[Logwatch-Devel] Proposal/Suggestion for filter REs

logwatch at mikecappella.com logwatch at mikecappella.com
Fri Dec 16 10:30:57 MST 2005


While working on the postfix service patch I just posted, it became clear to
me that the long lists of filter REs have become problematic. With the
various platforms and software versions supported, many logwatch filters
have become excessively long, and filled with historic REs.  Rather than
risk breaking an existing RE, each patch provider adds yet another
almost-like-the-previous RE if-then clause.  Additionally, some patches are
provided by folks a little green in the green RE department, further
bloating the code.

I believe a primary problem is the lack of sample log messages (i.e. sample
input data) for each of the REs.   Without such, it is very difficult and
certainly is error prone for developers to consolidate or modify existing
REs.  Basically, there is no input data available other than that found in
each developers logs.

I would like to propose that sample (sanitized) log entries are provided
with each filter and patches, perhaps as a comment within the if-then
clauses.  The comment should minimally indicate platform, and software
version, something like:

  LOG: Fedora3: Postfix 2.2.6: ... myhost postfix/smtpd[11128]: disconnect
from unknown[]

In the future, this sample data could be used as input to regressions tests,
and perhaps other table-driven filtering mechanisms to simplify the core
filter code.



