#!/bin/sh
# Prparieren einer logcheck-Mail fr das Einfgen in logcheck-ignore

prepare_it () {
mv $1 $1~
cat $1~ | \
  sed "s/[()\'\`+*]/./g"             | \
  sed "s/?/\\\\?/g"                  | \
  sed "/^$/d"                        | \
  sed "s/^\(sudo: .*TTY=\).*\(COMMAND[^ ]*\) *.*/\1pts\/[0-9][0-9]* ; .* ; \2/g"         | \
  grep -v -- "=-=-=-=-"                         | \
  grep -v -- " or deinstall logcheck"           | \
  grep -v -- "System Events"                    | \
  grep -v -- "Security Events"                  | \
  perl -e 'while(<>){s/^\w{3} [ :0-9]{11} [._[:alnum:]-]+ ([._[:alnum:]-]+)\[[0-9]+\]/^\\w{3} [ :0-9]{11} [._[:alnum:]-]+ $1\\[[0-9]+\\]/;print}' | \
  sort                                          | \
  uniq | \
cat > $1
rm $1~
}

if [ _$1 = _ ] ; then
  echo Welche Datei denn?
  exit
fi

cat $1 | \
  grep -v "^From:* " | \
  grep -v "^Date: "   | \
  grep -v "^To: "    | \
  grep -v "^Subject: " | \
  grep -v "^This .*mail is sent by logcheck. If you .* receive"      | \
  grep -v "^you can either deinstall the logcheck package or modify" | \
  grep -v "^please modify the configuration files in /etc/logch"     | \
  grep -v "^configuration file ./etc/logcheck/logcheck.conf"         | \
  grep -v "=-=-=-=-=-=-=-=-"                                         | \
  grep -v -- "report was produced by logcheck version"               | \
  grep -v -- "message and the header message above may be altered by creating" | \
  grep -v -- "/etc/logcheck/[fh][eo]"                                | \
cat > $1.tmp

cat $1.tmp | \
  sed "/^Security Violations/,/^$/d" | \
  grep -v "System Events"    | \
cat > $1.ignore
cat $1.tmp | \
  sed "/^System Events/,/^$/d"   | \
  grep -v "Possible Security Violations" | \
  grep -v "Security Violations"          | \
cat > $1.violations.ignore
rm $1.tmp

prepare_it $1.ignore
prepare_it $1.violations.ignore
