6 files changed, 3 insertions, 202 deletions

diff --git a/logcheck/ignore.d.server/local b/logcheck/ignore.d.server/local
index 09fcbde..97ff6de 100644
--- a/logcheck/ignore.d.server/local
+++ b/logcheck/ignore.d.server/local
@@ -1,6 +1,4 @@
-### ignore.d.server/amanda
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amandad\[[0-9]+\]: connect from
-### ignore.d.server/amavis
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: cached [a-f0-9]+ from <[^[:space:]]*>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: infected \([^[:space:]]+\), from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine virus-[0-9-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: local delivery: <[^[:space:]]*> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)?$
@@ -8,7 +6,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: spam from=(<[^>]+>|\(\?\)), to=(<[^>]+>,)+ quarantine spam-[0-9a-f-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^>]*>$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: spam_scan: whitelisted sender <[^[:space:]]+>, spam check skipped$
-### ignore.d.server/anacron
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \(root\) CMD \(test -e /usr/sbin/anacron || run-parts --report /etc/cron.(daily|weekly|monthly)\) $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Anacron 2.3 started on [0-9-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Job `cron.(daily|weekly|monthly)' started$
@@ -17,7 +14,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Normal exit \([0-9]+ jobs run\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Updated timestamp for job `cron.(daily|weekly|monthly)' to [0-9-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ anacron\[[0-9]+\]: Will run job `cron.(daily|weekly|monthly)' in (5|10|15) min\.$
-### ignore.d.server/bind.changes
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Lame delegation
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Lame server on '[^[:space:]]+' \(in '[^[:space:]]+'\?\): \[[\.0-9]+\]\.[0-9]+ '[^[:space:]]+'$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: Response from
@@ -41,10 +37,8 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: rcvd NOTIFY\([^[:space:]]+, IN, SOA\) from \[[\.0-9]+\]\.[0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: late CNAME in answer section for [^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: unrelated additional info '[^[:space:]]+' type A from \[[\.0-9]+\]\.[0-9]+$
-### ignore.d.server/bind.tmp
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied$
-### ignore.d.server/courier
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: Connection, ip=\[::ffff:.*\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: LOGIN, user=.*, ip=\[::ffff:.*\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ courierpop3login: LOGOUT, user=.*, ip=\[::ffff:.*\], top=.* retr=.*
@@ -62,17 +56,13 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: Connection, ip=\[::ffff:.*\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: LOGIN, user=.*, ip=\[::ffff:.*\]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ imapd-ssl: DISCONNECTED, user=.*, ip=\[::ffff:.*\]
-### ignore.d.server/dancer-ircd
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ircd\[[0-9]+\]: ircd exiting: autodie$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ircd\[[0-9]+\]: Server Ready$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (ircd\[[0-9]+\]: )?binding stream socket [\.[:alnum:]]+\[\*\.666[789]\]: Address already in use$
-### ignore.d.server/dhcp-client
-# NB: dhcp 2-x entries are in dhcp
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(REQUEST|DISCOVER) on [^[:space:]]+ to [\.0-9]+ port 67( interval [0-9]+)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(ACK|OFFER) from [\.0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: bound to [\.0-9]+ -- renewal in [0-9]+ seconds\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: irda0: unknown hardware address type 783$
-### ignore.d.server/dhcp3-common
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Abandoning IP address [\.0-9]+: pinged before offer ?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: BOOTREQUEST from [0-9a-f:]+ ?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: DHCP(ACK|NAK|OFFER) on [\.0-9]+ to [0-9a-f:]+( \([^\)]+\))? via eth[0-9]+ ?$
@@ -85,8 +75,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: Wrote [0-9]+ (leases|deleted host decls|new dynamic host decls) to leases file\. ?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: accepting packet with data after udp payload. ?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd: ip length 576 disagrees with bytes received 590. ?$
-### ignore.d.server/dhcp.changes
-# NB: dhcp3 entries are in dhcp3-common
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: Abandoning IP address [\.0-9]+: (declined\.|pinged before offer) ?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: BOOT(DISCOVER|REQUEST) from [0-9a-f:]+ via eth[0-9]+ (\(non-rfc1048)\) ?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: BOOTREPLY for [\.0-9]+ to [^[:space:]]+ \([0-9a-f:]+\) via eth[0-9]+ ?$
@@ -94,19 +82,15 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCP(DECLINE on|RELEASE of|REQUEST for) [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+ \((not )?found\) ?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCPINFORM from [\.0-9]+ ?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd-2.2.x: DHCPREQUEST for [\.0-9]+ from [0-9a-f:]+( \([^[:space:]]+\))? via eth[0-9]+: wrong network\. ?$
-### ignore.d.server/gdm
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: run_pictures: Directory [^[:space:]] does not exist\.$
-### ignore.d.server/gdm.da_DK
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: Pingning af.* mislykkedes, deaktiver terminal!
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: \(child [0-9]+\) gdm_slave_xioerror_handler: Fatal X-fejl - genstarter [0-9:\.]*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: run_pictures: /usr/share/pixmaps er ikke ejet af uid [^[:space:]]\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gdm\[[0-9]+\]: run_pictures: Mappen [^[:space:]] eksisterer ikke\.$
-### ignore.d.server/hotplug
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /etc/hotplug/net.agent: assuming ppp[0-9] is already up$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /etc/hotplug/net.agent: invoke if(up|down) ppp[0-9]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /etc/hotplug/usb.agent: Setup [^[:space:]]+ for USB product [0-9a-f/]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ modprobe: modprobe: Can't locate module (keybdev|mousedev|usbcore)$
-### ignore.d.server/hylafax-server
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ Fax(Getty|Send)\[[0-9]+\]: STATE CHANGE:( ->| BASE| LOCKWAIT| LISTENING| RUNNING| ANSWERING| RECEIVING| MODEMWAIT)+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ Fax(Getty|Send)\[[0-9]+\]: MODEM (ROCKWELL|ZYXEL) .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: RECV FAX \([0-9]+\): from .*, page .* in [0-9]+:[0-9]+, INF, .* line/mm, (1|2)-D MR(, [0-9]+ bit/s)?$
@@ -117,33 +101,23 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxQueuer\[[0-9]+\]: SUBMIT JOB [0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxSend\[[0-9]+\]: SEND FAX: JOB [0-9]+ DEST [0-9]+ COMMID [0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics.$
-### ignore.d.server/imp
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: Login [0-9\.]+ to [^[:space:]]+ as [^[:space:]]+$
-### ignore.d.server/libgpmg1
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ [[:alnum:]]+: /dev/gpmctl: No such file or directory$
-### ignore.d.server/libgpmg1.da_DK
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ [[:alnum:]]+: /dev/gpmctl: Ingen sådan fil eller filkatalog$
-### ignore.d.server/libpam-modules
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_limits\[[0-9]+\]: default limits skipped for 'root'$
-### ignore.d.server/mailutils-imap4d
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnu-imap4d\[[0-9]+\]: Incoming connection opened$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnu-imap4d\[[0-9]+\]: connect from [\.0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnu-imap4d\[[0-9]+\]: User '[[:alnum:]]+' logged in$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnu-imap4d\[[0-9]+\]: Session timed out for user: [[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnu-imap4d\[[0-9]+\]: got signal Alarm clock$
-### ignore.d.server/misc
-# Figure out if these belong to dhcp or dhcp3-common (or dhclient?)
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd.*: Reclaiming( REQUESTed) abandoned IP address [\.0-9]+
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd.*: already acking lease
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd.*: send_packet: Connection refused
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd.*: fallback_discard: Connection refused
-# These show up when isdnutils is installed, but isn't strictly related to those packages
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: isdn_net: call from [,0-9]+ -> [0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: isdn_net: Service-Indicator not [0-9], ignored$
-# This one shows up with firewalls blocking SMB ports non-silently
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Packet log: input DENY .*:(137|138) .*:(137|138) .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Shorewall:net2all:DROP:.* (SPT|DPT)=(13[789]|445) .*$
-### ignore.d.server/murasaki
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.usb\[[0-9]+\]: found depended module="[[:alnum:]]+"$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.(usb|net)\[[0-9]+\]: try expanding "\[net\]"$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.(usb|net)\[[0-9]+\]: dependent\(net\) is found$
@@ -151,12 +125,8 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.(usb|net)\[[0-9]+\]: Execuing "net" "(stop|start)"$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.(usb|net)\[[0-9]+\]: execute if(up|down) (eth|(i)?ppp|irda)[0-9]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ murasaki\.usb\[[0-9]+\]: (MATCH\(audio\) -> match_flags:[[:alnum:]]+ )?vendor:[[:alnum:]]+ product:[[:alnum:]]+ Dclass:[[:alnum:]]+ Dsubclass:[[:alnum:]]+ Dprotocol:[[:alnum:]]+ Iclass:[[:alnum:]]+ Isubclass:[[:alnum:]]+ Iprotocol:[[:alnum:]]+$
-### ignore.d.server/nagios
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: Auto-save of retention data completed successfully\. $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ nagios: LOG ROTATION: DAILY $
-### ignore.d.server/netatalk.changes
-# Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer.
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: (atp_rresp|afp_die: asp_shutdown): Connection timed out$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: Parsing volset [^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: E:AFPDaemon: afp_alarm: child timed out$
@@ -177,47 +147,29 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: ((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: login noauth$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: S:Logger: can't open Logfile /var/log/netatalk.log$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [_[:alnum:]]+(\(-?[0-9]+\))?: stat [^:]+: (No such file or directory|Permission denied)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: dsi_stream_read\(0\): (No such file or directory|No such process|Permission denied)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: dsi_stream_read\(0\): Success$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: error stat'ing /[^[:space:]]+/net[\.0-9]+node[0-9]+: No such file or directory$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ atalkd\[[0-9]+\]: (as_timer|nbp brrq) sendto [\.0-9]+( \([0-9]+\))?: Network is unreachable $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [[:alnum:]]+\)) $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ papd\[[0-9]+\]: [^[:space:]]+: I:PAPDaemon: child [0-9]+ done$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ papd\[[0-9]+\]: [^[:space:]]+: I:PAPDaemon: child [0-9]+ for "[^"]+" from [\.0-9]+$
-### ignore.d.server/netsaint
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: (HOST|SERVICE) (ALERT|NOTIFICATION|FLAPPING ALERT): .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: Auto-save of retention data completed successfully\. $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: Caught SIGTERM, shutting down\.\.\. $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: Entering active mode\.\.\. $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: NetSaint [\.0-9]+ starting\.\.\. \(PID=[0-9]+\) $
-### ignore.d.server/nfs-kernel-server
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: NFS mount of /[^[:space:]]+ attempted from [\.0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: /[^[:space:]]+ has been mounted by [\.0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc\.mountd: authenticated unmount request from [\.0-9]+:[0-9]+ for /[^[:space:]]+ \(/[^[:space:]\)]+\) $
-### ignore.d.server/non-debian
-# These entries are for syslogd open for remote hosts
-# (and advertised through DHCP)
-#
-# HP printers
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: peripheral low-power state$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: paper out$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: error cleared$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: powered up$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: ready to print$
-# FloppyFW DHCP server
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ [0-9A-F]+ 400 DHCP SERVER Offered         \| Offering: [\.0-9]+  To: [0-9A-F]+  By: [\.0-9]+$
-### ignore.d.server/ntp-simple.changes
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kern_enable is 1$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: kernel time discipline status [0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: precision = [0-9]+ usec$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: signal_no_reset: signal 13 had flags [0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: using kernel phase-lock loop [0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: ntpd [\.0-9]+ [a-zA-Z]+ [a-zA-Z]+ [0-9]+ [0-9:]+ UTC 200[2-9]+ \(2\)$
-### ignore.d.server/pop-before-smtp
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pop-before-smtp\[[0-9]+\]: (opening|closing) relay for [\.0-9]+( --- not in mynetworks)?$
-### ignore.d.server/postfix
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[[:alnum:]]+\[[0-9]+\]: table has changed -- exiting$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: [A-Z0-9]+: message-id=.*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/cleanup\[[0-9]+\]: warning: premature end-of-input from cleanup socket while reading input attribute name$
@@ -258,13 +210,10 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\] sent ([^[:space:]]+ header|mail content) instead of SMTP command: .*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [^[:space:]]+\[[\.0-9]+\]: hostname [^[:space:]]+ verification failed: Host not found$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: numeric result [\.0-9]+ in address->name lookup for [\.0-9]+$
-# These are only for postfix >= 2.0:
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/qmgr\[[0-9]+\]: [A-Z0-9]+: to=<[^,]+, relay=none, delay=[0-9]+, status=deferred \(connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtp\[[0-9]+\]: connect to [^[:space:]]+\[[\.0-9]+\]: server dropped connection without sending the initial greeting \(port 25\)$
-### ignore.d.server/postgresql
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] \^ICPU .* sec elapsed .* sec\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] \^ITotal CPU .* sec elapsed .* sec\.$
-### ignore.d.server/ppp
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: abort on \(.*\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: expect \(.*\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: send \(AT.*\^M\)$
@@ -274,7 +223,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: CONNECT$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: OK$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ chat\[[0-9]+\]: send \(\\d\)$
-### ignore.d.server/proftpd
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: No certificate files found! $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ ([^[:space:]\[]+\[[\.0-9]\]) - Refused PORT.* (address mismatch)\. $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - FTP (login timed out|no transfer timeout), disconnected\. $
@@ -282,24 +230,18 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER [^[:space:]]+: (Login successful\.|no such user found from .*\[[\.0-9]+\] to [\.0-9]+:21) $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - no such user '[^[:space:]]+' $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: connect from [\.0-9]+ $
-### ignore.d.server/rpld
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpld\[[0-9]+\]: client [:a-f0-9]+ requested block [\.0-9]+$
-### ignore.d.server/samba
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection reset by peer)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: \[[/0-9]+ [0-9:]+, [0-9]+\] lib/util_sock.c:read(_socket)?_data\([0-9]+\)$
-### ignore.d.server/sfs-client
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ : nfsmounter: mounted /sfs/\.linuxmnt/[^[:blank:]]+:[0-9a-z]+/r$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ : sfsrwcd: [^[:blank:]]+:[0-9a-z]+ deleted$
-### ignore.d.server/sfs-server
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ : sfsauthd: serving [^:]+:[0-9a-z]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ : sfssd: accepted connection from [\.0-9]+$
-### ignore.d.server/spamassassin
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: Creating default_prefs
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: connection from .* at port
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: clean message for
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: identified spam for
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ spamd\[[0-9]+\]: skipped large message in
-### ignore.d.server/squid
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]:   Finished.  Wrote [0-9]+ entries\. $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]:   Took [\.0-9]+ seconds \( *[\.0-9]+ entries/sec\)\. $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: (Closing Pinger socket|Pinger socket opened) on FD [0-9]+$
@@ -310,7 +252,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: sslReadServer: FD [0-9]+: read failure: \(104\) Connection reset by peer $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: storeDirWriteCleanLogs: Starting\.\.\. $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ squid\[[0-9]+\]: urlParse: Illegal character in hostname '[^']+' $
-### ignore.d.server/ssh
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: syslogin_perform_logout: logout\(\) returned an error$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Could not reverse map address .*\.
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Connection closed by .*
@@ -322,36 +263,18 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: refused connect from .*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Received disconnect from [\.0-9]+: 11: Disconnect requested by Windows SSH Client.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: subsystem request for sftp$
-### ignore.d.server/ssmtp
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sSMTP mail\[[0-9]+\]: .* sent mail for root
-### ignore.d.server/sysklogd
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd [\.#0-9]+: restart \(remote reception\)\.$
-### ignore.d.server/tftpd
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.tftpd\[[0-9]+\]: RRQ from [\.0-9]+ filename [^[:space:]]+ $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in\.tftpd\[[0-9]+\]: tftp: client does not accept options 
-### ignore.d.server/tmp
-## imp
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ IMP\[[0-9]+\]: FAILED .* to .*:143 as .*
-## libpam-modules
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: authentication failure; \(uid=0\) -> .* for (imap|netatalk|pop|samba|ssh) service
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: check pass; user unknown$
-# old-style pam entries (no longer provided by logcheck but needed on woody)
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_.*: .* session (opened|closed) for user .*
-## netatalk
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: E:AFPDaemon: bad function 7A
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*)
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: User entered a null value -- No such file or directory
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
-## hylafax-server
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: ANSWER: Can not lock modem device
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnome-name-server\[[0-9]+\]: server_is_alive: .*
-## uw-imap
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ i(map|pop3)d\[[0-9]+\]: (AUTHENTICATE (LOGIN|PLAIN) failure|Login failed)( user=.*)? host=(.* )?\[.*\]
-## ppp
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ipppd\[[0-9]+\]: Connect\[0\]: /dev/ippp[0-9], fd: 12
-## misc
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Disorder[0-9] [0-9] [0-9] f[0-9] s[0-9] rr[0-9]
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: IP_MASQ:reverse ICMP: failed checksum from .*!
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: OPEN: [\.0-9]* -> [\.0-9]* UDP, port: [0-9]* -> [0-9]*
@@ -360,25 +283,18 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: lp[0-9]: compatibility mode
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Undo( partial)? (Hoe|loss|retrans)
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ printer: offline or intervention needed
-## Printer and Windows PC at Homebase ignoring change of DHCP (192.168.101 -> 192.168.1)
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Shorewall:all2all:REJECT:.*SRC=192.168.103.17 DST=192.168.101.2 .*$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Shorewall:all2all:REJECT:.*SRC=192.168.103.248 DST=192.168.101.22 .*$
-## Non-UDMA hd cable
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: hda: status timeout: status=0xd0 \{ Busy \}
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: hda: no DRQ after issuing WRITE
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: ide0: reset: success
-## Postfix SASL not working
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: unable to open Berkeley db /etc/sasldb: No such file or directory
-## ntp-simple
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation lost
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation lost
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset [\.0-9-]* .
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset [\.0-9-]+ s
-## portsentry
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ portsentry\[[0-9]+\]: attackalert: .*
-## pump
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pumpd\[[0-9]+\]: SO_BINDTODEVICE eth0 \(4\) failed: Invalid argument
-## samba
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   process_local_message: unknown UDP message command code \([0-9a-f]+\) - ignoring. $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for 4\. Error = (No route to host|Connection (reset by peer|timed out)) $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User [[:alnum:]]+ ! $
@@ -388,48 +304,13 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:  prs_mem_get: reading data of size 4 would overrun buffer. $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|rpc_parse/parse_prs.c:prs_mem_get|rpc_server/srv_(pipe.c:api_rpcTNP|srvsvc.c:api_srv_net_share_add))\([0-9]+\) $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:(find_service|make_connection))\([0-9]+\) $
-## ssh
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ from [0-9\.]+ port [0-9]+ ssh2$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096 $
-## postfix
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix.*\[[0-9]+\]: .* from=<groove@mailomat.grooveattack.com>
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.0-9]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
-## Tulle getting spammed
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tulle postfix/smtpd\[[0-9]+\]: too many errors after RCPT from unknown\[\.0-9]+[\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc.mountd: authenticated mount request from .* for .*
-## snort
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: .*FrontPage
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS015 - RPC - portmap-request-status:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS029 - SCAN-Possible Queso Fingerprint attempt:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS115 - MISC-Traceroute-UDP:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS212 - MISC - DNS Zone Transfer:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS226 - CVE-1999-0172 - CGI-formmail:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS246 - MISC - Large ICMP Packet:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IIS-
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: MISC-Attempted Sun RPC high port access:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: NETBIOS-SMB-C:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: NETBIOS-SMB-CD...:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: NMAP TCP ping!:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: RPC Info Query:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: SCAN-SYN FIN:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_http_decode: IIS Unicode attack detected:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_portscan: End of portscan
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_portscan: PORTSCAN DETECTED
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_portscan: portscan status from
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: WEB-../..:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: WEB-CGI-upload.pl:
-## postgres
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] LOG:  connection received: host=\[local\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] LOG:  connection authorized: user=postgres database=template1
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\]  Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] [0-9]*; Re-using: Free/Avail. Space .* EndEmpty/Avail\. Pages .* CPU .* sec\.
-## amavis
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: warning - MIME::Parser error: .*
-## Misc entries on Gibraltar (using older logcheck and syslog...)
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ -- MARK -- $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \(root\) CMD \(test -x /usr/sbin/logcheck && nice -n10 /usr/sbin/logcheck\) $
-### ignore.d.server/ucd-snmp
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ucd-snmp\[[0-9]+\]: Connection from .*
-### ignore.d.server/uptimed
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ uptimed: moving up to position [0-9]+: [0-9]+ days, [0-9:]+
diff --git a/logcheck/ignore.d.server/netatalk.changes b/logcheck/ignore.d.server/netatalk.changes
index 92b68ef..5ba7170 100644
--- a/logcheck/ignore.d.server/netatalk.changes
+++ b/logcheck/ignore.d.server/netatalk.changes
@@ -1,5 +1,3 @@
-# Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer.
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: (atp_rresp|afp_die: asp_shutdown): Connection timed out$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: Parsing volset [^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: using codepage directory: /etc/netatalk/nls/maccode\.[\.a-z0-9-]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: E:AFPDaemon: afp_alarm: child timed out$
@@ -20,12 +18,5 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: ((dhx|cleartext|randnum/rand2num) )?login: [[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: login noauth$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: I:UAMSDaemon: uams_dhx_pam.c :PAM: PAM (Auth OK!|Success -- Success)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: S:Logger: can't open Logfile /var/log/netatalk.log$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [_[:alnum:]]+(\(-?[0-9]+\))?: stat [^:]+: (No such file or directory|Permission denied)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: dsi_stream_read\(0\): (No such file or directory|No such process|Permission denied)$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: dsi_stream_read\(0\): Success$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: error stat'ing /[^[:space:]]+/net[\.0-9]+node[0-9]+: No such file or directory$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ atalkd\[[0-9]+\]: (as_timer|nbp brrq) sendto [\.0-9]+( \([0-9]+\))?: Network is unreachable $
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ atalkd\[[0-9]+\]: zip (ignoring gnireply|gnireply from [\.0-9]+ \([[:alnum:]]+ [[:alnum:]]+\)) $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ papd\[[0-9]+\]: [^[:space:]]+: I:PAPDaemon: child [0-9]+ done$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ papd\[[0-9]+\]: [^[:space:]]+: I:PAPDaemon: child [0-9]+ for "[^"]+" from [\.0-9]+$
diff --git a/logcheck/ignore.d.server/tmp b/logcheck/ignore.d.server/tmp
index 9dd06e3..33cddeb 100644
--- a/logcheck/ignore.d.server/tmp
+++ b/logcheck/ignore.d.server/tmp
@@ -5,13 +5,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_unix\[[0-9]+\]: check pass; user unknown$
 # old-style pam entries (no longer provided by logcheck but needed on woody)
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ PAM_.*: .* session (opened|closed) for user .*
-## netatalk
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: E:AFPDaemon: bad function 7A
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: (PAM Auth OK!|Success -- .*|User entered a null value -- .*)
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: PAM_Error: Authentication failure -- (Bad file descriptor|Invalid argument)
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: uams_dhx_pam\.c :PAM: User entered a null value -- No such file or directory
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ atalkd\[[0-9]+\]: as_timer sendto: Netvaerket er ikke tilgaengeligt
 ## hylafax-server
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: ANSWER: Can not lock modem device
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnome-name-server\[[0-9]+\]: server_is_alive: .*
@@ -56,36 +49,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:  prs_mem_get: reading data of size 4 would overrun buffer. $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] (lib/util_sock.c:read_data|passdb/pampass.c:smb_pam_passcheck|rpc_parse/parse_prs.c:prs_mem_get|rpc_server/srv_(pipe.c:api_rpcTNP|srvsvc.c:api_srv_net_share_add))\([0-9]+\) $
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]: \[[0-9/]+ [0-9:]+, [0-9]+\] smbd/(connection.c:yield_connection|oplock.c:process_local_message|service.c:(find_service|make_connection))\([0-9]+\) $
-## ssh
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed password for [[:alnum:]]+ from [0-9\.]+ port [0-9]+ ssh2$
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: packet_set_maxsize: setting to 4096 $
-## postfix
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix.*\[[0-9]+\]: .* from=<groove@mailomat.grooveattack.com>
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [\.[:alnum:]-]+\[[\.0-9]+\] in MAIL command: <C:\\Email\\Headers\\fresh froms 5-1\.txt>
-## Tulle getting spammed
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tulle postfix/smtpd\[[0-9]+\]: too many errors after RCPT from unknown\[\.0-9]+[\]
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc.mountd: authenticated mount request from .* for .*
-## snort
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: .*FrontPage
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS015 - RPC - portmap-request-status:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS029 - SCAN-Possible Queso Fingerprint attempt:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS115 - MISC-Traceroute-UDP:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS212 - MISC - DNS Zone Transfer:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS226 - CVE-1999-0172 - CGI-formmail:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IDS246 - MISC - Large ICMP Packet:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: IIS-
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: MISC-Attempted Sun RPC high port access:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: NETBIOS-SMB-C:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: NETBIOS-SMB-CD...:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: NMAP TCP ping!:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: RPC Info Query:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: SCAN-SYN FIN:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_http_decode: IIS Unicode attack detected:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_portscan: End of portscan
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_portscan: PORTSCAN DETECTED
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: spp_portscan: portscan status from
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: WEB-../..:
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snort: WEB-CGI-upload.pl:
 ## postgres
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] DEBUG: .*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postgres\[[0-9]+\]: \[[0-9-]+\] LOG:  connection received: host=\[local\]$
diff --git a/logcheck/ignore.d.workstation/local b/logcheck/ignore.d.workstation/local
index ae02644..42fcb3d 100644
--- a/logcheck/ignore.d.workstation/local
+++ b/logcheck/ignore.d.workstation/local
@@ -1,25 +1,20 @@
-### ignore.d.workstation/bind
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: deleting interface \[[\.0-9]+\]\.[0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: listening on IPv4 interface eth[0-9], [\.0-9]+#53$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: listening on \[[\.0-9]+\]\.[0-9]+ \([^[:space:]]+\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: no longer listening on [\.0-9]+#53$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: ns_forw: sendto\(\[[\.0-9]+\]\.[0-9]+\): Network is unreachable$
-### ignore.d.workstation/devfsd
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ devfsd\[[0-9]+\]: Caught SIGHUP$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ devfsd\[[0-9]+\]: read config file: "/etc/devfsd.conf"$
-### ignore.d.workstation/dhcp-client
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: No working leases in persistent database( - sleeping)?\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: Sleeping\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: No DHCPOFFERS received\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: receive_packet failed on eth[0-9]: Network is down$
-### ignore.d.workstation/gconf.changes
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gconfd \([^[:space:]]+\): CORBA_ORB_destroy: ORB still has [0-9]+ refs\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gconfd \([^[:space:]]+\): Exiting$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gconfd \([^[:space:]]+\): GConf server is not in use, shutting down\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gconfd \([^[:space:]]+\): Resolved address "xml:readonly:/[^[:space:]]+" to a read-only config source at position [0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gconfd \([^[:space:]]+\): Resolved address "xml:readwrite:/[^[:space:]]+" to a writable config source at position [0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gconfd \([^[:space:]]+\): starting \(version [\.0-9]+\), pid [0-9]+ user '[^[:space:]]+'$
-### ignore.d.workstation/gconf.da_DK
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gconfd \([^[:space:]]+\): Afslutter$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gconfd \([^[:space:]]+\): Bestemte adressen "xml:readonly:/[^[:space:]]+" til en skrivebeskyttet konfigureringskilde ved position [0-9]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gconfd \([^[:space:]]+\): Bestemte adressen "xml:readwrite:/[^[:space:]]+" til en skrivbar konfigureringskilde ved position [0-9]+$
@@ -27,19 +22,14 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gconfd \([^[:space:]]+\): Kunne ikke fjerne kataloget '/[^[:space:]]+' fra XML-bagendemellemlageret fordi den ikke er synkroniseret med disken\.$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gconfd \([^[:space:]]+\): Modtog signal 15, lukker pænt ned$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gconfd \([^[:space:]]+\): starter \(version [\.0-9]+\), pid [0-9]+ bruger '[^[:space:]]+'$
-### ignore.d.workstation/laptop-net
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ifd\[[0-9]+\]: executing: '/usr/share/laptop-net/link-change eth[0-9]+ unwatched ((((up|down),(running|stopped),(dis)?connected|unknown)|unknown)( )?){2}'$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ifd\[[0-9]+\]: eth[0-9]+ is unavailable$
-### ignore.d.workstation/libgnorba
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnome-name-server\[[0-9]+\]: starting
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnome-name-server\[[0-9]+\]: name server starting
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ gnome-name-server\[[0-9]+\]: server_is_alive: .*
-### ignore.d.workstation/misc
-# Linux Thin clients
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd started: BusyBox v[\.0-9]+ \([^[:space:]]+\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ init: Entering runlevel: 2
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rpc.mountd: authenticated mount request from 192\.168\..* for /home/opt/ltsp/i386 \(/home/opt/ltsp/i386\)
-# Laptop sleep
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: ADB keyboard at [0-9], handler [0-9]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: ADB mouse at [0-9], handler set to [0-9] \(trackpad\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: PCI: Enabling bus mastering for device [0-9:\.]+$
@@ -51,24 +41,18 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: eth[0-9]: suspending, WakeOnLan disabled$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: hd[a-d]: Enabling MultiWord DMA [1-9]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: hd[a-d]: Enabling Ultra DMA [1-9]$
-### ignore.d.workstation/ntp-simple
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: synchronisation lost$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpd\[[0-9]+\]: time reset [\.0-9]+ s$
-### ignore.d.workstation/ntpdate
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpdate\[[0-9]+\]: can't find host$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpdate\[[0-9]+\]: no servers can be used, exiting$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ntpdate\[[0-9]+\]: step time server [\.0-9]+ offset [\.0-9]+ sec$
-### ignore.d.workstation/oaf
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oafd: server_is_alive: cnx\[IDL:Bonobo/ConfigDatabase:1\.0\] = ([0-9a-f]+|\(nil\))$
-### ignore.d.workstation/pmud
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pmud\[[0-9]+\]: running /etc/power/pwrctl (maximum|minimum|sleep|wakeup|lid-(closed|opened)) (ac|battery)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pmud\[[0-9]+\]: lid closed: request sleep$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pmud\[[0-9]+\]: going to sleep$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pmud\[[0-9]+\]: initiating user requested sleep$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pmud\[[0-9]+\]: system awake again$
-### ignore.d.workstation/sfs-client
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ : sfsrwcd: reloaded resolv.conf file$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ : sfsrwcd: changing nameserver to [\.0-9]+$
-### ignore.d.workstation/usbutils
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: usb-ohci.c: USB continue: usb-[0-9:\.]+ from host wakeup$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: usb-ohci.c: USB suspend: usb-[0-9:\.]++$
diff --git a/logcheck/mklocalfiles b/logcheck/mklocalfiles
index dc4a152..eeb53eb 100755
--- a/logcheck/mklocalfiles
+++ b/logcheck/mklocalfiles
@@ -17,8 +17,9 @@ for dir in ignore.d.server ignore.d.workstation violations.ignore.d; do
 #	fi
 	for file in $dir/*; do
 		if [ -f $file -a `basename $file` != "local" ]; then
-			echo "### $file" >> $dir/local
-			cat $file >> $dir/local
+#			echo "### $file" >> $dir/local
+#			cat $file >> $dir/local
+			cat $file | grep -v '^#' >> $dir/local
 		fi
 	done
 done
diff --git a/logcheck/violations.ignore.d/local b/logcheck/violations.ignore.d/local
index b8b1642..4935680 100644
--- a/logcheck/violations.ignore.d/local
+++ b/logcheck/violations.ignore.d/local
@@ -1,4 +1,3 @@
-### violations.ignore.d/amavis
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: Checking: <[^[:space:]]*> -> (<[^[:space:]]*>(,)?)+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: SMTP-in \[[\.0-9]+\] /var/lib/amavis/amavis-[^[:space:]:-]+: <[^[:space:]]*> -> (<[^[:space:]]*>(,)?)+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: cached [a-f0-9]+ from <[^[:space:]]*>$
@@ -7,25 +6,15 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: local delivery: <[^[:space:]]+> -> <(spam|virus)-quarantine>, mbx=/var/lib/amavis/virusmails/(spam|virus)-[[:alnum:]-]+(\.gz)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: spam from=<[^[:space:]]+>, to=<[^[:space:]]+>, quarantine spam-[^[:space:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: spam_scan: (No|Yes), hits=[\.0-9-]+ tests=[,_A-Z0-9]+ <[^[:space:]]*>$
-### violations.ignore.d/amavisd-new
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) SPAM, <[^[:space:]]*> -> <[^[:space:]]*>, (No|Yes), hits=[\.0-9-]+ tagged_above=[\.0-9-]+ required=[\.0-9-]+ tests=[,_A-Z0-9 ]+ quarantine spam-[^[:space:]]+ \(spam-quarantine\)$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ amavis\[[0-9]+\]: \([0-9-]+\) BAD HEADER from( \((bulk|list|junk)\))? <[^[:space:]]*>: .*$
-### violations.ignore.d/bind
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: client [\.0-9]+#[0-9]+: update forwarding denied$
-### violations.ignore.d/bind.tmp
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ named\[[0-9]+\]: zone .*: refresh: failure trying master .*: timed out
-### violations.ignore.d/dhcp-client
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x)?: (send_packet|fallback_discard): Connection refused$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: receive_packet failed on eth[0-9]: Network is down$
-### violations.ignore.d/dovecot-common
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ xayide dovecot\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= $
-### violations.ignore.d/libpam-modules
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pam_limits\[[0-9]+\]: setrlimit limit #[0-9]+ to soft=[-0-9]+, hard=[-0-9]+ failed: Operation not permitted; uid=[0-9]+ euid=[0-9]+$
-### violations.ignore.d/misc
-# This one shows up with firewalls blocking SMB ports non-silently
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: Packet log: input DENY eth[0-9]+ PROTO=17 .*:137 .*:137 L=78 S=0x00 I=[0-9]+ F=0x0000 T=[0-9]+ \(#[0-9]+\)
-### violations.ignore.d/netatalk.changes
-# Lines with "[^[:space:]]+:" at the beginning are for netatalk 1.6.x or newer.
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_die: asp_shutdown: Connection timed out$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: (afp_flushfork|afp_read|getforkparms): (ad_refresh|of_find): Permission denied$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: D5:AFPDaemon: Parsing volset [^[:space:]]+$
@@ -34,7 +23,6 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: [^[:space:]]+: E:Default: cnid_open: dbenv->open of /[^[:space:]]+/\.AppleDB failed: Permission denied$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_getsrvrparms: stat /[^/]+/: Permission denied$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: dsi_stream_read\(0\): Permission denied$
-### violations.ignore.d/netsaint
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: SERVICE ALERT:.*;PING;CRITICAL;.*;PING CRITICAL - Packet loss =.*%, RTA =.*ms
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: SERVICE ALERT:.*;ROUTER;CRITICAL;.*;CRITICAL - Plugin timed out after 10 seconds
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: SERVICE ALERT:.*;ROUTER;OK;.*;PING OK - Packet loss =.*%, RTA =.*ms
@@ -46,9 +34,7 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: HOST ALERT:.*;DOWN;SOFT;.*;CRITICAL.*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: HOST ALERT:.*;UP;SOFT;.*;PING OK.*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ netsaint: Successfully shutdown\.\.\. \(PID=[0-9]+\) $
-### violations.ignore.d/pmud
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ pmud\[[0-9]+\]: Sleep for this PMU unsupported: will shutdown the machine on sleep request$
-### violations.ignore.d/postfix
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|smtpd)\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host not found(, try again)?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/(local|smtpd)\[[0-9]+\]: warning: reject: ETRN [^[:space:]]+\.\.\. from [^[:space:]\[]+\[[\.0-9]+\]$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/[ls]mtp\[[0-9]+\]: [A-Z0-9]+: to=<[^>,]*>(, orig_to=<[^>,]*>)?, relay=[^[:space:],]+, delay=[0-9]+, status=(sent|bounced|deferred) \([^\(\)]+(\([^\(\)]*\)[^\(\)]*)*[^\(\)]*\)( proto=E?SMTP helo=<[^[:space:]>]+>)?$
@@ -63,17 +49,12 @@
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: Illegal address syntax from [^[:space:]\[]+\[[\.0-9]+\] in RCPT command: .*
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: warning: [\.0-9]+: hostname [^[:space:]]+ verification failed: Host name has no address$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ postfix/smtpd\[[0-9]+\]: [A-Z0-9]+: reject: (DATA|RCPT) from [^[:space:]\[]+\[[\.0-9]+\]: [45][0-9]{2}( [^;]+;){1,3} from=<[^>]*>( to=<[^>]*>)? proto=E?SMTP( helo=<.*>)?$
-### violations.ignore.d/proftpd
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd\[[0-9]+\]: [^[:space:]]+ \([^[:space:]\[]+\[[\.0-9]+\]\) - USER anonymous \(Login failed\): Can't find user\.$
-### violations.ignore.d/samba
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   read(_socket)?_data: (read|recv) failure for [[:digit:]]+\. Error = (No route to host|Connection (reset by peer|timed out)) ?$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ smbd\[[0-9]+\]:   write_socket_data: write failure\. Error = Connection reset by peer ?$
-### violations.ignore.d/ssh
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sshd\[[0-9]+\]: Failed keyboard-interactive for [^[:space:]]+ from [\.0-9]+ port [0-9]+ ssh2$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ssh\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=[^[:space:]]+  user=[^[:space:]]+$
-### violations.ignore.d/su
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ su\[[0-9]+\]: \+ \?\?\? root:[[:alnum:]-]+ ?$
-### violations.ignore.d/temp
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (imap|netatalk|pop|samba)\(pam_unix\)\[[0-9]+\]: authentication failure; logname= uid=0 euid=0 tty=[^[:space:]]* ruser= rhost=[^[:space:]]*  user=[[:alnum:]]+$
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_flushfork: of_find: Permission denied
 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ afpd\[[0-9]+\]: afp_getsrvrparms: stat /volumes/(km/kmstab/kmstab|kp/kp(/kp|/kpstab|stab/kpstab)|misc/flstab/flstab): Permission denied