- keep an eye on the rpm database, and log changes
- append sysstat stats?
- add hook to run arbitrary command and append its output (-> modularize logdigest?)
- look for "No space left on device" messages, or even watch the disk free space itself
- show used cpu/system time for the logdigest the job
- optionally gpg-encrypt mails (a variable specifying a public key would do, to switch it on)

- recognize common problems and give advice, e.g. when encountering

  Aug 17 09:27:16 backup atd[8335]: File a001f3010dd35b is in wrong format - aborting
  Aug 17 09:27:16 backup atd[8336]: File a001f3010dcdbb is in wrong format - aborting
  Aug 17 09:27:16 backup atd[8337]: File a001f3010dd35b is in wrong format - aborting

  E.g. in this case:
  * don't show all the lines, just an example
  * tell that it's highly suspicious for disk space shortage
  * explain how to get rid of the broken jobs (rm ...)

- "This could indicate tampering." message could mention that logrotate -f could also be a reason

- append output of rpmconfigcheck (i.e. configuration files to be resolved)

- escape non-displayable characters, or encode mail as quoted-printable
  see https://bugzilla.novell.com/show_bug.cgi?id=219296


- https://bugzilla.novell.com/show_bug.cgi?id=436313
  Suggestion from Christian Boltz:

  > Logdigest is a nice tool and it comes with quite good preconfiguration.
  > 
  > However, sometimes it hits back that alarming matches on words like "REJECT"
  > because it makes it basically impossible to monitor /v/l/mail (I have 50.000
  > REJECT'ed spam mails per day - guess how large the logdigest mail would be ;-)
  > 
  > Yes, I could modify the alarming file - but this is not the best solution
  > because of expected problems on the next update ;-)
  > 
  > The better solution would be an option to exclude patterns from the alarming
  > list. On the programming side, would look like
  > 
  >    cat logfile | grep -f alarming -f alarming.local | grep -vf noalarming.local
  > 
  > I could then keep REJECT in alarming, but grep away the well-known reject
  > reasons like blacklist hits via noalarming.local. Unexpected reject reasons
  > would still be listed in the logdigest mail.


Note for a possible rewrite in python:
- logtail saves the inode (to check for rotation), which would be os.stat('/var/log/messages').st_ino in python
  otherwise it passes through the file, and saves the offset
- for escaping non-displayable characters, could use binascii.b2a_qp()


