Bug#251404: [Logcheck-devel] Bug#251404: logcheck-database: rules don't match non local syslog messages

Christoph Martin martin at uni-mainz.de
Thu Jun 3 11:06:37 UTC 2004


maks attems schrieb:
>>syslog has a "weird" feature. If a syslog deamon forwards the messages
>>to another host, there is one additional blank at the end of each
>>message on the remote host. Since most of the regex matches of
>>logcheck end with a $, these rules will not match non local syslog
>>messages. You should remove all the $ or replace them with <blank>?$.
> 
> well logcheck removes trailing slashes whitespace before log
> entry is processed.  so your bug report seems wired to me.

It might be that this was fixed some time ago with the removing of
trailing whitespace. I try to check it at the moment. But it takes some
time since I had some problems with the introduction of the logcheck
user . My /var/lib/logcheck/offset* files were owned by root, so
logcheck was checking all time from the beginning, which resulted in
very large and also late mails.

>>Example patch:
>>--- /etc/logcheck/ignore.d.paranoid/cron~       Sun May 16 08:37:22 2004
>>+++ /etc/logcheck/ignore.d.paranoid/cron        Fri May 28 12:27:16 2004
>>@@ -1,1 +1,1 @@
>>-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\) CMD \(.*\)$
>>+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\) CMD \(.*\) ?$
> 
> are you using logcheck-database outside of logcheck,
> or did logcheck report aboves line?

I only use it inside logcheck.

Christoph

-- 
============================================================================
Christoph Martin, EDV der Verwaltung, Uni-Mainz, Germany
 Internet-Mail:  Christoph.Martin at Uni-Mainz.DE
  Telefon: +49-6131-3926337
      Fax: +49-6131-3922856
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040603/744560d1/attachment.pgp 


More information about the Logcheck-devel mailing list