Bug#251404: [Logcheck-devel] Bug#251404: logcheck-database: rules don't match non local syslog messages
Christoph Martin
martin at uni-mainz.de
Thu Jun 3 11:06:37 UTC 2004
maks attems schrieb:
>>syslog has a "weird" feature. If a syslog deamon forwards the messages
>>to another host, there is one additional blank at the end of each
>>message on the remote host. Since most of the regex matches of
>>logcheck end with a $, these rules will not match non local syslog
>>messages. You should remove all the $ or replace them with <blank>?$.
>
> well logcheck removes trailing slashes whitespace before log
> entry is processed. so your bug report seems wired to me.
It might be that this was fixed some time ago with the removing of
trailing whitespace. I try to check it at the moment. But it takes some
time since I had some problems with the introduction of the logcheck
user . My /var/lib/logcheck/offset* files were owned by root, so
logcheck was checking all time from the beginning, which resulted in
very large and also late mails.
>>Example patch:
>>--- /etc/logcheck/ignore.d.paranoid/cron~ Sun May 16 08:37:22 2004
>>+++ /etc/logcheck/ignore.d.paranoid/cron Fri May 28 12:27:16 2004
>>@@ -1,1 +1,1 @@
>>-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\) CMD \(.*\)$
>>+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\) CMD \(.*\) ?$
>
> are you using logcheck-database outside of logcheck,
> or did logcheck report aboves line?
I only use it inside logcheck.
Christoph
--
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
Internet-Mail: Christoph.Martin at Uni-Mainz.DE
Telefon: +49-6131-3926337
Fax: +49-6131-3922856
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040603/744560d1/attachment.pgp
More information about the Logcheck-devel
mailing list