### sample oak config file
### 
### anything in parens gets turned into ___
### there is a "trash" queue by default
###

###
### options
###

set infile /var/adm/messages

## these are on by default, but we'll set them anyway
## to turn them off change to "set no nukepid" etc.
set nukepid
set nukeciscoid
set nukesmqid

###
### define the queues
###

define queue immediate-zephyr
        action zwrite myclass oak *
	  action-limits 25 100 100 10
        fire now
	locking 30m
	header **** CRITICAL MESSAGE LOG ****

define queue hourly-zephyr
        action zwrite myclass oak *
	  action-limits 25 100 100 10
	fire *1hr
	header Hourly message log

define queue daily-mail
	prescan
	action mail touser@foo.com fromuser@baz.org "Daily Report"
	  action-limits 300 100 100 100
	fire 09:00
	header Daily message log

###
### critical messages first
###

on ^sendmail\[(.+)\]: (.+): SYSERR.*: (.+): cannot fork: Not enough memory
	queues immediate-zephyr hourly-zephyr daily-mail
on ^sendmail\[(.+)\]: WorkList for .+ maxed out at .+
	queues immediate-zephyr hourly-zephyr daily-mail
on ^unix: WARNING: Sorry, no swap space to grow stack for pid (.+)
	queues immediate-zephyr hourly-zephyr daily-mail
on ^(.+): %SYS-2-MALLOCFAIL: Memory allocation of (.+) bytes failed from (.+), pool Processor, alignment (.+)
	queues immediate-zephyr hourly-zephyr daily-mail
on file system full
	queues immediate-zephyr hourly-zephyr daily-mail

###
### then throw out the garbage
###

on ^(.+): -Traceback= .+
	queues trash
on ^(.+): -Process= .Per-minute Jobs., ipl= (.+), pid= (.+)
	queues trash
on ^(.+):  End of MEMD buffer : (.+)
	queues trash
on ^(.+):  End of datagram    : (.+)
	queues trash
on ^(.+):  bufhdr .+
	queues trash
on ^(.+): %SYS-5-CONFIG_I: Configured from console by (.+) \((.+)\)
	queues trash
on ^(.+): %AT-6-NODEWRONG: .+: AppleTalk node (.+) misconfigured; reply has been broadcast
	queues trash
on ^(.+): %AUTORP-5-MAPPING: RP for .+ is now .+
	queues trash
on ^(.+): %AT-5-RTMPSTATE: .+: RTMP Path to (.+) via .+ now in Bad state *(.*)
	queues trash
on ^(.+): %AT-5-RTMPSTATE: .+: RTMP Path to (.+) via .+ now in Good state (.*)
	queues trash
on ^dhcpd: Abandoning IP address (.+): declined
	queues trash
on gethostbyaddr: (.*) != (.+)
        queues trash
on ^imapd\[(.+)\]: PROTERR: idle for too long
	queues trash
on ^imapd\[(.+)\]: PROTERR: Connection reset by peer
	queues trash
on ^kshd\[(.+)\]: Executing .* rcp .* for principal (.*)
	queues trash
on ^eklogind\[(.+)\]: ROOT login by (.+) \((.+)\)
	queues trash
on ^eklogind\[(.+)\]: Kerberos authentication failed
	queues trash
on ^Klogind\[(.+)\]: (.*)login by (.+) \((.+) \((.+)\)\)
	queues trash
on ^klogind\[(.+)\]: ROOT login by (.+) \((.+) \((.+)\)\)
	queues trash
on ^klogind\[(.+)\]: User (.+) is not authorized to login to account .+
	queues trash
on last message repeated .+ time
	queues trash
on ^login\[(.+)\]: ROOT LOGIN .+
	queues trash
on ^login: ROOT LOGIN (.+) FROM (.+)
        queues trash
on ^named\[(.+)\]: ns_resp: TCP truncated: (.*) .+
	queues trash
on ^named\[(.+)\]: Broken pipe
	queues trash
on ^named\[(.+)\]: fwritemsg: Broken pipe
	queues trash
on ^newsyslog\[(.+)\]: logfile turned over
	queues trash
on ^ninit\[(.+)\]: named hosed!
	queues trash
on ^ninit\[(.+)\]: ...named restarted.
	queues trash
on ^ninit\[(.+)\]: Named hosed!  Restarting...
	queues trash
on ^popper: (.+): \((.+)\) Incorrect network address \(krb_rd_req\)
	queues trash
on ^popper: (.+): \((.+)\) Ticket expired \(krb_rd_req\)
	queues trash
on ^popper: (.+): \((.+)\) Time is out of bounds \(krb_rd_req\)
	queues trash
on ^popper: (.+): \(.*\) Can't decode authenticator \(krb_rd_req\)
	queues trash
on ^popper: (.+): EOF
	queues trash
on ^popper: (.+): \((.+)\) Service expired \(kerberos\)
	queues trash
on ^popper: (.*): timeout waiting for ticket
	queues trash
on ^popper: (.*): timeout waiting for data
	queues trash
on ^popper: (.+): auth failed: (.+) vs (.+)
	queues trash
on ^popper: (.*): \((.*)\) realm not accepted.
	queues trash
on ^popper: (.*): \((.*)\) instance not accepted.
	queues trash
on ^popper: Unable to obtain socket and address of client, err = 57
	queues trash
on ^popper: (.*): \((.*)\) Generic kerberos error \(kfailure\)
	queues trash
on ^quota\[(.+)\]: IOERROR: opening quota file .+: Permission denied
	queues trash
on ^mail.local: root: wrong owner \(is 1, should be 0\)
	queues trash
on ^sendmail\[(.+)\]: NOQUEUE: SYSERR: .+: line (.+): cannot alias non-local name
	queues trash
on ^sendmail\[(.+)\]: third party call from (.+) at (.+)
        queues trash
on ^sendmail\[(.+)]: NOQUEUE: SYSERR: getrequests: cannot bind: Address already in use
	queues trash
on ^sendmail\[(.+)\]: (.+): collect: premature EOM: Error 0
	queues trash
on ^sendmail\[(.+)\]: (.+): collect: premature EOM: Connection reset by (.+)
	queues trash
on ^sendmail\[(.+)\]: (.+): SYSERR\(root\): collect: I/O error on connection from
	queues trash
on ^sendmail\[(.+)\]: (.+): SYSERR: prescan: too many tokens
	queues trash
on ^sendmail\[(.+)\]: cannot get connection
	queues trash
on ^sendmail\[(.+)\]: (.+): SYSERR: putoutmsg \((.+)\): error on output channel sending (.*)
	queues trash
on ^sendmail\[(.+)\]: (.+): SYSERR: sendall: too many hops
	queues trash
on ^sendmail\[(.+)\]: (.+): SYSERR.*: Too many hops .+ \(.+ max\): from (.*)
	queues trash
on ^sendmail\[(.+)\]: (.+): (.+): DATA-2 protocol error: 221 Timeout waiting for input
	queues trash
on ^snmpdx: community_check\(\) : bad community from (.+)
	queues trash
on ^snmpdx: session_open\(\) failed for a pdu received from (.+)
	queues trash
on ^snmpdx: Agent snmpd is now OK
	queues trash
on ^syslogd: exiting on signal 15
	queues trash
on ^tcp_forwarder\[(.+)\]: read: s: Connection reset by peer
	queues trash
on ^tftpd\[(.+)\]: connect from: (.+)
	queues trash
on ^tftpd\[(.+)\]: (.+) requests (.+)
	queues trash
on ^tftpd\[(.+)]\: end session: (.+)
	queues trash
on ^unix: afs: Lost contact with file server (.+) in cell .+ .*
	queues trash
on ^unix: afs: file server (.+) in cell .+ is back up
	queues trash
on ^unix: afs: Lost contact with volume location server (.+) in cell .+
	queues trash
on ^unix: afs: Waiting for busy volume (.+) \((.*)\) in cell .+
	queues trash
on ^unix: afs: Waiting for busy volume (.+) in cell .+
	queues trash
on ^unix: Starting AFS cache scan...
	queues trash
on ^unix: Memory cache: Allocating (.+) dcache entries...
	queues trash
on ^unix: found (.+) non-empty cache files (.+)\.
	queues trash
on ^xntpd\[(.+)\]: time reset \(step\) .+ s
	queues trash

### 
### then everything else
###

on ^(.+): %SYS-3-CPUHOG: Task ran for (.+) msec \((.+)\), Process = ARP Input, PC = (.+)
	queues hourly-zephyr daily-mail
on ^(.+): %CLEAR-5-COUNTERS: Clear counter on interface ATM8/0 by vty0 \((.+)\)
	queues hourly-zephyr daily-mail
on ^(.+): %LINEPROTO-5-UPDOWN: Line protocol on Interface .*, changed state to (.*)
	queues hourly-zephyr daily-mail
on ^(.+): %LINK-3-UPDOWN: Interface .*, changed state to (.*)
	queues hourly-zephyr daily-mail
on ^(.+): %AT-1-NOMEM: Could not allocate memory for pdb at line (.+) in .+
	queues hourly-zephyr daily-mail
on ^(.+): -Process= "IP Input", ipl= (.+), pid= (.+)
	queues hourly-zephyr daily-mail
on ^deliver\[(.+)\]: .+ quota file (.+): No space
	queues hourly-zephyr daily-mail
on ^deliver\[(.+)\]: .+: unable to record (.+) of (.+) bytes in quota file (.+)
	queues hourly-zephyr daily-mail
on ^imapd\[(.+)\]: stating header for (.+): No such file or directory
	queues hourly-zephyr daily-mail
on ^imapd\[(.+)]: .*stating (.+): No such file or directory
	queues hourly-zephyr daily-mail
on ^pop3d\[(.+)\]: .+: .+ quota file (.+): No space
	queues hourly-zephyr daily-mail
on ^pop3d\[(.+)\]: .+: unable to record .+ of (.+) bytes in quota (.+)
	queues hourly-zephyr daily-mail
on ^sendmail\[(.+)\]: SYSERR.*: /usr/local/sendmail/etc/aliases.new: line (.+): readaliases
	queues hourly-zephyr daily-mail
on ^sendmail\[(.+)\]: (.+): (.+): SMTP DATA-2 protocol error: 501 Badly structu
	queues hourly-zephyr daily-mail
on ^sendmail\[(.+)\]: (.+): SYSERR(.*): (.+) config error: mail loops back to me
	queues hourly-zephyr daily-mail
on ^sendmail\[(.+)\]: (.+): SYSERR(.*): deliver: mci=(.+) rcode=(.+) errno=(.+) state=(.+)
	queues hourly-zephyr daily-mail
on ^sendmail\[(.+)\]: (.+): SYSERR(.*): timeout writing message to (.+)
	queues hourly-zephyr daily-mail
on ^sendmail\[(.+)\]: (.+): collect: premature EOM: Connection timed out with (.+)
	queues hourly-zephyr daily-mail
on ^sendmail\[(.+)\]: (.+): SYSERR: Cannot open (.+): No such file or directory
	queues hourly-zephyr daily-mail
on ^sendmail\[(.+)\]: (.+): SYSERR: (.+): line (.+): readqf: cannot open (.+): No such file or directory
	queues hourly-zephyr daily-mail
on ^sendmail\[(.+)\]: (.+): SYSERR: putoutmsg \((.+)\): error on output channel sending .*
	queues hourly-zephyr daily-mail
on ^snmpdx: session_open.. failed for a pdu received from (.+)
	queues hourly-zephyr daily-mail
on ^unix: afs: volume location server (.+) in cell .+ is back up
	queues hourly-zephyr daily-mail
on ^unix: afs: Lost contact with file server (.+) in cell .+
	queues hourly-zephyr daily-mail
on ^vmunix: afs: Lost contact with file server (.+) in cell .+
	queues hourly-zephyr daily-mail
on ^vmunix: afs: file server (.+) in cell .+ is back up
	queues hourly-zephyr daily-mail
on .*
        queues hourly-zephyr daily-mail