[Logcheck-devel] Bug#254542: rng-tools: Bad non-error message [PATCH]

Kapil Hari Paranjape kapil at imsc.res.in
Wed Jun 16 06:40:11 UTC 2004


On Wed, Jun 16, 2004 at 12:00:56AM -0300, Henrique de Moraes Holschuh wrote:
> reassign 254542 logcheck
> retitle logcheck: logcheck overrides package ignore.d entries by default
> severity 254542 wishlist
> thanks
> 
> On Tue, 15 Jun 2004, Kapil Hari Paranjape wrote:
> > The rngd daemon generates a non-error message like
> > 	Jun 15 16:44:34 as82 rngd: stats: FIPS 140-2 failures: 0
> > 
> > that is annoying to us logcheck users since it contains the word
> > "failure" which causes it to put up a violation flag with logcheck.
> 
> Which is a logcheck misfeature (because it is enabled by default, and
> the override contains a lot of common words, such as "failure"), AND 
> it overrides explicit ignore.d lines.
> 
> rngd will *absolutely not* be changed for such a reason.  Ignore.d
> files are in place to stop logcheck complaining about the trivial log
> messages.
> 
> If logcheck will insist on overriding it, that's not something I can do
> anything about.
> 
> So, your hope rests on the logcheck maintainer disabling that override
> regexp, or doing it yourself.  I am reassigning the bug to logcheck,
> for the logcheck maintainer to do as he sees fit.  Personally, I'd
> like to have the ignore.d regexps to have absolute priority above all
> else.
> 

I should have read the logcheck documentation more carefully before
filing the bug. I didn't want to start a controversy...

Anyway, here is a way in which you can fix the problem.

Add a file called (say /etc/logcheck/violations.ignore.d/rng-tools)
which contains the line

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rngd: stats: FIPS 140-2 failures: 0$

According to the logcheck documentation, the directory
viloations.ignore.d refers to lines that would match entries in
violations.d but nevertheless need to be ignored.

I have created the entry in a way that *only* 0 failures for FIPS tests
are matched, you may want to create something more general.

Regards,

Kapil.
-- 





More information about the Logcheck-devel mailing list