Major logcheck overhaul:

 * Split local into files by related packages
 * Rename remaining local to misc
 * Split language-specific (only da_DK) into package.lang
 * Sync with entries provided by packages themselves
 * Rename some files overriding (not add) to package.changes
 * Replace [[:digit:]] with the shorter [0-9] everywhere
 * Replace most .* to more specific alternatives everywhere

44 files changed, 192 insertions, 156 deletions

diff --git a/logcheck/ignore.d.server/amavis b/logcheck/ignore.d.server/amavis
new file mode 100644
index 0000000..cd2ce17
--- /dev/null
+++ b/logcheck/ignore.d.server/amavis
@@ -0,0 +1,6 @@
+amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+
+amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[0-9-]+(\.gz)?
+amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT)
+amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+
+amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[^[:space:]]+ <[^[:space:]]+>
+amavis\[[0-9]+\]: warning - MIME::Parser error: unexpected end of header
diff --git a/logcheck/ignore.d.server/anacron b/logcheck/ignore.d.server/anacron
index 21a4347..72bbf05 100644
--- a/logcheck/ignore.d.server/anacron
+++ b/logcheck/ignore.d.server/anacron
@@ -1,7 +1,7 @@
 anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?
 anacron\[[0-9]+\]: Normal exit
-anacron\[[0-9]+\]: Anacron 2.3 started on [[:digit:]-]+
+anacron\[[0-9]+\]: Anacron 2.3 started on [0-9-]+
 anacron\[[0-9]+\]: Will run job `cron.(daily|weekly|monthly)' in (5|10|15) min\.
 anacron\[[0-9]+\]: Jobs will be executed sequentially
 anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' started
-anacron\[[0-9]+\]: Updated timestamp for job `cron.(daily|weekly|monthly)' to [[:digit:]-]+
+anacron\[[0-9]+\]: Updated timestamp for job `cron.(daily|weekly|monthly)' to [0-9-]+
diff --git a/logcheck/ignore.d.server/bind b/logcheck/ignore.d.server/bind
index b2cda22..bbe7936 100644
--- a/logcheck/ignore.d.server/bind
+++ b/logcheck/ignore.d.server/bind
@@ -1,12 +1,10 @@
 named\[[0-9]+\]: .*: query\(.*\) NS points to CNAME \(.*\)
-named\[[0-9]+\]: NSTATS [[:digit:]]+ [[:digit:]]+
+named\[[0-9]+\]: NSTATS [0-9]+ [0-9]+
 named\[[0-9]+\]: .* All possible .* lame
 named\[[0-9]+\]: sysquery: query\(.*\) No possible A RRs
-named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out
 named\[[0-9]+\]: client .*: transfer of '.*': AXFR started
-named\[[0-9]+\]: client [\.[:digit:]]+#[[:digit:]]+: update forwarding denied
 named\[[0-9]+\]: zone .*/IN: transfered serial [0-9]+
 named\[[0-9]+\]: transfer of '.*/IN' from .*: end of transfer
 named\[[0-9]+\]: zone .*/IN: sending notifies \(serial [0-9]+\)
-named\[[0-9]+\]: rcvd NOTIFY\(.*, IN, SOA\) from \[.*\]\.[[:digit:]]+
+named\[[0-9]+\]: rcvd NOTIFY\(.*, IN, SOA\) from \[.*\]\.[0-9]+
 named\[[0-9]+\]: late CNAME in answer section for .*
diff --git a/logcheck/ignore.d.server/bind.tmp b/logcheck/ignore.d.server/bind.tmp
new file mode 100644
index 0000000..4e9cde9
--- /dev/null
+++ b/logcheck/ignore.d.server/bind.tmp
@@ -0,0 +1,2 @@
+named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out
+named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied
diff --git a/logcheck/ignore.d.server/dancer-ircd b/logcheck/ignore.d.server/dancer-ircd
new file mode 100644
index 0000000..97a3614
--- /dev/null
+++ b/logcheck/ignore.d.server/dancer-ircd
@@ -0,0 +1,3 @@
+ircd\[[0-9]+\]: ircd exiting: autodie
+ircd\[[0-9]+\]: Server Ready
+(ircd\[[0-9]+\]: )?binding stream socket [\.[:alnum:]]+\[\*\.666[789]\]: Address already in use
diff --git a/logcheck/ignore.d.server/dhcp-client b/logcheck/ignore.d.server/dhcp-client
new file mode 100644
index 0000000..32b5148
--- /dev/null
+++ b/logcheck/ignore.d.server/dhcp-client
@@ -0,0 +1,4 @@
+dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [0-9]+)?
+dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+
+dhclient(-2.2.x)?: bound to .* -- renewal in [0-9]+ seconds\.
+dhclient(-2.2.x)?: irda0: unknown hardware address type 783
diff --git a/logcheck/ignore.d.server/dhcp3-common b/logcheck/ignore.d.server/dhcp3-common
index 539c430..a272a72 100644
--- a/logcheck/ignore.d.server/dhcp3-common
+++ b/logcheck/ignore.d.server/dhcp3-common
@@ -1,10 +1,6 @@
-dhcpd: Abandoning IP address [\.0-9]+: pinged before offer
-dhcpd: DHCPACK on [\.0-9]+ to .* via
-dhcpd: DHCPDISCOVER from .* via
-dhcpd: DHCPNACK on [\.0-9]+ to .* via
-dhcpd: DHCPOFFER on [\.0-9]+ to .* via
-dhcpd: DHCPREQUEST for .* from .* via
+dhcpd: DHCPACK to [\.0-9]+
 dhcpd: ICMP Echo reply while lease [\.0-9]+ valid.
-dhcpd: Wrote [[:digit:]]+ (leases|deleted host decls|new dynamic host decls) to leases file\.
+dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\.
 dhcpd: accepting packet with data after udp payload.
 dhcpd: ip length 576 disagrees with bytes received 590.
+dhcpd: Abandoning IP address [\.0-9]+: pinged before offer
diff --git a/logcheck/ignore.d.server/hotplug b/logcheck/ignore.d.server/hotplug
index 1c07779..2728667 100644
--- a/logcheck/ignore.d.server/hotplug
+++ b/logcheck/ignore.d.server/hotplug
@@ -1,2 +1,2 @@
-/etc/hotplug/net.agent: invoke if(up|down) ppp[[:digit:]]
-/etc/hotplug/net.agent: assuming ppp[[:digit:]] is already up
+/etc/hotplug/net.agent: invoke if(up|down) ppp[0-9]
+/etc/hotplug/net.agent: assuming ppp[0-9] is already up
diff --git a/logcheck/ignore.d.server/hylafax-server b/logcheck/ignore.d.server/hylafax-server
new file mode 100644
index 0000000..2bd46bd
--- /dev/null
+++ b/logcheck/ignore.d.server/hylafax-server
@@ -0,0 +1,10 @@
+Fax(Getty|Send)\[[0-9]+\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING| ANSWERING| RECEIVING| MODEMWAIT)+
+Fax(Getty|Send)\[[0-9]+\]: MODEM (ROCKWELL|ZYXEL) .*
+FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): from .*, page .* in [0-9]+:[0-9]+, INF, .* line/mm, (1|2)-D MR(, [0-9]+ bit/s)?
+FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): recvq/fax[0-9]+\.tif from .*, route to .*, [0-9]+ pages in [0-9]+:[0-9]+
+FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[0-9]+\.tif" "ttyS[012]" "[0-9]+" ""
+FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake
+FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION
+FaxQueuer\[[0-9]+\]: SUBMIT JOB [0-9]+
+FaxSend\[[0-9]+\]: SEND FAX: JOB [0-9]+ DEST [0-9]+ COMMID [0-9]+
+HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.
diff --git a/logcheck/ignore.d.server/imp b/logcheck/ignore.d.server/imp
new file mode 100644
index 0000000..ec45e7b
--- /dev/null
+++ b/logcheck/ignore.d.server/imp
@@ -0,0 +1 @@
+IMP\[[0-9]+\]: Login .* to .*:143 as .*
diff --git a/logcheck/ignore.d.server/libpam-modules b/logcheck/ignore.d.server/libpam-modules
new file mode 100644
index 0000000..2c3220b
--- /dev/null
+++ b/logcheck/ignore.d.server/libpam-modules
@@ -0,0 +1 @@
+pam_limits\[[0-9]+\]: default limits skipped for 'root'
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
deleted file mode 100644
index 7dfdfa2..0000000
--- a/logcheck/ignore.d.server/local
+++ /dev/null
@@ -1,43 +0,0 @@
-dhcpd.*: DHCPINFORM from [\.[:digit:]]+( via eth.)?
-dhcpd.*: DHCPNACK on [\.[:digit:]]+ to [:[:alnum:]]+( via eth.)?
-dhcpd.*: DHCPRELEASE of .* from .* via
-dhcpd.*: Reclaiming( REQUESTed) abandoned IP address [\.[:digit:]]+
-dhcpd.*: already acking lease
-dhcpd.*: send_packet: Connection refused
-dhcpd.*: fallback_discard: Connection refused
-Fax(Getty|Send)\[[0-9]+\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING| ANSWERING| RECEIVING| MODEMWAIT)+
-Fax(Getty|Send)\[[0-9]+\]: MODEM (ROCKWELL|ZYXEL) .*
-FaxGetty\[[0-9]+\]: RECV FAX \([[:digit:]]+\): from .*, page .* in [[:digit:]]+:[[:digit:]]+, INF, .* line/mm, (1|2)-D MR(, [[:digit:]]+ bit/s)?
-FaxGetty\[[0-9]+\]: RECV FAX \([[:digit:]]+\): recvq/fax[[:digit:]]+\.tif from .*, route to .*, [[:digit:]]+ pages in [[:digit:]]+:[[:digit:]]+
-FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[[:digit:]]+\.tif" "ttyS[012]" "[[:digit:]]+" ""
-FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake
-FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION
-FaxQueuer\[[0-9]+\]: SUBMIT JOB [[:digit:]]+
-FaxSend\[[0-9]+\]: SEND FAX: JOB [[:digit:]]+ DEST [[:digit:]]+ COMMID [[:digit:]]+
-gnu-imap4d\[[0-9]+\]: Incoming connection opened
-gnu-imap4d\[[0-9]+\]: connect from [\.[:digit:]]+
-gnu-imap4d\[[0-9]+\]: User '[[:alnum:]]+' logged in
-gnu-imap4d\[[0-9]+\]: Session timed out for user: [[:alnum:]]+
-gnu-imap4d\[[0-9]+\]: got signal Alarm clock
-HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.
-ircd\[[0-9]+\]: ircd exiting: autodie
-ircd\[[0-9]+\]: Server Ready
-(ircd\[[0-9]+\]: )?binding stream socket [\.[:alnum:]]+\[\*\.666[789]\]: Address already in use
-IMP\[[0-9]+\]: Login .* to .*:143 as .*
-kernel: isdn_net: call from [,[:digit:]]+ -> [[:digit:]]+
-kernel: isdn_net: Service-Indicator not [[:digit:]], ignored
-kernel: Packet log: input DENY eth[[:digit:]]+ PROTO=17 .*:(137|138) .*:(137|138) L=[[:digit:]]+ S=0x00 I=[[:digit:]]+ F=0x0000 T=[[:digit:]]+ \(#[[:digit:]]+\)
-ntpd\[[0-9]+\]: kern_enable is 1
-ntpd\[[0-9]+\]: kernel time discipline status 0040
-ntpd\[[0-9]+\]: ntpd 4\.[01]\..* \([12]\)
-ntpd\[[0-9]+\]: precision = [[:digit:]]+ usec
-ntpd\[[0-9]+\]: signal_no_reset: signal 13 had flags [[:digit:]]+
-ntpd\[[0-9]+\]: using kernel phase-lock loop [[:digit:]]+
-pam_limits\[[0-9]+\]: default limits skipped for 'root'
-pop-before-smtp\[[0-9]+\]: (opening|closing) relay for [\.[:digit:]]+( --- not in mynetworks)?
-su\[[0-9]+\]: \+ pts/[[:digit:]]+ .*-root
-printer: peripheral low-power state
-printer: paper out
-printer: error cleared
-printer: powered up
-printer: ready to print
diff --git a/logcheck/ignore.d.server/mailutils-imap4d b/logcheck/ignore.d.server/mailutils-imap4d
new file mode 100644
index 0000000..7e61a9c
--- /dev/null
+++ b/logcheck/ignore.d.server/mailutils-imap4d
@@ -0,0 +1,5 @@
+gnu-imap4d\[[0-9]+\]: Incoming connection opened
+gnu-imap4d\[[0-9]+\]: connect from [\.0-9]+
+gnu-imap4d\[[0-9]+\]: User '[[:alnum:]]+' logged in
+gnu-imap4d\[[0-9]+\]: Session timed out for user: [[:alnum:]]+
+gnu-imap4d\[[0-9]+\]: got signal Alarm clock
diff --git a/logcheck/ignore.d.server/misc b/logcheck/ignore.d.server/misc
new file mode 100644
index 0000000..c090503
--- /dev/null
+++ b/logcheck/ignore.d.server/misc
@@ -0,0 +1,10 @@
+# Figure out if these belong to dhcp or dhcp3-common (or dhclient?)
+dhcpd.*: Reclaiming( REQUESTed) abandoned IP address [\.0-9]+
+dhcpd.*: already acking lease
+dhcpd.*: send_packet: Connection refused
+dhcpd.*: fallback_discard: Connection refused
+# These show up when isdnutils is installed, but isn't strictly related to those packages
+kernel: isdn_net: call from [,0-9]+ -> [0-9]+
+kernel: isdn_net: Service-Indicator not [0-9], ignored
+# This one shows up with firewalls blocking SMB ports non-silently
+kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:(137|138) .*:(137|138) L=[0-9]+ S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\)
diff --git a/logcheck/ignore.d.server/murasaki b/logcheck/ignore.d.server/murasaki
index 6d99073..0b2a1c4 100644
--- a/logcheck/ignore.d.server/murasaki
+++ b/logcheck/ignore.d.server/murasaki
@@ -3,5 +3,5 @@ murasaki\.(usb|net)\[[0-9]+\]: try expanding "\[net\]"
 murasaki\.(usb|net)\[[0-9]+\]: dependent\(net\) is found
 murasaki\.(usb|net)\[[0-9]+\]: net device is (added|removed|(un)?register(e)?d)
 murasaki\.(usb|net)\[[0-9]+\]: Execuing "net" "(stop|start)"
-murasaki\.(usb|net)\[[0-9]+\]: execute if(up|down) (eth|(i)?ppp|irda)[[:digit:]]
+murasaki\.(usb|net)\[[0-9]+\]: execute if(up|down) (eth|(i)?ppp|irda)[0-9]
 murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[:alnum:]]+ product:[[:alnum:]]+ Dclass:[[:alnum:]]+ Dsubclass:[[:alnum:]]+ Dprotocol:[[:alnum:]]+ Iclass:[[:alnum:]]+ Isubclass:[[:alnum:]]+ Iprotocol:[[:alnum:]]+
diff --git a/logcheck/ignore.d.server/netatalk b/logcheck/ignore.d.server/netatalk
deleted file mode 100644
index 2292bc6..0000000
--- a/logcheck/ignore.d.server/netatalk
+++ /dev/null
@@ -1,4 +0,0 @@
-afpd\[[0-9]+\]: removed .*/net[\.0-9]*node[0-9]*
-afpd\[[0-9]+\]: CNID DB initialized using Sleepycat Software: Berkeley DB
-atalkd\[[0-9]+\]: .*: zip gnireply from [\.0-9]* \(.*\)
-atalkd\[[0-9]+\]: .*: zip ignoring gnireply
diff --git a/logcheck/ignore.d.server/netatalk.changes b/logcheck/ignore.d.server/netatalk.changes
new file mode 100644
index 0000000..b9fe99f
--- /dev/null
+++ b/logcheck/ignore.d.server/netatalk.changes
@@ -0,0 +1,30 @@
+afpd\[[0-9]+\]: CNID DB initialized using Sleepycat Software: Berkeley DB
+afpd\[[0-9]+\]: removed [^[:space:]]+/net[\.0-9]+node[0-9]+
+afpd\[[0-9]\]: ((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+
+afpd\[[0-9]\]: (server_child\[[0-9]+\] [0-9]+ )?(done|exited 1)
+afpd\[[0-9]\]: ASIP session:[0-9]+\([0-9]+\) from [\.:0-9]+\([0-9]+\)
+afpd\[[0-9]\]: Connection terminated
+afpd\[[0-9]\]: [\.[:alnum:]]+ read, [\.[:alnum:]]+ written
+afpd\[[0-9]\]: [^[:space:]]+: Broken pipe
+afpd\[[0-9]\]: [^[:space:]]+: Connection reset by peer
+afpd\[[0-9]\]: [^[:space:]]+: Connection timed out
+afpd\[[0-9]\]: [^[:space:]]+: No route to host
+afpd\[[0-9]\]: [^[:space:]]+: No such file or directory
+afpd\[[0-9]\]: [^[:space:]]+: Permission denied
+afpd\[[0-9]\]: [^[:space:]]+: child timed out
+afpd\[[0-9]\]: afp_openfork: ad_open: File Exists
+afpd\[[0-9]\]: asp_alrm: [0-9]+ timed out
+afpd\[[0-9]\]: login [[:alnum:]]+ \(uid [0-9]+, gid [0-9]+\)
+afpd\[[0-9]\]: login noauth
+afpd\[[0-9]\]: logout [[:alnum:]]+
+afpd\[[0-9]\]: registering [[:alnum:]]+ \(uid [0-9]+\) on [\.0-9]+ as /.+/net[\.0-9]+node[0-9]+
+afpd\[[0-9]\]: session from [\.:0-9]+ on [\.:0-9]+
+afpd\[[0-9]\]: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)
+afpd\[[0-9]\]: using codepage directory: /etc/netatalk/nls/maccode\.[\.[:alnum:]-]+
+atalkd\[[0-9]+\]: [^[:space:]]+: zip gnireply from [\.0-9]+ \([^[:space:]]+\)
+atalkd\[[0-9]+\]: [^[:space:]]+: zip ignoring gnireply
+atalkd\[[0-9]\]: [^[:space:]]+: Network is unreachable
+atalkd\[[0-9]\]: zip gnireply from [\.0-9]+ \([^[:space:]]+\)
+atalkd\[[0-9]\]: zip ignoring gnireply
+papd\[[0-9]\]: child [0-9]+ done
+papd\[[0-9]\]: child [0-9]+ for "[^[:space:]]+" from [\.0-9]+
diff --git a/logcheck/ignore.d.server/non-debian b/logcheck/ignore.d.server/non-debian
new file mode 100644
index 0000000..5ea4ca8
--- /dev/null
+++ b/logcheck/ignore.d.server/non-debian
@@ -0,0 +1,9 @@
+# These entries are for syslogd open for remote hosts
+# (and advertised through DHCP)
+#
+# HP printers
+printer: peripheral low-power state
+printer: paper out
+printer: error cleared
+printer: powered up
+printer: ready to print
diff --git a/logcheck/ignore.d.server/ntp-simple.changes b/logcheck/ignore.d.server/ntp-simple.changes
new file mode 100644
index 0000000..595d124
--- /dev/null
+++ b/logcheck/ignore.d.server/ntp-simple.changes
@@ -0,0 +1,4 @@
+ntpd\[[0-9]+\]: kern_enable is 1
+ntpd\[[0-9]+\]: precision = [0-9]+ usec
+ntpd\[[0-9]+\]: signal_no_reset: signal 13 had flags [0-9]+
+ntpd\[[0-9]+\]: using kernel phase-lock loop [0-9]+
diff --git a/logcheck/ignore.d.server/pop-before-smtp b/logcheck/ignore.d.server/pop-before-smtp
new file mode 100644
index 0000000..5b34ea0
--- /dev/null
+++ b/logcheck/ignore.d.server/pop-before-smtp
@@ -0,0 +1 @@
+pop-before-smtp\[[0-9]+\]: (opening|closing) relay for [\.0-9]+( --- not in mynetworks)?
diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix
index a2598c8..234b372 100644
--- a/logcheck/ignore.d.server/postfix
+++ b/logcheck/ignore.d.server/postfix
@@ -1,18 +1,18 @@
-postfix.* table has changed -- exiting
+postfix/[[:alnum:]]+\[[0-9]+\]: table has changed -- exiting
 postfix/cleanup\[[0-9]+\]: warning: premature end-of-input from cleanup socket while reading input attribute name
 postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied
+postfix/master\[[0-9]+\]: reload configuration
+postfix/postfix-script: refreshing the Postfix mail system
 postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered
-postfix/smtp\[[0-9]+\]: .* status=deferred \(connect to .*: (Connection refused|server refused mail service)\)
-postfix/smtp\[[0-9]+\]: connect to .*: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)
-postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [\.[:alnum:]-]+\[[\.[:digit:]]+\]
-postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for .*: [\.[:digit:]]+
+postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [\.[:alnum:]-]+\[[\.0-9]+\]
+postfix/smtp\[[0-9]+\]: [^[:space:]]+ status=deferred \(connect to [^[:space:]]+: (Connection refused|server refused mail service)\)
+postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)
+postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+
+postfix/smtp\[[0-9]+\]: warning: host [\.[:alnum:]-]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [\.[:alnum:]-]+
+postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for [^[:space:]]+ is local
 postfix/smtp\[[0-9]+\]: warning: no MX host for [\.[:alnum:]-]+ has a valid A record
-postfix/smtp\[[0-9]+\]: warning: host [\.[:alnum:]-]+\[[\.[:digit:]]+\] (greeted me|replied to HELO/EHLO) with my own hostname [\.[:alnum:]-]+
-postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [\.[:alnum:]-]+\[[\.[:digit:]]+\]
-postfix/smtpd\[[0-9]+\]: warning: .*: address not listed for hostname .*
-postfix/smtpd\[[0-9]+\]: warning: .*: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found)
-postfix/smtpd\[[0-9]+\]: warning: .* sent (message header|mail content) instead of SMTP command:
-postfix/postfix-script: refreshing the Postfix mail system
-postfix/master\[[0-9]+\]: reload configuration
-postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for .* is local
-postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from .*
+postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [\.0-9]+
+postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [\.[:alnum:]-]+\[[\.0-9]+\]
+postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command:
+postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+
+postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found)
diff --git a/logcheck/ignore.d.server/proftpd b/logcheck/ignore.d.server/proftpd
index 538a0d6..0b9bd66 100644
--- a/logcheck/ignore.d.server/proftpd
+++ b/logcheck/ignore.d.server/proftpd
@@ -1,7 +1,7 @@
-proftpd\[[0-9]+\]: .* \(.*\[[\.[:digit:]]+\]\) - FTP session opened\.
-proftpd\[[0-9]+\]: .* \(.*\[[\.[:digit:]]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)? \(Login failed\): Can't find user\.
-proftpd\[[0-9]+\]: .* \(.*\[[\.[:digit:]]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)?: no such user found from .*\[[\.[:digit:]]+\] to [\.[:digit:]]+
-proftpd\[[0-9]+\]: .* \(.*\[[\.[:digit:]]+\]\) - no such user '(anonymous|ftp)(@[\.[:alnum:]]+)?'
-proftpd\[[0-9]+\]: connect from [\.[:digit:]]+
+proftpd\[[0-9]+\]: .* \(.*\[[\.0-9]+\]\) - FTP session opened\.
+proftpd\[[0-9]+\]: .* \(.*\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)? \(Login failed\): Can't find user\.
+proftpd\[[0-9]+\]: .* \(.*\[[\.0-9]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)?: no such user found from .*\[[\.0-9]+\] to [\.0-9]+
+proftpd\[[0-9]+\]: .* \(.*\[[\.0-9]+\]\) - no such user '(anonymous|ftp)(@[\.[:alnum:]]+)?'
+proftpd\[[0-9]+\]: connect from [\.0-9]+
 proftpd\[[0-9]+\]: No certificate files found!
 proftpd\[[0-9]+\]:.* (.*\[.*\]) - Refused PORT.* (address mismatch)\.
diff --git a/logcheck/ignore.d.server/samba b/logcheck/ignore.d.server/samba
index f46a3fe..0907448 100644
--- a/logcheck/ignore.d.server/samba
+++ b/logcheck/ignore.d.server/samba
@@ -1,2 +1,2 @@
 smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)
-smbd\[[0-9]+\]: \[.*\] lib/util_sock.c:read(_socket)?_data\([[:digit:]]+\)
+smbd\[[0-9]+\]: \[[/0-9]+ [:0-9]+, [0-9]+\] lib/util_sock.c:read(_socket)?_data\([0-9]+\)
diff --git a/logcheck/ignore.d.server/squid b/logcheck/ignore.d.server/squid
index a778073..0317776 100644
--- a/logcheck/ignore.d.server/squid
+++ b/logcheck/ignore.d.server/squid
@@ -1,8 +1,8 @@
-squid\[[0-9]+\]:   Finished.  Wrote [[:digit:]]+ entries\.
-squid\[[0-9]+\]:   Took [\.[:digit:]]+ seconds \(.* entries/sec\)\.
+squid\[[0-9]+\]:   Finished.  Wrote [0-9]+ entries\.
+squid\[[0-9]+\]:   Took [\.0-9]+ seconds \(.* entries/sec\)\.
 squid\[[0-9]+\]: (access|store)LogRotate: Rotating(\.)?
 squid\[[0-9]+\]: logfileRotate: /var/log/squid/(access|store).log
-squid\[[0-9]+\]: (Closing Pinger socket|Pinger socket opened) on FD [[:digit:]]+
+squid\[[0-9]+\]: (Closing Pinger socket|Pinger socket opened) on FD [0-9]+
 squid\[[0-9]+\]: NETDB state saved;
 squid\[[0-9]+\]: storeDirWriteCleanLogs: Starting\.\.\.
-squid\[[0-9]+\]: helperOpenServers: Starting [[:digit:]]+ '.*' processes
+squid\[[0-9]+\]: helperOpenServers: Starting [0-9]+ '.*' processes
diff --git a/logcheck/ignore.d.server/ssh b/logcheck/ignore.d.server/ssh
index fb0a3a8..835ed1e 100644
--- a/logcheck/ignore.d.server/ssh
+++ b/logcheck/ignore.d.server/ssh
@@ -1,11 +1,11 @@
 sshd\[[0-9]+\]: syslogin_perform_logout: logout\(\) returned an error
 sshd\[[0-9]+\]: Could not reverse map address .*\.
 sshd\[[0-9]+\]: Connection closed by .*
-sshd\[[0-9]+\]: Did not receive ident(ification)? string from [\.[:digit:]]+
-sshd\[[0-9]+\]: scanned from [\.[:digit:]]+ with SSH-1\.0-SSH_Version_Mapper\.  Don't panic\.
+sshd\[[0-9]+\]: Did not receive ident(ification)? string from [\.0-9]+
+sshd\[[0-9]+\]: scanned from [\.0-9]+ with SSH-1\.0-SSH_Version_Mapper\.  Don't panic\.
 sshd\[[0-9]+\]: Disconnecting: Your ssh version is too old and is no longer supported\.  Please install a newer version\.
-sshd\[[0-9]+\]: Accepted (keyboard-interactive|publickey) for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2
+sshd\[[0-9]+\]: Accepted (keyboard-interactive|publickey) for [[:alnum:]]+ from [\.0-9]+ port [0-9]+ ssh2
 sshd\[[0-9]+\]: warning: /etc/hosts.deny, line 15: can't verify hostname: gethostbyname(.*) failed
 sshd\[[0-9]+\]: refused connect from .*
-sshd\[[0-9]+\]: Received disconnect from [\.[:digit:]]+: 11: Disconnect requested by Windows SSH Client.
+sshd\[[0-9]+\]: Received disconnect from [\.0-9]+: 11: Disconnect requested by Windows SSH Client.
 sshd\[[0-9]+\]: subsystem request for sftp
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index c7e66a7..39883bd 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -1,39 +1,58 @@
+## imp
 IMP\[[0-9]+\]: FAILED .* to .*:143 as .*
+## libpam-modules
 PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
+# old-style pam entries (no longer provided by logcheck but needed on woody
+PAM_.*: .* session (opened|closed) for user .*
+## netatalk
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*)
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory
 afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
 afpd\[[0-9]+\]: bad function 7A
 atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
+## hylafax-server
 FaxGetty\[[0-9]+\]: ANSWER: Can not lock modem device
 gnome-name-server\[[0-9]+\]: server_is_alive: .*
+## uw-imap
 i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
-ipppd\[[0-9]+\]: Connect\[0\]: /dev/ippp[[:digit:]], fd: 12
-kernel: Disorder[[:digit:]] [[:digit:]] [[:digit:]] f[[:digit:]] s[[:digit:]] rr[[:digit:]]
+## ppp
+ipppd\[[0-9]+\]: Connect\[0\]: /dev/ippp[0-9], fd: 12
+## misc
+kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9]
 kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
-kernel: OPEN: [\.[:digit:]]* -> [\.[:digit:]]* UDP, port: [[:digit:]]* -> [[:digit:]]*
+kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]*
 kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
-kernel: lp[[:digit:]]: compatibility mode
+kernel: lp[0-9]: compatibility mode
 kernel: Undo( partial)? (Hoe|loss|retrans)
+printer: offline or intervention needed
+## ntp-simple
 ntpd\[[0-9]+\]: synchronisation lost
 ntpd\[[0-9]+\]: synchronisation lost
-ntpd\[[0-9]+\]: time reset [\.[:digit:]-]* .
-ntpd\[[0-9]+\]: time reset [\.[:digit:]-]+ s
+ntpd\[[0-9]+\]: time reset [\.0-9-]* .
+ntpd\[[0-9]+\]: time reset [\.0-9-]+ s
+## portsentry
 portsentry\[[0-9]+\]: attackalert: .*
+## pump
 pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
+## samba
 smbd\[[0-9]+\]:   read_socket_data: recv failure for 4. Error = No route to host
 smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
+smbd\[[0-9]+\]: \[[/[0-9]]+ [:[0-9]]+, 0\] smbd/service.c:find_service\([0-9]+\)
 smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.
-smbd\[[0-9]+\]: \[.*\] smbd/connection.c:yield_connection\([[:digit:]]+\)
-smbd\[[0-9]+\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([[:digit:]]+\)
+smbd\[[0-9]+\]: \[.*\] smbd/connection.c:yield_connection\([0-9]+\)
+smbd\[[0-9]+\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([0-9]+\)
 sshd\[[0-9]+\]: Failed password for .*
 sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096
+## dhcp
 dhcpd-2.2.x: BOOTREQUEST from (00:20:6b:18:20:35|08:00:86:11:2b:71)
 dhcpd-2.2.x: No applicable record for BOOTP host (00:20:6b:18:20:35|08:00:86:11:2b:71)
+## postfix
 postfix.*\[[0-9]+\]: .* from=<groove@mailomat.grooveattack.com>
-postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.[:digit:]]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
+postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.0-9]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
+
 rpc.mountd: authenticated mount request from .* for .*
+## snort
 snort: .*FrontPage
 snort: IDS015 - RPC - portmap-request-status:
 snort: IDS029 - SCAN-Possible Queso Fingerprint attempt:
@@ -54,10 +73,7 @@ snort: spp_portscan: PORTSCAN DETECTED
 snort: spp_portscan: portscan status from
 snort: WEB-../..:
 snort: WEB-CGI-upload.pl:
+## postgres
 postgres\[[0-9]+\]: \[.*\] DEBUG:
 postgres\[[0-9]+\]: \[[0-9-]*\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
 postgres\[[0-9]+\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
-printer: offline or intervention needed
-#old-style pam entries (no longer provided by logcheck but needed on woody
-PAM_.*: .* session opened for user .*
-PAM_.*: .* session closed for user .*
diff --git a/logcheck/ignore.d.server/uw-imap b/logcheck/ignore.d.server/uw-imap.changes
index cda8438..42a56ef 100644
--- a/logcheck/ignore.d.server/uw-imap
+++ b/logcheck/ignore.d.server/uw-imap.changes
@@ -1,12 +1,12 @@
 imapd\[[0-9]+\]: (port 143|imap|imaps SSL) service init from
-imapd\[[0-9]+\]: No route to host, while reading line user=.* host=(.*\[.*\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(.*\[.*\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(.*\[.*\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Moved [[:digit:]]+ bytes of new mail to .* from .* host=(.*\[.*\]|UNKNOWN)
-i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(.*\[.*\]|UNKNOWN)
-ipop[2|3]d\[[0-9]+\]: (connect|pop3(s SSL)? service init) from [\.[:digit:]]+
-ipop3d\[[0-9]+\]: Trying to get mailbox lock from process [[:digit:]]+
-ipop3d\[[0-9]+\]: Error opening or locking INBOX user=.* host=(.*\[.*\]|UNKNOWN)
+imapd\[[0-9]+\]: No route to host, while reading line user=.* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to .* from .* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
+i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
+ipop[2|3]d\[[0-9]+\]: (connect|pop3(s SSL)? service init) from [\.0-9]+
+ipop3d\[[0-9]+\]: Trying to get mailbox lock from process [0-9]+
+ipop3d\[[0-9]+\]: Error opening or locking INBOX user=.* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
 ipop3d\[[0-9]+\]: Expunge ignored on readonly mailbox
 ipop3d\[[0-9]+\]: Mailbox is open by another process, access is readonly
-ipop3d\[[0-9]+\]: Moved .* bytes of new mail to .* from .* host=(.*\[.*\]|UNKNOWN)
+ipop3d\[[0-9]+\]: Moved .* bytes of new mail to .* from .* host=([^[:space:]]+ \[[\.0-9]+\]|UNKNOWN)
diff --git a/logcheck/ignore.d.workstation/bind b/logcheck/ignore.d.workstation/bind
new file mode 100644
index 0000000..2502c15
--- /dev/null
+++ b/logcheck/ignore.d.workstation/bind
@@ -0,0 +1 @@
+named\[[0-9]+\]: ns_forw: sendto.*: Network is unreachable
diff --git a/logcheck/ignore.d.workstation/dhcp-client b/logcheck/ignore.d.workstation/dhcp-client
index d76233b..23be14b 100644
--- a/logcheck/ignore.d.workstation/dhcp-client
+++ b/logcheck/ignore.d.workstation/dhcp-client
@@ -1,8 +1,4 @@
-dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [[:digit:]]+)?
 dhclient(-2.2.x)?: No working leases in persistent database( - sleeping)?\.
 dhclient(-2.2.x)?: Sleeping\.
 dhclient(-2.2.x)?: No DHCPOFFERS received\.
-dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.[:digit:]]+
-dhclient(-2.2.x)?: bound to .* -- renewal in [[:digit:]]+ seconds\.
-dhclient(-2.2.x)?: irda0: unknown hardware address type 783
-dhclient(-2.2.x)?: receive_packet failed on eth[[:digit:]]: Network is down
+dhclient(-2.2.x)?: receive_packet failed on eth[0-9]: Network is down
diff --git a/logcheck/ignore.d.workstation/gconf.changes b/logcheck/ignore.d.workstation/gconf.changes
new file mode 100644
index 0000000..25cdf5c
--- /dev/null
+++ b/logcheck/ignore.d.workstation/gconf.changes
@@ -0,0 +1,6 @@
+gconfd \(.*\): starting \(version [\.0-9]+\), pid [0-9]+ user '.*'
+gconfd \(.*\): Resolved address "xml:readonly:.*" to a read-only config source at position [0-9]+
+gconfd \(.*\): Resolved address "xml:readwrite:.*" to a writable config source at position [0-9]+
+gconfd \(.*\): CORBA_ORB_destroy: ORB still has [0-9]+ refs\.
+gconfd \(.*\): GConf server is not in use, shutting down\.
+gconfd \(.*\): Exiting
diff --git a/logcheck/ignore.d.workstation/gconf.da_DK b/logcheck/ignore.d.workstation/gconf.da_DK
new file mode 100644
index 0000000..92343c9
--- /dev/null
+++ b/logcheck/ignore.d.workstation/gconf.da_DK
@@ -0,0 +1,6 @@
+gconfd \(.*\): Modtog signal 15, lukker pænt ned
+gconfd \(.*\): starter \(version [\.0-9]+\), pid [0-9]+ bruger '.*'
+gconfd \(.*\): Bestemte adressen "xml:readonly:.*" til en skrivebeskyttet konfigureringskilde ved position [0-9]+
+gconfd \(.*\): Bestemte adressen "xml:readwrite:.*" til en skrivbar konfigureringskilde ved position [0-9]+
+gconfd \(.*\): GConf-server er ikke i brug, lukker ned\.
+gconfd \(.*\): Afslutter
diff --git a/logcheck/ignore.d.workstation/gconfd b/logcheck/ignore.d.workstation/gconfd
deleted file mode 100644
index 529f177..0000000
--- a/logcheck/ignore.d.workstation/gconfd
+++ /dev/null
@@ -1 +0,0 @@
-gconfd \(.*\): Modtog signal 15, lukker pænt ned
diff --git a/logcheck/ignore.d.workstation/gdm b/logcheck/ignore.d.workstation/gdm
index f85824e..31a06b5 100644
--- a/logcheck/ignore.d.workstation/gdm
+++ b/logcheck/ignore.d.workstation/gdm
@@ -1,4 +1 @@
-gdm\[[0-9]+\]: run_pictures: Directory .* does not exist\.
-gdm\[[0-9]+\]: run_pictures: Mappen .* eksisterer ikke\.
-gdm\[[0-9]+\]: run_pictures: /usr/share/pixmaps er ikke ejet af uid .*\.
-gdm\[[0-9]+\]: \(child [0-9]*\) gdm_slave_xioerror_handler: Fatal X-fejl - genstarter [0-9:\.]*
+gdm\[[0-9]+\]: run_pictures: Directory [^[:space:]] does not exist\.
diff --git a/logcheck/ignore.d.workstation/hotplug b/logcheck/ignore.d.workstation/hotplug
deleted file mode 100644
index 6f71f43..0000000
--- a/logcheck/ignore.d.workstation/hotplug
+++ /dev/null
@@ -1,2 +0,0 @@
-/etc/hotplug/net.agent: invoke if(up|down) (eth|ppp)[[:digit:]]
-/etc/hotplug/net.agent: assuming (eth|ppp)[[:digit:]] is already up
diff --git a/logcheck/ignore.d.workstation/libgnorba b/logcheck/ignore.d.workstation/libgnorba
new file mode 100644
index 0000000..da9f4c0
--- /dev/null
+++ b/logcheck/ignore.d.workstation/libgnorba
@@ -0,0 +1,3 @@
+gnome-name-server\[[0-9]+\]: starting
+gnome-name-server\[[0-9]+\]: name server starting
+gnome-name-server\[[0-9]+\]: server_is_alive: .*
diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local
deleted file mode 100644
index 8814e7d..0000000
--- a/logcheck/ignore.d.workstation/local
+++ /dev/null
@@ -1,21 +0,0 @@
-gnome-name-server\[[0-9]+\]: starting
-gnome-name-server\[[0-9]+\]: name server starting
-gnome-name-server\[[0-9]+\]: server_is_alive: .*
-gconfd \(.*\): starting \(version [\.[:digit:]]+\), pid [[:digit:]]+ user '.*'
-gconfd \(.*\): Resolved address "xml:readonly:.*" to a read-only config source at position [[:digit:]]+
-gconfd \(.*\): Resolved address "xml:readwrite:.*" to a writable config source at position [[:digit:]]+
-gconfd \(.*\): CORBA_ORB_destroy: ORB still has [[:digit:]]+ refs\.
-gconfd \(.*\): GConf server is not in use, shutting down\.
-gconfd \(.*\): Exiting
-gconfd \(.*\): starter \(version [\.[:digit:]]+\), pid [[:digit:]]+ bruger '.*'
-gconfd \(.*\): Bestemte adressen "xml:readonly:.*" til en skrivebeskyttet konfigureringskilde ved position [[:digit:]]+
-gconfd \(.*\): Bestemte adressen "xml:readwrite:.*" til en skrivbar konfigureringskilde ved position [[:digit:]]+
-gconfd \(.*\): GConf-server er ikke i brug, lukker ned\.
-gconfd \(.*\): Afslutter
-named\[[0-9]+\]: .*: query\(.*\) NS points to CNAME \(.*\)
-named\[[0-9]+\]: NSTATS [[:digit:]]+ [[:digit:]]+
-named\[[0-9]+\]: .* All possible .* lame
-named\[[0-9]+\]: ns_forw: sendto.*: Network is unreachable
-init: Entering runlevel: 2
-syslogd started: BusyBox v[\.[:digit:]]+ \(.*\)
-rpc.mountd: authenticated mount request from 192\.168\..* for /home/opt/ltsp/i386 \(/home/opt/ltsp/i386\)
diff --git a/logcheck/ignore.d.workstation/ntpdate b/logcheck/ignore.d.workstation/ntpdate
index 4681e2a..9851073 100644
--- a/logcheck/ignore.d.workstation/ntpdate
+++ b/logcheck/ignore.d.workstation/ntpdate
@@ -1,3 +1,3 @@
 ntpdate\[[0-9]+\]: can't find host
 ntpdate\[[0-9]+\]: no servers can be used, exiting
-ntpdate\[[0-9]+\]: step time server [\.[:digit:]]+ offset [\.[:digit:]]+ sec
+ntpdate\[[0-9]+\]: step time server [\.0-9]+ offset [\.0-9]+ sec
diff --git a/logcheck/violations.ignore.d/bind b/logcheck/violations.ignore.d/bind
index 7f1cf75..4e9cde9 100644
--- a/logcheck/violations.ignore.d/bind
+++ b/logcheck/violations.ignore.d/bind
@@ -1,2 +1,2 @@
 named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out
-named\[[0-9]+\]: client [\.[:digit:]]+#[:digit:]+: update forwarding denied
+named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied
diff --git a/logcheck/violations.ignore.d/dhcp-client b/logcheck/violations.ignore.d/dhcp-client
index 93161b4..75ee45d 100644
--- a/logcheck/violations.ignore.d/dhcp-client
+++ b/logcheck/violations.ignore.d/dhcp-client
@@ -1,2 +1,2 @@
 dhcpd-2.2.x: (send_packet|fallback_discard): Connection refused
-dhclient-2.2.x: receive_packet failed on eth[[:digit:]]: Network is down
+dhclient-2.2.x: receive_packet failed on eth[0-9]: Network is down
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
deleted file mode 100644
index 44ff554..0000000
--- a/logcheck/violations.ignore.d/local
+++ /dev/null
@@ -1 +0,0 @@
-kernel: Packet log: input DENY eth[[:digit:]]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[[:digit:]]+ F=0x0000 T=[[:digit:]]+ \(#[[:digit:]]+\)
diff --git a/logcheck/violations.ignore.d/misc b/logcheck/violations.ignore.d/misc
new file mode 100644
index 0000000..b2324e4
--- /dev/null
+++ b/logcheck/violations.ignore.d/misc
@@ -0,0 +1,2 @@
+# This one shows up with firewalls blocking SMB ports non-silently
+kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\)
diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix
index 2a1de74..6724802 100644
--- a/logcheck/violations.ignore.d/postfix
+++ b/logcheck/violations.ignore.d/postfix
@@ -8,8 +8,9 @@ postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 552 header content rej
 postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <.*>: Sender address rejected: Domain not found\)
 postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <.*>: Recipient address rejected: Recipient mailbox is full\)
 postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 451 Transaction failed.\)
-postfix/smtp\[[0-9]+\]: connect to .*\[[\.[:digit:]]+\]: (Connection refused|server refused mail service) \(port 25\)
-postfix/smtpd\[[0-9]+\]: reject: RCPT from .*\[[\.[:digit:]]+\]: 550 <.*>: User unknown; from=<.*> to=<.*>
-postfix/smtpd\[[0-9]+\]: reject: RCPT from .*\[[\.[:digit:]]+\]: 554 Service unavailable; .* blocked using .*; from=<.*> to=<.*>
-postfix/smtpd\[[0-9]+\]: reject: RCPT from .*\[[\.[:digit:]]+\]: 554 <.*>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<.*> to=<.*>
+postfix/smtp\[[0-9]+\]: connect to .*\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)
+postfix/smtpd\[[0-9]+\]: reject: RCPT from .*\[[\.0-9]+\]: 550 <.*>: User unknown; from=<.*> to=<.*>
+postfix/smtpd\[[0-9]+\]: reject: RCPT from .*\[[\.0-9]+\]: 554 Service unavailable; .* blocked using .*; from=<.*> to=<.*>
+postfix/smtpd\[[0-9]+\]: reject: RCPT from .*\[[\.0-9]+\]: 554 <.*>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<.*> to=<.*>
 postfix/smtpd\[[0-9]+\]: warning: .*: hostname .* verification failed: Host not found
+postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^[:space:]]+\)
diff --git a/logcheck/violations.ignore.d/ssh b/logcheck/violations.ignore.d/ssh
index cf49325..a965214 100644
--- a/logcheck/violations.ignore.d/ssh
+++ b/logcheck/violations.ignore.d/ssh
@@ -1 +1 @@
-sshd\[[0-9]+\]: Failed keyboard-interactive for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2
+sshd\[[0-9]+\]: Failed keyboard-interactive for [[:alnum:]]+ from [\.0-9]+ port [0-9]+ ssh2
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp
index 42a6910..63adb98 100644
--- a/logcheck/violations.ignore.d/temp
+++ b/logcheck/violations.ignore.d/temp
@@ -3,7 +3,7 @@ afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp(/kp|/kps
 afpd\[[0-9]+\]: bad function 7A
 afpd\[[0-9]+\]: cnid_open: Cannot establish logfile cleanup lock for database environment .*/\.AppleDB/cnid\.lock \(open\(\) failed\)
 afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied
-afpd\[[0-9]+\]: error removing /.+/net[\.[:digit:]]+node[[:digit:]]+: Permission denied
+afpd\[[0-9]+\]: error removing /.+/net[\.0-9]+node[0-9]+: Permission denied
 afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
 IMP\[[0-9]+\]: FAILED .* to .*:143 as .*
 i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]