32 files changed, 225 insertions, 225 deletions

diff --git a/logcheck/ignore.d.server/amanda b/logcheck/ignore.d.server/amanda
index c5dbb69..7a6ab62 100644
--- a/logcheck/ignore.d.server/amanda
+++ b/logcheck/ignore.d.server/amanda
@@ -1 +1 @@
-amandad\[.*\]: connect from .*
+amandad\[[0-9]+\]: connect from
diff --git a/logcheck/ignore.d.server/anacron b/logcheck/ignore.d.server/anacron
index 82bcc64..21a4347 100644
--- a/logcheck/ignore.d.server/anacron
+++ b/logcheck/ignore.d.server/anacron
@@ -1,7 +1,7 @@
-anacron\[.*\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?
-anacron\[.*\]: Normal exit \([[:digit:]]+ jobs run\)
-anacron\[.*\]: Anacron 2.3 started on [[:digit:]-]+
-anacron\[.*\]: Will run job `cron.(daily|weekly|monthly)' in (5|10|15) min\.
-anacron\[.*\]: Jobs will be executed sequentially
-anacron\[.*\]: Job `cron.(daily|weekly|monthly)' started
-anacron\[.*\]: Updated timestamp for job `cron.(daily|weekly|monthly)' to [[:digit:]-]+
+anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' terminated( \(exit status: 1\))?( \(mailing output\))?
+anacron\[[0-9]+\]: Normal exit
+anacron\[[0-9]+\]: Anacron 2.3 started on [[:digit:]-]+
+anacron\[[0-9]+\]: Will run job `cron.(daily|weekly|monthly)' in (5|10|15) min\.
+anacron\[[0-9]+\]: Jobs will be executed sequentially
+anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' started
+anacron\[[0-9]+\]: Updated timestamp for job `cron.(daily|weekly|monthly)' to [[:digit:]-]+
diff --git a/logcheck/ignore.d.server/bind b/logcheck/ignore.d.server/bind
index 98a2e9a..b2cda22 100644
--- a/logcheck/ignore.d.server/bind
+++ b/logcheck/ignore.d.server/bind
@@ -1,12 +1,12 @@
-named\[.*\]: .*: query\(.*\) NS points to CNAME \(.*\)
-named\[.*\]: NSTATS [[:digit:]]+ [[:digit:]]+
-named\[.*\]: .* All possible .* lame
-named\[.*\]: sysquery: query\(.*\) No possible A RRs
-named\[.*\]: zone .*: refresh: failure trying master .*: timed out
-named\[.*\]: client .*: transfer of '.*': AXFR started
-named\[.*\]: client [\.[:digit:]]+#[[:digit:]]+: update forwarding denied
-named\[.*\]: zone .*/IN: transfered serial [0-9]+
-named\[.*\]: transfer of '.*/IN' from .*: end of transfer
-named\[.*\]: zone .*/IN: sending notifies \(serial [0-9]+\)
-named\[.*\]: rcvd NOTIFY\(.*, IN, SOA\) from \[.*\]\.[[:digit:]]+
-named\[.*\]: late CNAME in answer section for .*
+named\[[0-9]+\]: .*: query\(.*\) NS points to CNAME \(.*\)
+named\[[0-9]+\]: NSTATS [[:digit:]]+ [[:digit:]]+
+named\[[0-9]+\]: .* All possible .* lame
+named\[[0-9]+\]: sysquery: query\(.*\) No possible A RRs
+named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out
+named\[[0-9]+\]: client .*: transfer of '.*': AXFR started
+named\[[0-9]+\]: client [\.[:digit:]]+#[[:digit:]]+: update forwarding denied
+named\[[0-9]+\]: zone .*/IN: transfered serial [0-9]+
+named\[[0-9]+\]: transfer of '.*/IN' from .*: end of transfer
+named\[[0-9]+\]: zone .*/IN: sending notifies \(serial [0-9]+\)
+named\[[0-9]+\]: rcvd NOTIFY\(.*, IN, SOA\) from \[.*\]\.[[:digit:]]+
+named\[[0-9]+\]: late CNAME in answer section for .*
diff --git a/logcheck/ignore.d.server/gdm b/logcheck/ignore.d.server/gdm
index fd726c6..af52a72 100644
--- a/logcheck/ignore.d.server/gdm
+++ b/logcheck/ignore.d.server/gdm
@@ -1,4 +1 @@
-gdm\[.*\]: run_pictures: .*/.gnome/gdm .*\.
-gdm\[.*\]: Pingning af.* mislykkedes, deaktiver terminal!
-gdm\[.*\]: gdm_slave_xioerror_handler: Fatal X-fejl - genstarter.*
-
+gdm\[[0-9]+\]: run_pictures: .*/.gnome/gdm .*\.
diff --git a/logcheck/ignore.d.server/gdm.da_DK b/logcheck/ignore.d.server/gdm.da_DK
new file mode 100644
index 0000000..dcde91e
--- /dev/null
+++ b/logcheck/ignore.d.server/gdm.da_DK
@@ -0,0 +1,3 @@
+gdm\[[0-9]+\]: Pingning af.* mislykkedes, deaktiver terminal!
+gdm\[[0-9]+\]: gdm_slave_xioerror_handler: Fatal X-fejl - genstarter.*
+
diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
index a16257f..7dfdfa2 100644
--- a/logcheck/ignore.d.server/local
+++ b/logcheck/ignore.d.server/local
@@ -5,37 +5,37 @@ dhcpd.*: Reclaiming( REQUESTed) abandoned IP address [\.[:digit:]]+
 dhcpd.*: already acking lease
 dhcpd.*: send_packet: Connection refused
 dhcpd.*: fallback_discard: Connection refused
-Fax(Getty|Send)\[.*\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING| ANSWERING| RECEIVING| MODEMWAIT)+
-Fax(Getty|Send)\[.*\]: MODEM (ROCKWELL|ZYXEL) .*
-FaxGetty\[.*\]: RECV FAX \([[:digit:]]+\): from .*, page .* in [[:digit:]]+:[[:digit:]]+, INF, .* line/mm, (1|2)-D MR(, [[:digit:]]+ bit/s)?
-FaxGetty\[.*\]: RECV FAX \([[:digit:]]+\): recvq/fax[[:digit:]]+\.tif from .*, route to .*, [[:digit:]]+ pages in [[:digit:]]+:[[:digit:]]+
-FaxGetty\[.*\]: RECV FAX: bin/faxrcvd "recvq/fax[[:digit:]]+\.tif" "ttyS[012]" "[[:digit:]]+" ""
-FaxGetty\[.*\]: ANSWER: Ring detected without successful handshake
-FaxGetty\[.*\]: ANSWER: FAX CONNECTION
-FaxQueuer\[.*\]: SUBMIT JOB [[:digit:]]+
-FaxSend\[.*\]: SEND FAX: JOB [[:digit:]]+ DEST [[:digit:]]+ COMMID [[:digit:]]+
-gnu-imap4d\[.*\]: Incoming connection opened
-gnu-imap4d\[.*\]: connect from [\.[:digit:]]+
-gnu-imap4d\[.*\]: User '[[:alnum:]]+' logged in
-gnu-imap4d\[.*\]: Session timed out for user: [[:alnum:]]+
-gnu-imap4d\[.*\]: got signal Alarm clock
-HylaFAX\[.*\]: Filesystem has SysV-style file creation semantics.
-ircd\[.*\]: ircd exiting: autodie
-ircd\[.*\]: Server Ready
-(ircd\[.*\]: )?binding stream socket [\.[:alnum:]]+\[\*\.666[789]\]: Address already in use
-IMP\[.*\]: Login .* to .*:143 as .*
+Fax(Getty|Send)\[[0-9]+\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING| ANSWERING| RECEIVING| MODEMWAIT)+
+Fax(Getty|Send)\[[0-9]+\]: MODEM (ROCKWELL|ZYXEL) .*
+FaxGetty\[[0-9]+\]: RECV FAX \([[:digit:]]+\): from .*, page .* in [[:digit:]]+:[[:digit:]]+, INF, .* line/mm, (1|2)-D MR(, [[:digit:]]+ bit/s)?
+FaxGetty\[[0-9]+\]: RECV FAX \([[:digit:]]+\): recvq/fax[[:digit:]]+\.tif from .*, route to .*, [[:digit:]]+ pages in [[:digit:]]+:[[:digit:]]+
+FaxGetty\[[0-9]+\]: RECV FAX: bin/faxrcvd "recvq/fax[[:digit:]]+\.tif" "ttyS[012]" "[[:digit:]]+" ""
+FaxGetty\[[0-9]+\]: ANSWER: Ring detected without successful handshake
+FaxGetty\[[0-9]+\]: ANSWER: FAX CONNECTION
+FaxQueuer\[[0-9]+\]: SUBMIT JOB [[:digit:]]+
+FaxSend\[[0-9]+\]: SEND FAX: JOB [[:digit:]]+ DEST [[:digit:]]+ COMMID [[:digit:]]+
+gnu-imap4d\[[0-9]+\]: Incoming connection opened
+gnu-imap4d\[[0-9]+\]: connect from [\.[:digit:]]+
+gnu-imap4d\[[0-9]+\]: User '[[:alnum:]]+' logged in
+gnu-imap4d\[[0-9]+\]: Session timed out for user: [[:alnum:]]+
+gnu-imap4d\[[0-9]+\]: got signal Alarm clock
+HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.
+ircd\[[0-9]+\]: ircd exiting: autodie
+ircd\[[0-9]+\]: Server Ready
+(ircd\[[0-9]+\]: )?binding stream socket [\.[:alnum:]]+\[\*\.666[789]\]: Address already in use
+IMP\[[0-9]+\]: Login .* to .*:143 as .*
 kernel: isdn_net: call from [,[:digit:]]+ -> [[:digit:]]+
 kernel: isdn_net: Service-Indicator not [[:digit:]], ignored
 kernel: Packet log: input DENY eth[[:digit:]]+ PROTO=17 .*:(137|138) .*:(137|138) L=[[:digit:]]+ S=0x00 I=[[:digit:]]+ F=0x0000 T=[[:digit:]]+ \(#[[:digit:]]+\)
-ntpd\[.*\]: kern_enable is 1
-ntpd\[.*\]: kernel time discipline status 0040
-ntpd\[.*\]: ntpd 4\.[01]\..* \([12]\)
-ntpd\[.*\]: precision = [[:digit:]]+ usec
-ntpd\[.*\]: signal_no_reset: signal 13 had flags [[:digit:]]+
-ntpd\[.*\]: using kernel phase-lock loop [[:digit:]]+
-pam_limits\[.*\]: default limits skipped for 'root'
-pop-before-smtp\[.*\]: (opening|closing) relay for [\.[:digit:]]+( --- not in mynetworks)?
-su\[.*\]: \+ pts/[[:digit:]]+ .*-root
+ntpd\[[0-9]+\]: kern_enable is 1
+ntpd\[[0-9]+\]: kernel time discipline status 0040
+ntpd\[[0-9]+\]: ntpd 4\.[01]\..* \([12]\)
+ntpd\[[0-9]+\]: precision = [[:digit:]]+ usec
+ntpd\[[0-9]+\]: signal_no_reset: signal 13 had flags [[:digit:]]+
+ntpd\[[0-9]+\]: using kernel phase-lock loop [[:digit:]]+
+pam_limits\[[0-9]+\]: default limits skipped for 'root'
+pop-before-smtp\[[0-9]+\]: (opening|closing) relay for [\.[:digit:]]+( --- not in mynetworks)?
+su\[[0-9]+\]: \+ pts/[[:digit:]]+ .*-root
 printer: peripheral low-power state
 printer: paper out
 printer: error cleared
diff --git a/logcheck/ignore.d.server/murasaki b/logcheck/ignore.d.server/murasaki
index f401479..6d99073 100644
--- a/logcheck/ignore.d.server/murasaki
+++ b/logcheck/ignore.d.server/murasaki
@@ -1,7 +1,7 @@
-murasaki\.usb\[.*\]: found depended module="[[:alnum:]]+"
-murasaki\.(usb|net)\[.*\]: try expanding "\[net\]"
-murasaki\.(usb|net)\[.*\]: dependent\(net\) is found
-murasaki\.(usb|net)\[.*\]: net device is (added|removed|(un)?register(e)?d)
-murasaki\.(usb|net)\[.*\]: Execuing "net" "(stop|start)"
-murasaki\.(usb|net)\[.*\]: execute if(up|down) (eth|(i)?ppp|irda)[[:digit:]]
-murasaki\.usb\[.*\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[:alnum:]]+ product:[[:alnum:]]+ Dclass:[[:alnum:]]+ Dsubclass:[[:alnum:]]+ Dprotocol:[[:alnum:]]+ Iclass:[[:alnum:]]+ Isubclass:[[:alnum:]]+ Iprotocol:[[:alnum:]]+
+murasaki\.usb\[[0-9]+\]: found depended module="[[:alnum:]]+"
+murasaki\.(usb|net)\[[0-9]+\]: try expanding "\[net\]"
+murasaki\.(usb|net)\[[0-9]+\]: dependent\(net\) is found
+murasaki\.(usb|net)\[[0-9]+\]: net device is (added|removed|(un)?register(e)?d)
+murasaki\.(usb|net)\[[0-9]+\]: Execuing "net" "(stop|start)"
+murasaki\.(usb|net)\[[0-9]+\]: execute if(up|down) (eth|(i)?ppp|irda)[[:digit:]]
+murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[:alnum:]]+ product:[[:alnum:]]+ Dclass:[[:alnum:]]+ Dsubclass:[[:alnum:]]+ Dprotocol:[[:alnum:]]+ Iclass:[[:alnum:]]+ Isubclass:[[:alnum:]]+ Iprotocol:[[:alnum:]]+
diff --git a/logcheck/ignore.d.server/netatalk b/logcheck/ignore.d.server/netatalk
index 45da925..2292bc6 100644
--- a/logcheck/ignore.d.server/netatalk
+++ b/logcheck/ignore.d.server/netatalk
@@ -1,4 +1,4 @@
-afpd\[[0-9]*\]: removed .*/net[\.0-9]*node[0-9]*
-afpd\[[0-9]*\]: CNID DB initialized using Sleepycat Software: Berkeley DB
-atalkd\[[0-9]*\]: .*: zip gnireply from [\.0-9]* \(.*\)
-atalkd\[[0-9]*\]: .*: zip ignoring gnireply
+afpd\[[0-9]+\]: removed .*/net[\.0-9]*node[0-9]*
+afpd\[[0-9]+\]: CNID DB initialized using Sleepycat Software: Berkeley DB
+atalkd\[[0-9]+\]: .*: zip gnireply from [\.0-9]* \(.*\)
+atalkd\[[0-9]+\]: .*: zip ignoring gnireply
diff --git a/logcheck/ignore.d.server/postfix b/logcheck/ignore.d.server/postfix
index daecc6d..a2598c8 100644
--- a/logcheck/ignore.d.server/postfix
+++ b/logcheck/ignore.d.server/postfix
@@ -1,18 +1,18 @@
 postfix.* table has changed -- exiting
-postfix/cleanup\[.*\]: warning: premature end-of-input from cleanup socket while reading input attribute name
-postfix/local\[.*\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied
-postfix/qmgr\[.*\]: [A-Z0-9]+: skipped, still being delivered
-postfix/smtp\[.*\]: .* status=deferred \(connect to .*: (Connection refused|server refused mail service)\)
-postfix/smtp\[.*\]: connect to .*: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)
-postfix/smtp\[.*\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [\.[:alnum:]-]+\[[\.[:digit:]]+\]
-postfix/smtp\[.*\]: warning: numeric domain name in resource data of MX record for .*: [\.[:digit:]]+
-postfix/smtp\[.*\]: warning: no MX host for [\.[:alnum:]-]+ has a valid A record
-postfix/smtp\[.*\]: warning: host [\.[:alnum:]-]+\[[\.[:digit:]]+\] (greeted me|replied to HELO/EHLO) with my own hostname [\.[:alnum:]-]+
-postfix/smtpd\[.*\]: (lost connection|timeout) after [^ ]+ from [\.[:alnum:]-]+\[[\.[:digit:]]+\]
-postfix/smtpd\[.*\]: warning: .*: address not listed for hostname .*
-postfix/smtpd\[.*\]: warning: .*: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found)
-postfix/smtpd\[.*\]: warning: .* sent (message header|mail content) instead of SMTP command:
+postfix/cleanup\[[0-9]+\]: warning: premature end-of-input from cleanup socket while reading input attribute name
+postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied
+postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: skipped, still being delivered
+postfix/smtp\[[0-9]+\]: .* status=deferred \(connect to .*: (Connection refused|server refused mail service)\)
+postfix/smtp\[[0-9]+\]: connect to .*: (Connection (refused|reset by peer|timed out)|read timeout|server (refused mail service|dropped connection)|No route to host) \(port 25\)
+postfix/smtp\[[0-9]+\]: [A-Z0-9]+: enabling PIX <CRLF>\.<CRLF> workaround for [\.[:alnum:]-]+\[[\.[:digit:]]+\]
+postfix/smtp\[[0-9]+\]: warning: numeric domain name in resource data of MX record for .*: [\.[:digit:]]+
+postfix/smtp\[[0-9]+\]: warning: no MX host for [\.[:alnum:]-]+ has a valid A record
+postfix/smtp\[[0-9]+\]: warning: host [\.[:alnum:]-]+\[[\.[:digit:]]+\] (greeted me|replied to HELO/EHLO) with my own hostname [\.[:alnum:]-]+
+postfix/smtpd\[[0-9]+\]: (lost connection|timeout) after [^ ]+ from [\.[:alnum:]-]+\[[\.[:digit:]]+\]
+postfix/smtpd\[[0-9]+\]: warning: .*: address not listed for hostname .*
+postfix/smtpd\[[0-9]+\]: warning: .*: hostname [\.[:alnum:]-]+ verification failed: Host (name has no address|not found)
+postfix/smtpd\[[0-9]+\]: warning: .* sent (message header|mail content) instead of SMTP command:
 postfix/postfix-script: refreshing the Postfix mail system
-postfix/master\[.*\]: reload configuration
-postfix/smtp\[.*\]: warning: mailer loop: best MX host for .* is local
-postfix/smtp\[.*\]: warning: bad size limit "truncates" in EHLO reply from .*
+postfix/master\[[0-9]+\]: reload configuration
+postfix/smtp\[[0-9]+\]: warning: mailer loop: best MX host for .* is local
+postfix/smtp\[[0-9]+\]: warning: bad size limit "truncates" in EHLO reply from .*
diff --git a/logcheck/ignore.d.server/postgresql b/logcheck/ignore.d.server/postgresql
index 5af6244..29d90d2 100644
--- a/logcheck/ignore.d.server/postgresql
+++ b/logcheck/ignore.d.server/postgresql
@@ -1,2 +1,2 @@
-postgres\[.*\]: \[[0-9-]*\] \^ICPU .* sec elapsed .* sec\.
-postgres\[.*\]: \[[0-9-]*\] \^ITotal CPU .* sec elapsed .* sec\.
+postgres\[[0-9]+\]: \[[0-9-]+\] \^ICPU .* sec elapsed .* sec\.
+postgres\[[0-9]+\]: \[[0-9-]+\] \^ITotal CPU .* sec elapsed .* sec\.
diff --git a/logcheck/ignore.d.server/ppp b/logcheck/ignore.d.server/ppp
index 595b755..4c240a7 100644
--- a/logcheck/ignore.d.server/ppp
+++ b/logcheck/ignore.d.server/ppp
@@ -1,9 +1,9 @@
-chat\[.*\]: abort on \(.*\)
-chat\[.*\]: expect \(.*\)
-chat\[.*\]: send \(AT.*\^M\)
-chat\[.*\]:  -- got it
-chat\[.*\]: AT.*\^M\^M
-chat\[.*\]: \^M
-chat\[.*\]: CONNECT
-chat\[.*\]: OK
-chat\[.*\]: send \(\\d\)
+chat\[[0-9]+\]: abort on \(.*\)
+chat\[[0-9]+\]: expect \(.*\)
+chat\[[0-9]+\]: send \(AT.*\^M\)
+chat\[[0-9]+\]:  -- got it
+chat\[[0-9]+\]: AT.*\^M\^M
+chat\[[0-9]+\]: \^M
+chat\[[0-9]+\]: CONNECT
+chat\[[0-9]+\]: OK
+chat\[[0-9]+\]: send \(\\d\)
diff --git a/logcheck/ignore.d.server/proftpd b/logcheck/ignore.d.server/proftpd
index b1e1f0c..538a0d6 100644
--- a/logcheck/ignore.d.server/proftpd
+++ b/logcheck/ignore.d.server/proftpd
@@ -1,7 +1,7 @@
-proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - FTP session opened\.
-proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)? \(Login failed\): Can't find user\.
-proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)?: no such user found from .*\[[\.[:digit:]]+\] to [\.[:digit:]]+
-proftpd\[.*\]: .* \(.*\[[\.[:digit:]]+\]\) - no such user '(anonymous|ftp)(@[\.[:alnum:]]+)?'
-proftpd\[.*\]: connect from [\.[:digit:]]+
-proftpd\[.*\]: No certificate files found!
-proftpd\[.*\]:.* (.*\[.*\]) - Refused PORT.* (address mismatch)\.
+proftpd\[[0-9]+\]: .* \(.*\[[\.[:digit:]]+\]\) - FTP session opened\.
+proftpd\[[0-9]+\]: .* \(.*\[[\.[:digit:]]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)? \(Login failed\): Can't find user\.
+proftpd\[[0-9]+\]: .* \(.*\[[\.[:digit:]]+\]\) - USER (anonymous|ftp)(@[\.[:alnum:]]+)?: no such user found from .*\[[\.[:digit:]]+\] to [\.[:digit:]]+
+proftpd\[[0-9]+\]: .* \(.*\[[\.[:digit:]]+\]\) - no such user '(anonymous|ftp)(@[\.[:alnum:]]+)?'
+proftpd\[[0-9]+\]: connect from [\.[:digit:]]+
+proftpd\[[0-9]+\]: No certificate files found!
+proftpd\[[0-9]+\]:.* (.*\[.*\]) - Refused PORT.* (address mismatch)\.
diff --git a/logcheck/ignore.d.server/samba b/logcheck/ignore.d.server/samba
index 6cd281d..f46a3fe 100644
--- a/logcheck/ignore.d.server/samba
+++ b/logcheck/ignore.d.server/samba
@@ -1,2 +1,2 @@
-smbd\[.*\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)
-smbd\[.*\]: \[.*\] lib/util_sock.c:read(_socket)?_data\([[:digit:]]+\)
+smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)
+smbd\[[0-9]+\]: \[.*\] lib/util_sock.c:read(_socket)?_data\([[:digit:]]+\)
diff --git a/logcheck/ignore.d.server/squid b/logcheck/ignore.d.server/squid
index 53c9b1e..a778073 100644
--- a/logcheck/ignore.d.server/squid
+++ b/logcheck/ignore.d.server/squid
@@ -1,8 +1,8 @@
-squid\[.*\]:   Finished.  Wrote [[:digit:]]+ entries\.
-squid\[.*\]:   Took [\.[:digit:]]+ seconds \(.* entries/sec\)\.
-squid\[.*\]: (access|store)LogRotate: Rotating(\.)?
-squid\[.*\]: logfileRotate: /var/log/squid/(access|store).log
-squid\[.*\]: (Closing Pinger socket|Pinger socket opened) on FD [[:digit:]]+
-squid\[.*\]: NETDB state saved;
-squid\[.*\]: storeDirWriteCleanLogs: Starting\.\.\.
-squid\[.*\]: helperOpenServers: Starting [[:digit:]]+ '.*' processes
+squid\[[0-9]+\]:   Finished.  Wrote [[:digit:]]+ entries\.
+squid\[[0-9]+\]:   Took [\.[:digit:]]+ seconds \(.* entries/sec\)\.
+squid\[[0-9]+\]: (access|store)LogRotate: Rotating(\.)?
+squid\[[0-9]+\]: logfileRotate: /var/log/squid/(access|store).log
+squid\[[0-9]+\]: (Closing Pinger socket|Pinger socket opened) on FD [[:digit:]]+
+squid\[[0-9]+\]: NETDB state saved;
+squid\[[0-9]+\]: storeDirWriteCleanLogs: Starting\.\.\.
+squid\[[0-9]+\]: helperOpenServers: Starting [[:digit:]]+ '.*' processes
diff --git a/logcheck/ignore.d.server/ssh b/logcheck/ignore.d.server/ssh
index 3ff907f..fb0a3a8 100644
--- a/logcheck/ignore.d.server/ssh
+++ b/logcheck/ignore.d.server/ssh
@@ -1,11 +1,11 @@
-sshd\[.*\]: syslogin_perform_logout: logout\(\) returned an error
-sshd\[.*\]: Could not reverse map address .*\.
-sshd\[.*\]: Connection closed by .*
-sshd\[.*\]: Did not receive ident(ification)? string from [\.[:digit:]]+
-sshd\[.*\]: scanned from [\.[:digit:]]+ with SSH-1\.0-SSH_Version_Mapper\.  Don't panic\.
-sshd\[.*\]: Disconnecting: Your ssh version is too old and is no longer supported\.  Please install a newer version\.
-sshd\[.*\]: Accepted (keyboard-interactive|publickey) for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2
-sshd\[.*\]: warning: /etc/hosts.deny, line 15: can't verify hostname: gethostbyname(.*) failed
-sshd\[.*\]: refused connect from .*
-sshd\[.*\]: Received disconnect from [\.[:digit:]]+: 11: Disconnect requested by Windows SSH Client.
-sshd\[.*\]: subsystem request for sftp
+sshd\[[0-9]+\]: syslogin_perform_logout: logout\(\) returned an error
+sshd\[[0-9]+\]: Could not reverse map address .*\.
+sshd\[[0-9]+\]: Connection closed by .*
+sshd\[[0-9]+\]: Did not receive ident(ification)? string from [\.[:digit:]]+
+sshd\[[0-9]+\]: scanned from [\.[:digit:]]+ with SSH-1\.0-SSH_Version_Mapper\.  Don't panic\.
+sshd\[[0-9]+\]: Disconnecting: Your ssh version is too old and is no longer supported\.  Please install a newer version\.
+sshd\[[0-9]+\]: Accepted (keyboard-interactive|publickey) for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2
+sshd\[[0-9]+\]: warning: /etc/hosts.deny, line 15: can't verify hostname: gethostbyname(.*) failed
+sshd\[[0-9]+\]: refused connect from .*
+sshd\[[0-9]+\]: Received disconnect from [\.[:digit:]]+: 11: Disconnect requested by Windows SSH Client.
+sshd\[[0-9]+\]: subsystem request for sftp
diff --git a/logcheck/ignore.d.server/ssmtp b/logcheck/ignore.d.server/ssmtp
index 36b5b7c..462187c 100644
--- a/logcheck/ignore.d.server/ssmtp
+++ b/logcheck/ignore.d.server/ssmtp
@@ -1 +1 @@
-sSMTP mail\[.*\]: .* sent mail for root
+sSMTP mail\[[0-9]+\]: .* sent mail for root
diff --git a/logcheck/ignore.d.server/tftpd b/logcheck/ignore.d.server/tftpd
index f197a11..8711e09 100644
--- a/logcheck/ignore.d.server/tftpd
+++ b/logcheck/ignore.d.server/tftpd
@@ -1,2 +1,2 @@
-in.tftpd\[.*\]: RRQ from.*filename.*
-in.tftpd\[.*\]: tftp: client does not accept options 
+in.tftpd\[[0-9]+\]: RRQ from.*filename.*
+in.tftpd\[[0-9]+\]: tftp: client does not accept options 
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index 1593f31..c7e66a7 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -1,38 +1,38 @@
-IMP\[.*\]: FAILED .* to .*:143 as .*
-PAM_unix\[.*\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
-afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*)
-afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
-afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory
-afpd\[.*\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
-afpd\[.*\]: bad function 7A
-atalkd\[.*\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
-FaxGetty\[.*\]: ANSWER: Can not lock modem device
-gnome-name-server\[.*\]: server_is_alive: .*
-i(map|pop3)d\[.*\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
-ipppd\[.*\]: Connect\[0\]: /dev/ippp[[:digit:]], fd: 12
+IMP\[[0-9]+\]: FAILED .* to .*:143 as .*
+PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
+afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM (Auth OK!|Success -- .*|User entered a null value -- .*)
+afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
+afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM: User entered a null value -- No such file or directory
+afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
+afpd\[[0-9]+\]: bad function 7A
+atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
+FaxGetty\[[0-9]+\]: ANSWER: Can not lock modem device
+gnome-name-server\[[0-9]+\]: server_is_alive: .*
+i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
+ipppd\[[0-9]+\]: Connect\[0\]: /dev/ippp[[:digit:]], fd: 12
 kernel: Disorder[[:digit:]] [[:digit:]] [[:digit:]] f[[:digit:]] s[[:digit:]] rr[[:digit:]]
 kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
 kernel: OPEN: [\.[:digit:]]* -> [\.[:digit:]]* UDP, port: [[:digit:]]* -> [[:digit:]]*
 kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
 kernel: lp[[:digit:]]: compatibility mode
 kernel: Undo( partial)? (Hoe|loss|retrans)
-ntpd\[.*\]: synchronisation lost
-ntpd\[.*\]: synchronisation lost
-ntpd\[.*\]: time reset [\.[:digit:]-]* .
-ntpd\[.*\]: time reset [\.[:digit:]-]+ s
-portsentry\[.*\]: attackalert: .*
-pumpd\[.*\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
-smbd\[.*\]:   read_socket_data: recv failure for 4. Error = No route to host
-smbd\[.*\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
-smbd\[.*\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.
-smbd\[.*\]: \[.*\] smbd/connection.c:yield_connection\([[:digit:]]+\)
-smbd\[.*\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([[:digit:]]+\)
-sshd\[.*]: Failed password for .*
-sshd\[.*\]: packet_set_maxsize: setting to 4096
+ntpd\[[0-9]+\]: synchronisation lost
+ntpd\[[0-9]+\]: synchronisation lost
+ntpd\[[0-9]+\]: time reset [\.[:digit:]-]* .
+ntpd\[[0-9]+\]: time reset [\.[:digit:]-]+ s
+portsentry\[[0-9]+\]: attackalert: .*
+pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
+smbd\[[0-9]+\]:   read_socket_data: recv failure for 4. Error = No route to host
+smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
+smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.
+smbd\[[0-9]+\]: \[.*\] smbd/connection.c:yield_connection\([[:digit:]]+\)
+smbd\[[0-9]+\]: \[.*\] passdb/pampass.c:smb_pam_passcheck\([[:digit:]]+\)
+sshd\[[0-9]+\]: Failed password for .*
+sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096
 dhcpd-2.2.x: BOOTREQUEST from (00:20:6b:18:20:35|08:00:86:11:2b:71)
 dhcpd-2.2.x: No applicable record for BOOTP host (00:20:6b:18:20:35|08:00:86:11:2b:71)
-postfix.*\[.*\]: .* from=<groove@mailomat.grooveattack.com>
-postfix/smtpd\[.*\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.[:digit:]]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
+postfix.*\[[0-9]+\]: .* from=<groove@mailomat.grooveattack.com>
+postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.[:digit:]]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
 rpc.mountd: authenticated mount request from .* for .*
 snort: .*FrontPage
 snort: IDS015 - RPC - portmap-request-status:
@@ -54,9 +54,9 @@ snort: spp_portscan: PORTSCAN DETECTED
 snort: spp_portscan: portscan status from
 snort: WEB-../..:
 snort: WEB-CGI-upload.pl:
-postgres\[.*\]: \[.*\] DEBUG:
-postgres\[.*\]: \[[0-9-]*\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
-postgres\[.*\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
+postgres\[[0-9]+\]: \[.*\] DEBUG:
+postgres\[[0-9]+\]: \[[0-9-]*\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
+postgres\[[0-9]+\]: \[[0-9-]*\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
 printer: offline or intervention needed
 #old-style pam entries (no longer provided by logcheck but needed on woody
 PAM_.*: .* session opened for user .*
diff --git a/logcheck/ignore.d.server/ucd-snmp b/logcheck/ignore.d.server/ucd-snmp
index 9d135c2..56f0db5 100644
--- a/logcheck/ignore.d.server/ucd-snmp
+++ b/logcheck/ignore.d.server/ucd-snmp
@@ -1 +1 @@
-ucd-snmp\[.*\]: Connection from .*
+ucd-snmp\[[0-9]+\]: Connection from .*
diff --git a/logcheck/ignore.d.server/uw-imap b/logcheck/ignore.d.server/uw-imap
index 5e2900e..cda8438 100644
--- a/logcheck/ignore.d.server/uw-imap
+++ b/logcheck/ignore.d.server/uw-imap
@@ -1,12 +1,12 @@
-imapd\[.*\]: (port 143|imap|imaps SSL) service init from
-imapd\[.*\]: No route to host, while reading line user=.* host=(.*\[.*\]|UNKNOWN)
-i(map|pop3)d\[.*\]: Killed \(lost mailbox lock\) user=.* host=(.*\[.*\]|UNKNOWN)
-i(map|pop3)d\[.*\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(.*\[.*\]|UNKNOWN)
-i(map|pop3)d\[.*\]: Moved [[:digit:]]+ bytes of new mail to .* from .* host=(.*\[.*\]|UNKNOWN)
-i(map|pop(2|3))d\[.*\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(.*\[.*\]|UNKNOWN)
-ipop[2|3]d\[.*\]: (connect|pop3(s SSL)? service init) from [\.[:digit:]]+
-ipop3d\[.*\]: Trying to get mailbox lock from process [[:digit:]]+
-ipop3d\[.*\]: Error opening or locking INBOX user=.* host=(.*\[.*\]|UNKNOWN)
-ipop3d\[.*\]: Expunge ignored on readonly mailbox
-ipop3d\[.*\]: Mailbox is open by another process, access is readonly
-ipop3d\[.*\]: Moved .* bytes of new mail to .* from .* host=(.*\[.*\]|UNKNOWN)
+imapd\[[0-9]+\]: (port 143|imap|imaps SSL) service init from
+imapd\[[0-9]+\]: No route to host, while reading line user=.* host=(.*\[.*\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Killed \(lost mailbox lock\) user=.* host=(.*\[.*\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: (Login|Auth|Authenticated|Logout|Autologout) user=.* host=(.*\[.*\]|UNKNOWN)
+i(map|pop3)d\[[0-9]+\]: Moved [[:digit:]]+ bytes of new mail to .* from .* host=(.*\[.*\]|UNKNOWN)
+i(map|pop(2|3))d\[[0-9]+\]: (Broken pipe|Command stream end of file|Connection (reset by peer|timed out))(,)? while (reading (authentication|line|literal|char)|writing text) (user=.* )?host=(.*\[.*\]|UNKNOWN)
+ipop[2|3]d\[[0-9]+\]: (connect|pop3(s SSL)? service init) from [\.[:digit:]]+
+ipop3d\[[0-9]+\]: Trying to get mailbox lock from process [[:digit:]]+
+ipop3d\[[0-9]+\]: Error opening or locking INBOX user=.* host=(.*\[.*\]|UNKNOWN)
+ipop3d\[[0-9]+\]: Expunge ignored on readonly mailbox
+ipop3d\[[0-9]+\]: Mailbox is open by another process, access is readonly
+ipop3d\[[0-9]+\]: Moved .* bytes of new mail to .* from .* host=(.*\[.*\]|UNKNOWN)
diff --git a/logcheck/ignore.d.workstation/devfsd b/logcheck/ignore.d.workstation/devfsd
index e6a88db..111f420 100644
--- a/logcheck/ignore.d.workstation/devfsd
+++ b/logcheck/ignore.d.workstation/devfsd
@@ -1,2 +1,2 @@
-devfsd\[.*\]: Caught SIGHUP
-devfsd\[.*\]: read config file: "/etc/devfsd.conf"
+devfsd\[[0-9]+\]: Caught SIGHUP
+devfsd\[[0-9]+\]: read config file: "/etc/devfsd.conf"
diff --git a/logcheck/ignore.d.workstation/gdm b/logcheck/ignore.d.workstation/gdm
index 8e1e44e..f85824e 100644
--- a/logcheck/ignore.d.workstation/gdm
+++ b/logcheck/ignore.d.workstation/gdm
@@ -1,4 +1,4 @@
-gdm\[.*\]: run_pictures: Directory .* does not exist\.
-gdm\[.*\]: run_pictures: Mappen .* eksisterer ikke\.
-gdm\[.*\]: run_pictures: /usr/share/pixmaps er ikke ejet af uid .*\.
-gdm\[.*\]: \(child [0-9]*\) gdm_slave_xioerror_handler: Fatal X-fejl - genstarter [0-9:\.]*
+gdm\[[0-9]+\]: run_pictures: Directory .* does not exist\.
+gdm\[[0-9]+\]: run_pictures: Mappen .* eksisterer ikke\.
+gdm\[[0-9]+\]: run_pictures: /usr/share/pixmaps er ikke ejet af uid .*\.
+gdm\[[0-9]+\]: \(child [0-9]*\) gdm_slave_xioerror_handler: Fatal X-fejl - genstarter [0-9:\.]*
diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local
index 5aed1b0..8814e7d 100644
--- a/logcheck/ignore.d.workstation/local
+++ b/logcheck/ignore.d.workstation/local
@@ -1,6 +1,6 @@
-gnome-name-server\[.*\]: starting
-gnome-name-server\[.*\]: name server starting
-gnome-name-server\[.*\]: server_is_alive: .*
+gnome-name-server\[[0-9]+\]: starting
+gnome-name-server\[[0-9]+\]: name server starting
+gnome-name-server\[[0-9]+\]: server_is_alive: .*
 gconfd \(.*\): starting \(version [\.[:digit:]]+\), pid [[:digit:]]+ user '.*'
 gconfd \(.*\): Resolved address "xml:readonly:.*" to a read-only config source at position [[:digit:]]+
 gconfd \(.*\): Resolved address "xml:readwrite:.*" to a writable config source at position [[:digit:]]+
@@ -12,10 +12,10 @@ gconfd \(.*\): Bestemte adressen "xml:readonly:.*" til en skrivebeskyttet konfig
 gconfd \(.*\): Bestemte adressen "xml:readwrite:.*" til en skrivbar konfigureringskilde ved position [[:digit:]]+
 gconfd \(.*\): GConf-server er ikke i brug, lukker ned\.
 gconfd \(.*\): Afslutter
-named\[.*\]: .*: query\(.*\) NS points to CNAME \(.*\)
-named\[.*\]: NSTATS [[:digit:]]+ [[:digit:]]+
-named\[.*\]: .* All possible .* lame
-named\[.*\]: ns_forw: sendto.*: Network is unreachable
+named\[[0-9]+\]: .*: query\(.*\) NS points to CNAME \(.*\)
+named\[[0-9]+\]: NSTATS [[:digit:]]+ [[:digit:]]+
+named\[[0-9]+\]: .* All possible .* lame
+named\[[0-9]+\]: ns_forw: sendto.*: Network is unreachable
 init: Entering runlevel: 2
 syslogd started: BusyBox v[\.[:digit:]]+ \(.*\)
 rpc.mountd: authenticated mount request from 192\.168\..* for /home/opt/ltsp/i386 \(/home/opt/ltsp/i386\)
diff --git a/logcheck/ignore.d.workstation/ntpdate b/logcheck/ignore.d.workstation/ntpdate
index 76073e0..4681e2a 100644
--- a/logcheck/ignore.d.workstation/ntpdate
+++ b/logcheck/ignore.d.workstation/ntpdate
@@ -1,3 +1,3 @@
-ntpdate\[.*\]: can't find host
-ntpdate\[.*\]: no servers can be used, exiting
-ntpdate\[.*\]: step time server [\.[:digit:]]+ offset [\.[:digit:]]+ sec
+ntpdate\[[0-9]+\]: can't find host
+ntpdate\[[0-9]+\]: no servers can be used, exiting
+ntpdate\[[0-9]+\]: step time server [\.[:digit:]]+ offset [\.[:digit:]]+ sec
diff --git a/logcheck/ignore.d.workstation/pmud b/logcheck/ignore.d.workstation/pmud
index 1a02e08..a671df5 100644
--- a/logcheck/ignore.d.workstation/pmud
+++ b/logcheck/ignore.d.workstation/pmud
@@ -1,5 +1,5 @@
-pmud\[.*\]: running /etc/power/pwrctl (maximum|minimum|sleep|wakeup|lid-(closed|opened)) (ac|battery)
-pmud\[.*\]: lid closed: request sleep
-pmud\[.*\]: going to sleep
-pmud\[.*\]: initiating user requested sleep
-pmud\[.*\]: system awake again
+pmud\[[0-9]+\]: running /etc/power/pwrctl (maximum|minimum|sleep|wakeup|lid-(closed|opened)) (ac|battery)
+pmud\[[0-9]+\]: lid closed: request sleep
+pmud\[[0-9]+\]: going to sleep
+pmud\[[0-9]+\]: initiating user requested sleep
+pmud\[[0-9]+\]: system awake again
diff --git a/logcheck/violations.ignore.d/bind b/logcheck/violations.ignore.d/bind
index 87d98c3..7f1cf75 100644
--- a/logcheck/violations.ignore.d/bind
+++ b/logcheck/violations.ignore.d/bind
@@ -1,2 +1,2 @@
-named\[.*\]: zone .*: refresh: failure trying master .*: timed out
-named\[.*\]: client [\.[:digit:]]+#[:digit:]+: update forwarding denied
+named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out
+named\[[0-9]+\]: client [\.[:digit:]]+#[:digit:]+: update forwarding denied
diff --git a/logcheck/violations.ignore.d/pmud b/logcheck/violations.ignore.d/pmud
index 25d29c3..e32b53e 100644
--- a/logcheck/violations.ignore.d/pmud
+++ b/logcheck/violations.ignore.d/pmud
@@ -1 +1 @@
-pmud\[.*\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request
+pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request
diff --git a/logcheck/violations.ignore.d/postfix b/logcheck/violations.ignore.d/postfix
index 7e13d6d..2a1de74 100644
--- a/logcheck/violations.ignore.d/postfix
+++ b/logcheck/violations.ignore.d/postfix
@@ -1,15 +1,15 @@
-postfix/(qmgr|smtp)\[.*\]: .* status=deferred \(connect to .*: (Connection refused|server refused mail service)\)
-postfix/cleanup\[.*\]: [A-Z0-9]+: message-id=<.*@Debug>
-postfix/local\[.*\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied
-postfix/smtp\[.*\]: .* status=bounced \(bad host/domain syntax: ".*"\)
-postfix/smtp\[.*\]: .* status=bounced \(Name service error for .*: Host not found\)
-postfix/smtp\[.*\]: .* status=bounced \(host .* said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: .*)\)
-postfix/smtp\[.*\]: .* status=bounced \(host .* said: 552 header content rejected: see .*\)
-postfix/smtp\[.*\]: .* status=deferred \(host .* said: 450 <.*>: Sender address rejected: Domain not found\)
-postfix/smtp\[.*\]: .* status=deferred \(host .* said: 450 <.*>: Recipient address rejected: Recipient mailbox is full\)
-postfix/smtp\[.*\]: .* status=deferred \(host .* said: 451 Transaction failed.\)
-postfix/smtp\[.*\]: connect to .*\[[\.[:digit:]]+\]: (Connection refused|server refused mail service) \(port 25\)
-postfix/smtpd\[.*\]: reject: RCPT from .*\[[\.[:digit:]]+\]: 550 <.*>: User unknown; from=<.*> to=<.*>
-postfix/smtpd\[.*\]: reject: RCPT from .*\[[\.[:digit:]]+\]: 554 Service unavailable; .* blocked using .*; from=<.*> to=<.*>
-postfix/smtpd\[.*\]: reject: RCPT from .*\[[\.[:digit:]]+\]: 554 <.*>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<.*> to=<.*>
-postfix/smtpd\[.*\]: warning: .*: hostname .* verification failed: Host not found
+postfix/(qmgr|smtp)\[[0-9]+\]: .* status=deferred \(connect to .*: (Connection refused|server refused mail service)\)
+postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=<.*@Debug>
+postfix/local\[[0-9]+\]: warning: unable to create lock file /var/mail/[[:alnum:]]+\.lock: Permission denied
+postfix/smtp\[[0-9]+\]: .* status=bounced \(bad host/domain syntax: ".*"\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(Name service error for .*: Host not found\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 550 .* (User unknown; rejecting|Relaying denied|unknown or illegal alias: .*)\)
+postfix/smtp\[[0-9]+\]: .* status=bounced \(host .* said: 552 header content rejected: see .*\)
+postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <.*>: Sender address rejected: Domain not found\)
+postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 450 <.*>: Recipient address rejected: Recipient mailbox is full\)
+postfix/smtp\[[0-9]+\]: .* status=deferred \(host .* said: 451 Transaction failed.\)
+postfix/smtp\[[0-9]+\]: connect to .*\[[\.[:digit:]]+\]: (Connection refused|server refused mail service) \(port 25\)
+postfix/smtpd\[[0-9]+\]: reject: RCPT from .*\[[\.[:digit:]]+\]: 550 <.*>: User unknown; from=<.*> to=<.*>
+postfix/smtpd\[[0-9]+\]: reject: RCPT from .*\[[\.[:digit:]]+\]: 554 Service unavailable; .* blocked using .*; from=<.*> to=<.*>
+postfix/smtpd\[[0-9]+\]: reject: RCPT from .*\[[\.[:digit:]]+\]: 554 <.*>: (Recipient address rejected: )?(Relay a|A)ccess denied; from=<.*> to=<.*>
+postfix/smtpd\[[0-9]+\]: warning: .*: hostname .* verification failed: Host not found
diff --git a/logcheck/violations.ignore.d/proftpd b/logcheck/violations.ignore.d/proftpd
index 295767a..91c3fdd 100644
--- a/logcheck/violations.ignore.d/proftpd
+++ b/logcheck/violations.ignore.d/proftpd
@@ -1 +1 @@
-proftpd\[.*\]: .* \(.*\) - USER anonymous \(Login failed\): Can't find user\.
+proftpd\[[0-9]+\]: .* \(.*\) - USER anonymous \(Login failed\): Can't find user\.
diff --git a/logcheck/violations.ignore.d/samba b/logcheck/violations.ignore.d/samba
index 0c59cff..e07a4be 100644
--- a/logcheck/violations.ignore.d/samba
+++ b/logcheck/violations.ignore.d/samba
@@ -1 +1 @@
-smbd\[.*\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)
+smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)
diff --git a/logcheck/violations.ignore.d/ssh b/logcheck/violations.ignore.d/ssh
index 68f8ca9..cf49325 100644
--- a/logcheck/violations.ignore.d/ssh
+++ b/logcheck/violations.ignore.d/ssh
@@ -1 +1 @@
-sshd\[.*\]: Failed keyboard-interactive for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2
+sshd\[[0-9]+\]: Failed keyboard-interactive for [[:alnum:]]+ from [\.[:digit:]]+ port [[:digit:]]+ ssh2
diff --git a/logcheck/violations.ignore.d/temp b/logcheck/violations.ignore.d/temp
index 0b48e00..42a6910 100644
--- a/logcheck/violations.ignore.d/temp
+++ b/logcheck/violations.ignore.d/temp
@@ -1,22 +1,22 @@
-afpd\[.*\]: afp_flushfork: of_find: Permission denied
-afpd\[.*\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
-afpd\[.*\]: bad function 7A
-afpd\[.*\]: cnid_open: Cannot establish logfile cleanup lock for database environment .*/\.AppleDB/cnid\.lock \(open\(\) failed\)
-afpd\[.*\]: dsi_stream_read\(0\): Permission denied
-afpd\[.*\]: error removing /.+/net[\.[:digit:]]+node[[:digit:]]+: Permission denied
-afpd\[.*\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
-IMP\[.*\]: FAILED .* to .*:143 as .*
-i(map|pop3)d\[.*\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
+afpd\[[0-9]+\]: afp_flushfork: of_find: Permission denied
+afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
+afpd\[[0-9]+\]: bad function 7A
+afpd\[[0-9]+\]: cnid_open: Cannot establish logfile cleanup lock for database environment .*/\.AppleDB/cnid\.lock \(open\(\) failed\)
+afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied
+afpd\[[0-9]+\]: error removing /.+/net[\.[:digit:]]+node[[:digit:]]+: Permission denied
+afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
+IMP\[[0-9]+\]: FAILED .* to .*:143 as .*
+i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
 kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
 kernel: Packet log: input DENY eth1 PROTO=1 0.0.0.0:5 10.0.0.40:1 L=427 S=0xD0 I=0 F=0x4000 T=255 \(#22\)
-PAM_unix\[.*\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
-portsentry\[.*\]: attackalert: .*
-smbd\[.*\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
-smbd\[.*\]:   read_socket_data: recv failure for 4. Error = No route to host
-smbd\[.*\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.
-sshd\[.*]: Failed password for .*
-pumpd\[.*\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
-postfix/smtpd\[.*\]: reject: .*: 550 <.*>: User unknown; .*
-postfix/smtpd\[.*\]: reject: .*: 554 <.*>: Recipient address rejected: User unknown; .*
-postfix.*\[.*\]: .* from=<(groove@mailomat.grooveattack.com|refused@maila.com)>
+PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
+portsentry\[[0-9]+\]: attackalert: .*
+smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ !
+smbd\[[0-9]+\]:   read_socket_data: recv failure for 4. Error = No route to host
+smbd\[[0-9]+\]:   yield_connection: tdb_delete for name  failed with error Record does not exist\.
+sshd\[[0-9]+\]: Failed password for .*
+pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
+postfix/smtpd\[[0-9]+\]: reject: .*: 550 <.*>: User unknown; .*
+postfix/smtpd\[[0-9]+\]: reject: .*: 554 <.*>: Recipient address rejected: User unknown; .*
+postfix.*\[[0-9]+\]: .* from=<(groove@mailomat.grooveattack.com|refused@maila.com)>
 snort: spp_http_decode: IIS Unicode attack detected: