12 files changed, 100 insertions, 65 deletions

diff --git a/logcheck/ignore.d.server/amavis b/logcheck/ignore.d.server/amavis
index d79389f..1053d1e 100644
--- a/logcheck/ignore.d.server/amavis
+++ b/logcheck/ignore.d.server/amavis
@@ -3,4 +3,4 @@ amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:spac
 amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)?
 amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT)
 amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+
-amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[,_A-Z0-9]+ <[^[:space:]]*>
+amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^[:space:]]*>
diff --git a/logcheck/ignore.d.server/bind b/logcheck/ignore.d.server/bind
index bbe7936..b82716f 100644
--- a/logcheck/ignore.d.server/bind
+++ b/logcheck/ignore.d.server/bind
@@ -8,3 +8,4 @@ named\[[0-9]+\]: transfer of '.*/IN' from .*: end of transfer
 named\[[0-9]+\]: zone .*/IN: sending notifies \(serial [0-9]+\)
 named\[[0-9]+\]: rcvd NOTIFY\(.*, IN, SOA\) from \[.*\]\.[0-9]+
 named\[[0-9]+\]: late CNAME in answer section for .*
+named\[[0-9]+\]: ns_forw: query\([\.0-9]+\.in-addr\.arpa\) Bogus LOOPBACK A RR \([^[:space:]]+:[\.0-9]+\) learnt \(A=[\.0-9]+:NS=[\.0-9]+\)
diff --git a/logcheck/ignore.d.server/dhcp3-common b/logcheck/ignore.d.server/dhcp3-common
index 6f503a6..5c6943f 100644
--- a/logcheck/ignore.d.server/dhcp3-common
+++ b/logcheck/ignore.d.server/dhcp3-common
@@ -5,7 +5,7 @@ dhcpd: DHCPACK to [\.0-9]+
 dhcpd: DHCPDISCOVER from [0-9a-f:]+ via eth[0-9]+
 dhcpd: DHCPINFORM from [\.0-9]+
 dhcpd: DHCPRELEASE of [\.0-9]+
-dhcpd: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+
+dhcpd: DHCPREQUEST for [\.0-9]+( \([\.0-9]+\))? from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+
 dhcpd: ICMP Echo reply while lease [\.0-9]+ valid.
 dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\.
 dhcpd: accepting packet with data after udp payload.
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
index 4556eed..095d6d2 100644
--- a/logcheck/ignore.d.server/local
+++ b/logcheck/ignore.d.server/local
@@ -6,7 +6,7 @@ amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:spac
 amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)?
 amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT)
 amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+
-amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[,_A-Z0-9]+ <[^[:space:]]*>
+amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^[:space:]]*>
 ### ignore.d.server/anacron
 anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?
 anacron\[[0-9]+\]: Normal exit
@@ -26,6 +26,7 @@ named\[[0-9]+\]: transfer of '.*/IN' from .*: end of transfer
 named\[[0-9]+\]: zone .*/IN: sending notifies \(serial [0-9]+\)
 named\[[0-9]+\]: rcvd NOTIFY\(.*, IN, SOA\) from \[.*\]\.[0-9]+
 named\[[0-9]+\]: late CNAME in answer section for .*
+named\[[0-9]+\]: ns_forw: query\([\.0-9]+\.in-addr\.arpa\) Bogus LOOPBACK A RR \([^[:space:]]+:[\.0-9]+\) learnt \(A=[\.0-9]+:NS=[\.0-9]+\)
 ### ignore.d.server/bind.tmp
 named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out
 named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied
@@ -57,6 +58,17 @@ dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [0-9]+)?
 dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+
 dhclient(-2.2.x)?: bound to .* -- renewal in [0-9]+ seconds\.
 dhclient(-2.2.x)?: irda0: unknown hardware address type 783
+### ignore.d.server/dhcp.changes
+# NB: dhcp3 entries are in dhcp3-common
+dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer)
+dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+
+dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+
+dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+
+dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+
+dhcpd-2.2.x: DHCPINFORM from [\.0-9]+
+dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+
+dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\)
+dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+
 ### ignore.d.server/dhcp3-common
 dhcpd: Abandoning IP address [\.0-9]+: pinged before offer
 dhcpd: BOOTREQUEST from [0-9a-f:]+
@@ -65,22 +77,11 @@ dhcpd: DHCPACK to [\.0-9]+
 dhcpd: DHCPDISCOVER from [0-9a-f:]+ via eth[0-9]+
 dhcpd: DHCPINFORM from [\.0-9]+
 dhcpd: DHCPRELEASE of [\.0-9]+
-dhcpd: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+
+dhcpd: DHCPREQUEST for [\.0-9]+( \([\.0-9]+\))? from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+
 dhcpd: ICMP Echo reply while lease [\.0-9]+ valid.
 dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\.
 dhcpd: accepting packet with data after udp payload.
 dhcpd: ip length 576 disagrees with bytes received 590.
-### ignore.d.server/dhcp.changes
-# NB: dhcp3 entries are in dhcp3-common
-dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer)
-dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+
-dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+
-dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+
-dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+
-dhcpd-2.2.x: DHCPINFORM from [\.0-9]+
-dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+
-dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\)
-dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+
 ### ignore.d.server/gdm
 gdm\[[0-9]+\]: run_pictures: .*/.gnome/gdm .*\.
 ### ignore.d.server/gdm.da_DK
@@ -199,10 +200,10 @@ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by
 postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+
 postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+
 postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for [^[:space:]]+ is local
-postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: \\[0-9]+
+postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+
 postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record
-postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [\.0-9]+
-postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): \\[0-9]+
+postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+
+postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): [^[:space:]]+
 postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]
 postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command:
 postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+
@@ -292,6 +293,12 @@ kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I
 kernel: lp[0-9]: compatibility mode
 kernel: Undo( partial)? (Hoe|loss|retrans)
 printer: offline or intervention needed
+## Non-UDMA hd cable
+kernel: hda: status timeout: status=0xd0 { Busy }
+kernel: hda: no DRQ after issuing WRITE
+kernel: ide0: reset: success
+## Postfix SASL not working
+postfix/smtpd\[[0-9]+\]: unable to open Berkeley db /etc/sasldb: No such file or directory
 ## ntp-simple
 ntpd\[[0-9]+\]: synchronisation lost
 ntpd\[[0-9]+\]: synchronisation lost
@@ -337,9 +344,9 @@ snort: spp_portscan: portscan status from
 snort: WEB-../..:
 snort: WEB-CGI-upload.pl:
 ## postgres
-postgres\[[0-9]+\]: \[.*\] DEBUG:
-postgres\[[0-9]+\]: \[[0-9-]*\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
-postgres\[[0-9]+\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
+postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
+postgres\[[0-9]+\]: \[[0-9-]+\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
+postgres\[[0-9]+\]: \[[0-9-]+\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
 ## amavis
 amavis\[[0-9]+\]: warning - MIME::Parser error: .*
 ### ignore.d.server/ucd-snmp
@@ -347,7 +354,7 @@ ucd-snmp\[[0-9]+\]: Connection from .*
 ### ignore.d.server/uw-imap.changes
 i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)
 i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 imapd\[[0-9]+\]: (port 143|imap|imaps SSL) service init from
 imapd\[[0-9]+\]: No route to host, while reading line user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix
index 18b63b7..6215d90 100644
--- a/logcheck/ignore.d.server/postfix
+++ b/logcheck/ignore.d.server/postfix
@@ -10,10 +10,10 @@ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by
 postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+
 postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+
 postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for [^[:space:]]+ is local
-postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: \\[0-9]+
+postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+
 postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record
-postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [\.0-9]+
-postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): \\[0-9]+
+postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+
+postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): [^[:space:]]+
 postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]
 postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command:
 postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index 1c4e59a..c780c22 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -26,6 +26,12 @@ kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I
 kernel: lp[0-9]: compatibility mode
 kernel: Undo( partial)? (Hoe|loss|retrans)
 printer: offline or intervention needed
+## Non-UDMA hd cable
+kernel: hda: status timeout: status=0xd0 { Busy }
+kernel: hda: no DRQ after issuing WRITE
+kernel: ide0: reset: success
+## Postfix SASL not working
+postfix/smtpd\[[0-9]+\]: unable to open Berkeley db /etc/sasldb: No such file or directory
 ## ntp-simple
 ntpd\[[0-9]+\]: synchronisation lost
 ntpd\[[0-9]+\]: synchronisation lost
@@ -71,8 +77,8 @@ snort: spp_portscan: portscan status from
 snort: WEB-../..:
 snort: WEB-CGI-upload.pl:
 ## postgres
-postgres\[[0-9]+\]: \[.*\] DEBUG:
-postgres\[[0-9]+\]: \[[0-9-]*\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
-postgres\[[0-9]+\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
+postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
+postgres\[[0-9]+\]: \[[0-9-]+\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
+postgres\[[0-9]+\]: \[[0-9-]+\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
 ## amavis
 amavis\[[0-9]+\]: warning - MIME::Parser error: .*
diff --git a/logcheck/ignore.d.server/uw-imap.changes b/logcheck/ignore.d.server/uw-imap.changes
index a8d3cab..892c210 100644
--- a/logcheck/ignore.d.server/uw-imap.changes
+++ b/logcheck/ignore.d.server/uw-imap.changes
@@ -1,6 +1,6 @@
 i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)
 i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 imapd\[[0-9]+\]: (port 143|imap|imaps SSL) service init from
 imapd\[[0-9]+\]: No route to host, while reading line user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local
index 3510218..be0b0d8 100644
--- a/logcheck/ignore.d.workstation/local
+++ b/logcheck/ignore.d.workstation/local
@@ -6,7 +6,7 @@ amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:spac
 amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)?
 amavis\[[0-9]+\]: mail checking ended: (DISCARD|REJECT)
 amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+
-amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[,_A-Z0-9]+ <[^[:space:]]*>
+amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^[:space:]]*>
 ### ignore.d.server/anacron
 anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?
 anacron\[[0-9]+\]: Normal exit
@@ -26,6 +26,7 @@ named\[[0-9]+\]: transfer of '.*/IN' from .*: end of transfer
 named\[[0-9]+\]: zone .*/IN: sending notifies \(serial [0-9]+\)
 named\[[0-9]+\]: rcvd NOTIFY\(.*, IN, SOA\) from \[.*\]\.[0-9]+
 named\[[0-9]+\]: late CNAME in answer section for .*
+named\[[0-9]+\]: ns_forw: query\([\.0-9]+\.in-addr\.arpa\) Bogus LOOPBACK A RR \([^[:space:]]+:[\.0-9]+\) learnt \(A=[\.0-9]+:NS=[\.0-9]+\)
 ### ignore.d.server/bind.tmp
 named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out
 named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied
@@ -57,6 +58,17 @@ dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on .* to .* port 67( interval [0-9]+)?
 dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+
 dhclient(-2.2.x)?: bound to .* -- renewal in [0-9]+ seconds\.
 dhclient(-2.2.x)?: irda0: unknown hardware address type 783
+### ignore.d.server/dhcp.changes
+# NB: dhcp3 entries are in dhcp3-common
+dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer)
+dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+
+dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+
+dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+
+dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+
+dhcpd-2.2.x: DHCPINFORM from [\.0-9]+
+dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+
+dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\)
+dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+
 ### ignore.d.server/dhcp3-common
 dhcpd: Abandoning IP address [\.0-9]+: pinged before offer
 dhcpd: BOOTREQUEST from [0-9a-f:]+
@@ -65,22 +77,11 @@ dhcpd: DHCPACK to [\.0-9]+
 dhcpd: DHCPDISCOVER from [0-9a-f:]+ via eth[0-9]+
 dhcpd: DHCPINFORM from [\.0-9]+
 dhcpd: DHCPRELEASE of [\.0-9]+
-dhcpd: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+
+dhcpd: DHCPREQUEST for [\.0-9]+( \([\.0-9]+\))? from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+
 dhcpd: ICMP Echo reply while lease [\.0-9]+ valid.
 dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\.
 dhcpd: accepting packet with data after udp payload.
 dhcpd: ip length 576 disagrees with bytes received 590.
-### ignore.d.server/dhcp.changes
-# NB: dhcp3 entries are in dhcp3-common
-dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer)
-dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ ([0-9a-f:]+) via eth[0-9]+
-dhcpd-2.2.x: BOOTREQUEST from [0-9a-f:]+
-dhcpd-2.2.x: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+ via eth[0-9]+
-dhcpd-2.2.x: DHCPDISCOVER from .* via eth[0-9]+
-dhcpd-2.2.x: DHCPINFORM from [\.0-9]+
-dhcpd-2.2.x: DHCPDECLINE on [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+
-dhcpd-2.2.x: DHCPRELEASE of [\.0-9]+ from [0-9a-f:]+ via eth[0-9]+ \((not )?found\)
-dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+
 ### ignore.d.server/gdm
 gdm\[[0-9]+\]: run_pictures: .*/.gnome/gdm .*\.
 ### ignore.d.server/gdm.da_DK
@@ -199,10 +200,10 @@ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+: (Connection (refused|reset by
 postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from [^[:space:]]+
 postfix/smtp\[[0-9]+\]: warning: host [^[:space:]]+\[[\.0-9]+\] (greeted me|replied to HELO/EHLO) with my own hostname [^[:space:]]+
 postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for [^[:space:]]+ is local
-postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: \\[0-9]+
+postfix/smtp\[[0-9]+\]: warning: malformed domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+
 postfix/smtp\[[0-9]+\]: warning: no MX host for [^[:space:]]+ has a valid A record
-postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [\.0-9]+
-postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): \\[0-9]+
+postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for [^[:space:]]+: [^[:space:]]+
+postfix/smtp\[[0-9]+\]: warning: valid_hostname: invalid character [0-9]+\(decimal\): [^[:space:]]+
 postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [^[:space:]]+\[[\.0-9]+\]
 postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+ sent (message header|mail content) instead of SMTP command:
 postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+: address not listed for hostname [^[:space:]]+
@@ -292,6 +293,12 @@ kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I
 kernel: lp[0-9]: compatibility mode
 kernel: Undo( partial)? (Hoe|loss|retrans)
 printer: offline or intervention needed
+## Non-UDMA hd cable
+kernel: hda: status timeout: status=0xd0 { Busy }
+kernel: hda: no DRQ after issuing WRITE
+kernel: ide0: reset: success
+## Postfix SASL not working
+postfix/smtpd\[[0-9]+\]: unable to open Berkeley db /etc/sasldb: No such file or directory
 ## ntp-simple
 ntpd\[[0-9]+\]: synchronisation lost
 ntpd\[[0-9]+\]: synchronisation lost
@@ -337,9 +344,9 @@ snort: spp_portscan: portscan status from
 snort: WEB-../..:
 snort: WEB-CGI-upload.pl:
 ## postgres
-postgres\[[0-9]+\]: \[.*\] DEBUG:
-postgres\[[0-9]+\]: \[[0-9-]*\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
-postgres\[[0-9]+\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
+postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
+postgres\[[0-9]+\]: \[[0-9-]+\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
+postgres\[[0-9]+\]: \[[0-9-]+\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
 ## amavis
 amavis\[[0-9]+\]: warning - MIME::Parser error: .*
 ### ignore.d.server/ucd-snmp
@@ -347,7 +354,7 @@ ucd-snmp\[[0-9]+\]: Connection from .*
 ### ignore.d.server/uw-imap.changes
 i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
-i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|NON-IPv4|UNKNOWN)
 i(map|pop3)d\[[0-9]+\]: Moved [0-9]+ bytes of new mail to [^[:space:]]+ from [^[:space:]]+ host= (([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
 imapd\[[0-9]+\]: (port 143|imap|imaps SSL) service init from
 imapd\[[0-9]+\]: No route to host, while reading line user=.* host=(([^[:space:]]+ )?\[[\.0-9]+\]|UNKNOWN)
diff --git a/logcheck/violations.ignore.d/amavis b/logcheck/violations.ignore.d/amavis
index fb4661c..f2a2a0c 100644
--- a/logcheck/violations.ignore.d/amavis
+++ b/logcheck/violations.ignore.d/amavis
@@ -1 +1,5 @@
-amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[,_A-Z0-9]+ <[^[:space:]]*>
+amavis\[[0-9]+\]: cached [a-f0-9]+ from <[^[:space:]]*>
+amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+
+amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)?
+amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+
+amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^[:space:]]*>
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index d354356..ad20e7b 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -1,5 +1,9 @@
 ### violations.ignore.d/amavis
-amavis\[[0-9]+\]: spam_scan: Yes, hits=[\.0-9]+ tests=[,_A-Z0-9]+ <[^[:space:]]*>
+amavis\[[0-9]+\]: cached [a-f0-9]+ from <[^[:space:]]*>
+amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+
+amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)?
+amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+
+amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^[:space:]]*>
 ### violations.ignore.d/bind
 named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out
 named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied
@@ -29,16 +33,18 @@ netsaint: HOST ALERT:.*;UP;SOFT;.*;PING OK.*
 pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request
 ### violations.ignore.d/postfix
 postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)
-postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]]+@Debug>
+postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]]+>
 postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied
+postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)
 postfix/smtp\[[0-9]+\]: .* status=bounced \(Name service error for .*: Host not found\)
 postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: "[^[:space:]]+"\)
-postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: [^[:space:]]+)\)
-postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 552 header content rejected: see .*\)
-postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 554 <[^[:space:]]+>:( Recipient address rejected:)? Relay access denied\)
-postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Recipient address rejected: Recipient mailbox is full\)
-postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\)
-postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 451 Transaction failed.\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+\[[\.0-9]+\] said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: [^[:space:]]+|Recipient address rejected: This user does not have an account here \(MTA:imta15\))\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+\[[\.0-9]+\] said: 552 header content rejected: see .*\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+\[[\.0-9]+\] said: 554 <[^[:space:]]+>:( Recipient address rejected:)? Relay access denied\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+\[[\.0-9]+\] said: 571 <>... denied\)
+postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+\[[\.0-9]+\] said: 450 <[^[:space:]]+>: Recipient address rejected: Recipient mailbox is full\)
+postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+\[[\.0-9]+\] said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\)
+postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+\[[\.0-9]+\] said: 451 Transaction failed.\)
 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^[:space:]]+\)
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 550 <[^[:space:]]+>: User unknown; from=<[^[:space:]]+> to=<[^[:space:]]+>
@@ -74,3 +80,4 @@ postfix/smtpd\[[0-9]+\]: reject: .*: 550 <.*>: User unknown; .*
 postfix/smtpd\[[0-9]+\]: reject: .*: 554 <.*>: Recipient address rejected: User unknown; .*
 postfix.*\[[0-9]+\]: .* from=<(groove@mailomat.grooveattack.com|refused@maila.com)>
 snort: spp_http_decode: IIS Unicode attack detected:
+postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix
index c5896f3..de7919a 100644
--- a/logcheck/violations.ignore.d/postfix
+++ b/logcheck/violations.ignore.d/postfix
@@ -1,14 +1,16 @@
 postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service)\)
-postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]]+@Debug>
+postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<[^[:space:]]+>
 postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied
+postfix/nqmgr\[[0-9]+\]: [A-Z0-9]+: from=<[^[:space:]]+>, size=[0-9]+, nrcpt=[0-9]+ \(queue active\)
 postfix/smtp\[[0-9]+\]: .* status=bounced \(Name service error for .*: Host not found\)
 postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: "[^[:space:]]+"\)
-postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: [^[:space:]]+)\)
-postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 552 header content rejected: see .*\)
-postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 554 <[^[:space:]]+>:( Recipient address rejected:)? Relay access denied\)
-postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Recipient address rejected: Recipient mailbox is full\)
-postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\)
-postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 451 Transaction failed.\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+\[[\.0-9]+\] said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: [^[:space:]]+|Recipient address rejected: This user does not have an account here \(MTA:imta15\))\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+\[[\.0-9]+\] said: 552 header content rejected: see .*\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+\[[\.0-9]+\] said: 554 <[^[:space:]]+>:( Recipient address rejected:)? Relay access denied\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(host [^[:space:]]+\[[\.0-9]+\] said: 571 <>... denied\)
+postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+\[[\.0-9]+\] said: 450 <[^[:space:]]+>: Recipient address rejected: Recipient mailbox is full\)
+postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+\[[\.0-9]+\] said: 450 <[^[:space:]]+>: Sender address rejected: Domain not found\)
+postfix/smtp\[[0-9]+\]: .* status=deferred \(host [^[:space:]]+\[[\.0-9]+\] said: 451 Transaction failed.\)
 postfix/smtp\[[0-9]+\]: [A-Z0-9]+: to=<[^[:space:]]+>, relay=127\.0\.0\.1\[127\.0\.0\.1\], delay=[0-9]+, status=bounced \(host 127\.0\.0\.1\[127\.0\.0\.1\] said: 550 Message content rejected, id=[^[:space:]]+\)
 postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: (Connection refused|server refused mail service) \(port 25\)
 postfix/smtpd\[[0-9]+\]: reject: RCPT from [^[:space:]]+\[[\.0-9]+\]: 550 <[^[:space:]]+>: User unknown; from=<[^[:space:]]+> to=<[^[:space:]]+>
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp
index 63adb98..e21b4fc 100644
--- a/logcheck/violations.ignore.d/temp
+++ b/logcheck/violations.ignore.d/temp
@@ -20,3 +20,4 @@ postfix/smtpd\[[0-9]+\]: reject: .*: 550 <.*>: User unknown; .*
 postfix/smtpd\[[0-9]+\]: reject: .*: 554 <.*>: Recipient address rejected: User unknown; .*
 postfix.*\[[0-9]+\]: .* from=<(groove@mailomat.grooveattack.com|refused@maila.com)>
 snort: spp_http_decode: IIS Unicode attack detected:
+postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*