk5D2r9HqphtVpN78WAIdmidMsRKeETR
WtOXtZcp3ROYGAIvpCH9u78tSSnRgXQhjeDW0qNvutcw6eDeKYdqeYU5jgpPKq8k
4Ex8yIbC/M2jyLsgW/tL1hW8JrfieM01dn/h7L6Wx7itIhlGCZo6oTp5s64bIrLi
OCvkjnto6lrKakYyiYo2AqrGH25Z05pLyjDeMvXqeDFo6z9WTsXRKIpLTpEWvkEH
ySioyjVRz1pMuZ1TstcocXzz0JCWdAg3Uxw6caBp7RcAqsJ4DDY=
=KnsH
-----END PGP SIGNATURE-----