### ### Oak config file ### ### ### Options -- See oak man page for a complete list. ### set infile /var/log/messages # These are on by default, but we'll set them anyway. # To turn them off change to "set no nukepid", etc. set nukepid set nukeciscoid set nukesmqid ### ### Define Queues ### define queue immediate-mail # action mail action mail root root "Oak Log Report" fire now locking 10m define queue hourly-mail action mail root root "Oak Hourly Report" fire *1hr header Hourly Message Log define queue daily-mail prescan action mail root root "Oak Daily Report" action-limits 300 100 100 100 fire 00:00 header Daily Message Log define queue immediate-zephyr # action zwrite action zwrite myclass oak * action-limits 25 100 100 10 fire now locking 30m header **** CRITICAL MESSAGE LOG **** define queue hourly-zephyr action zwrite myclass oak * action-limits 25 100 100 10 fire *1hr header Hourly Message Log define queue sendpage #action exec [ ...] action exec pager_program pager_number fire now locking 30m # Queue 'trash' is implicitly defined. Anything queued to trash is ignored. ## ## Define queuing rules ## ## Uses regular expressions. Anything in parens gets turned into "___". ## ########################################################################## ### ### Critical messages first ### on ^sendmail\[(.+)\]: (.+): SYSERR.*: (.+): cannot fork: Not enough memory queues immediate-mail hourly-mail daily-mail on ^sendmail\[(.+)\]: WorkList for .+ maxed out at .+ queues immediate-mail hourly-mail daily-mail on ^unix: WARNING: Sorry, no swap space to grow stack for pid (.+) queues immediate-mail hourly-mail daily-mail on file system full queues immediate-mail hourly-mail daily-mail ### ### Then throw out the garbage ### on ^(.+): -Traceback= .+ queues trash on ^(.+): -Process= .Per-minute Jobs., ipl= (.+), pid= (.+) queues trash on ^(.+): End of MEMD buffer : (.+) queues trash on ^(.+): End of datagram : (.+) queues trash on ^(.+): bufhdr .+ queues trash on ^(.+): %SYS-5-CONFIG_I: Configured from console by (.+) \((.+)\) queues trash on ^(.+): %AT-6-NODEWRONG: .+: AppleTalk node (.+) misconfigured; reply has been broadcast queues trash on ^(.+): %AUTORP-5-MAPPING: RP for .+ is now .+ queues trash on ^(.+): %AT-5-RTMPSTATE: .+: RTMP Path to (.+) via .+ now in Bad state *(.*) queues trash on ^(.+): %AT-5-RTMPSTATE: .+: RTMP Path to (.+) via .+ now in Good state (.*) queues trash on ^dhcpd: Abandoning IP address (.+): declined queues trash on gethostbyaddr: (.*) != (.+) queues trash on ^imapd\[(.+)\]: PROTERR: idle for too long queues trash on ^imapd\[(.+)\]: PROTERR: Connection reset by peer queues trash on ^kshd\[(.+)\]: Executing .* rcp .* for principal (.*) queues trash on ^eklogind\[(.+)\]: ROOT login by (.+) \((.+)\) queues trash on ^eklogind\[(.+)\]: Kerberos authentication failed queues trash on ^Klogind\[(.+)\]: (.*)login by (.+) \((.+) \((.+)\)\) queues trash on ^klogind\[(.+)\]: ROOT login by (.+) \((.+) \((.+)\)\) queues trash on ^klogind\[(.+)\]: User (.+) is not authorized to login to account .+ queues trash on last message repeated .+ time queues trash on ^login\[(.+)\]: ROOT LOGIN .+ queues trash on ^login: ROOT LOGIN (.+) FROM (.+) queues trash on ^named\[(.+)\]: ns_resp: TCP truncated: (.*) .+ queues trash on ^named\[(.+)\]: Broken pipe queues trash on ^named\[(.+)\]: fwritemsg: Broken pipe queues trash on ^newsyslog\[(.+)\]: logfile turned over queues trash on ^ninit\[(.+)\]: named hosed! queues trash on ^ninit\[(.+)\]: ...named restarted. queues trash on ^ninit\[(.+)\]: Named hosed! Restarting... queues trash on ^popper: (.+): \((.+)\) Incorrect network address \(krb_rd_req\) queues trash on ^popper: (.+): \((.+)\) Ticket expired \(krb_rd_req\) queues trash on ^popper: (.+): \((.+)\) Time is out of bounds \(krb_rd_req\) queues trash on ^popper: (.+): \(.*\) Can't decode authenticator \(krb_rd_req\) queues trash on ^popper: (.+): EOF queues trash on ^popper: (.+): \((.+)\) Service expired \(kerberos\) queues trash on ^popper: (.*): timeout waiting for ticket queues trash on ^popper: (.*): timeout waiting for data queues trash on ^popper: (.+): auth failed: (.+) vs (.+) queues trash on ^popper: (.*): \((.*)\) realm not accepted. queues trash on ^popper: (.*): \((.*)\) instance not accepted. queues trash on ^popper: Unable to obtain socket and address of client, err = 57 queues trash on ^popper: (.*): \((.*)\) Generic kerberos error \(kfailure\) queues trash on ^quota\[(.+)\]: IOERROR: opening quota file .+: Permission denied queues trash on ^mail.local: root: wrong owner \(is 1, should be 0\) queues trash on ^sendmail\[(.+)\]: NOQUEUE: SYSERR: .+: line (.+): cannot alias non-local name queues trash on ^sendmail\[(.+)\]: third party call from (.+) at (.+) queues trash on ^sendmail\[(.+)]: NOQUEUE: SYSERR: getrequests: cannot bind: Address already in use queues trash on ^sendmail\[(.+)\]: (.+): collect: premature EOM: Error 0 queues trash on ^sendmail\[(.+)\]: (.+): collect: premature EOM: Connection reset by (.+) queues trash on ^sendmail\[(.+)\]: (.+): SYSERR\(root\): collect: I/O error on connection from queues trash on ^sendmail\[(.+)\]: (.+): SYSERR: prescan: too many tokens queues trash on ^sendmail\[(.+)\]: cannot get connection queues trash on ^sendmail\[(.+)\]: (.+): SYSERR: putoutmsg \((.+)\): error on output channel sending (.*) queues trash on ^sendmail\[(.+)\]: (.+): SYSERR: sendall: too many hops queues trash on ^sendmail\[(.+)\]: (.+): SYSERR.*: Too many hops .+ \(.+ max\): from (.*) queues trash on ^sendmail\[(.+)\]: (.+): (.+): DATA-2 protocol error: 221 Timeout waiting for input queues trash on ^snmpdx: community_check\(\) : bad community from (.+) queues trash on ^snmpdx: session_open\(\) failed for a pdu received from (.+) queues trash on ^snmpdx: Agent snmpd is now OK queues trash on ^syslogd: exiting on signal 15 queues trash on ^tcp_forwarder\[(.+)\]: read: s: Connection reset by peer queues trash on ^tftpd\[(.+)\]: connect from: (.+) queues trash on ^tftpd\[(.+)\]: (.+) requests (.+) queues trash on ^tftpd\[(.+)]\: end session: (.+) queues trash on ^unix: afs: Lost contact with file server (.+) in cell .+ .* queues trash on ^unix: afs: file server (.+) in cell .+ is back up queues trash on ^unix: afs: Lost contact with volume location server (.+) in cell .+ queues trash on ^unix: afs: Waiting for busy volume (.+) \((.*)\) in cell .+ queues trash on ^unix: afs: Waiting for busy volume (.+) in cell .+ queues trash on ^unix: Starting AFS cache scan... queues trash on ^unix: Memory cache: Allocating (.+) dcache entries... queues trash on ^unix: found (.+) non-empty cache files (.+)\. queues trash on ^xntpd\[(.+)\]: time reset \(step\) .+ s queues trash ### ### Everything else ### on ^(.+): %SYS-3-CPUHOG: Task ran for (.+) msec \((.+)\), Process = ARP Input, PC = (.+) queues hourly-mail daily-mail on ^(.+): %CLEAR-5-COUNTERS: Clear counter on interface ATM8/0 by vty0 \((.+)\) queues hourly-mail daily-mail on ^(.+): %LINEPROTO-5-UPDOWN: Line protocol on Interface .*, changed state to (.*) queues hourly-mail daily-mail on ^(.+): %LINK-3-UPDOWN: Interface .*, changed state to (.*) queues hourly-mail daily-mail on ^(.+): %AT-1-NOMEM: Could not allocate memory for pdb at line (.+) in .+ queues hourly-mail daily-mail on ^(.+): -Process= "IP Input", ipl= (.+), pid= (.+) queues hourly-mail daily-mail on ^deliver\[(.+)\]: .+ quota file (.+): No space queues hourly-mail daily-mail on ^deliver\[(.+)\]: .+: unable to record (.+) of (.+) bytes in quota file (.+) queues hourly-mail daily-mail on ^imapd\[(.+)\]: stating header for (.+): No such file or directory queues hourly-mail daily-mail on ^imapd\[(.+)]: .*stating (.+): No such file or directory queues hourly-mail daily-mail on ^pop3d\[(.+)\]: .+: .+ quota file (.+): No space queues hourly-mail daily-mail on ^pop3d\[(.+)\]: .+: unable to record .+ of (.+) bytes in quota (.+) queues hourly-mail daily-mail on ^sendmail\[(.+)\]: SYSERR.*: /usr/local/sendmail/etc/aliases.new: line (.+): readaliases queues hourly-mail daily-mail on ^sendmail\[(.+)\]: (.+): (.+): SMTP DATA-2 protocol error: 501 Badly structu queues hourly-mail daily-mail on ^sendmail\[(.+)\]: (.+): SYSERR(.*): (.+) config error: mail loops back to me queues hourly-mail daily-mail on ^sendmail\[(.+)\]: (.+): SYSERR(.*): deliver: mci=(.+) rcode=(.+) errno=(.+) state=(.+) queues hourly-mail daily-mail on ^sendmail\[(.+)\]: (.+): SYSERR(.*): timeout writing message to (.+) queues hourly-mail daily-mail on ^sendmail\[(.+)\]: (.+): collect: premature EOM: Connection timed out with (.+) queues hourly-mail daily-mail on ^sendmail\[(.+)\]: (.+): SYSERR: Cannot open (.+): No such file or directory queues hourly-mail daily-mail on ^sendmail\[(.+)\]: (.+): SYSERR: (.+): line (.+): readqf: cannot open (.+): No such file or directory queues hourly-mail daily-mail on ^sendmail\[(.+)\]: (.+): SYSERR: putoutmsg \((.+)\): error on output channel sending .* queues hourly-mail daily-mail on ^snmpdx: session_open.. failed for a pdu received from (.+) queues hourly-mail daily-mail on ^unix: afs: volume location server (.+) in cell .+ is back up queues hourly-mail daily-mail on ^unix: afs: Lost contact with file server (.+) in cell .+ queues hourly-mail daily-mail on ^vmunix: afs: Lost contact with file server (.+) in cell .+ queues hourly-mail daily-mail on ^vmunix: afs: file server (.+) in cell .+ is back up queues hourly-mail daily-mail on .* queues hourly-mail daily-mail