[Logcheck-devel] Bug#270018: HylaFax send logs after log level reduction

[Jamie L. Penman-Smithson]

On Sun, 2004-10-31 at 12:42 -0800, Ross Boylan wrote:
> Thanks for the revised rules.  In reviewing them, I think I noticed at
> least one other problem.

> For a couple of rules I inexplicably added a 1 to the job number.
> This happens to work with my test data, but is not right.  I think it
> should be
<snip>

I've removed the additional 1, I should have spotted that before.

> Also, notice that in the first rule above I added the requirement that
> the device name start with a /.

I didn't include the starting /, so in order to match, the device name
doesn't have to start with a /.

> Out of curiosity, where does the requirement to quote " come from?  I
> don't see it in the egrep man page.
> 
> In a couple of places (one of which is above) you use 
> [[:digit:]:]{4,5} for time.  Since, in principle, it is unbounded
> above, perhaps it should be [[:digit:]:]{4,} or at least a higher number than 5.
>
> Even more exact, it could be [[:digit:]]+:[[:digit:]]{2}
> In reviewing my logs, including messages not posted to this bug, it
> looks as if the seconds are always reported as 2 digits, even when <
> 10.

Okay, I've changed it to [[:digit:]]+:[[:digit:]]{2}.

The rules as they are now are:

ignore.d.server/hylafax:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxQueuer\[[0-9]+\]: SUBMIT JOB
[[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxQueuer\[[0-9]+\]: FIFO RECV
\"Sclient/[[:digit:]]+:[[:digit:]]+\"$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxQueuer\[[0-9]+\]: JOB [[:digit:]]+
\((ready|active) dest [[:digit:]\+]+ pri [[:digit:]]+ tts
[[:digit:]]+:[[:digit:]]+ killtime
[[:digit:]]+:[[:digit:]]+:[[:digit:]]+\): (READY|PROCESS|ACTIVE|PREPARE
START)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: LOCKWAIT$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxQueuer\[[0-9]+\]: STATE CHANGE:
RUNNING -> LOCKWAIT \(timeout [[:digit:]]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: MODEM
[.[:space:][:alnum:]/]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ HylaFAX\[[0-9]+\]: Filesystem has
SysV-style file creation semantics\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: ANSWER: Can not
lock modem device$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxQueuer\[[0-9]+\]: NOTIFY:
bin/notify \"doneq/q[[:digit:]]+\" \"done\"
\"[[:digit:]]+:[[:digit:]]{2}\"$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxQueuer\[[0-9]+\]: NOTIFY exit
status: 0 \([[:digit:]]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxSend\[[0-9]+\]: SEND FAX: JOB
[[:digit:]]+ DEST [ [:digit:]()-]+ COMMID \w+ DEVICE '[/[:alnum:]]+'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxSend\[[0-9]+\]: SEND FAX: JOB
[[:digit:]]+ SENT in [[:digit:]]+:[[:digit:]]{2}$

violations.ignore.d/logcheck-hylafax:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxQueuer\[[0-9]+\]: NOTIFY:
bin/notify \"doneq/q[[:digit:]]+\" \"failed\" \"[:0-9]{4,5}\"$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxQueuer\[[0-9]+\]: JOB [0-9]+
\(failed dest \+[[:digit:]]+ pri [0-9]+ tts [:0-9]{4,5} killtime
[:0-9]{7,8}\): (DEAD|DELETE|SEND DONE: [:0-9]{4,5})$

-- 
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
 w: http://www.silverdream.org | p: sms at silverdream.org
 pgp key @ http://silverdream.org/~jps/pub.key
 21:30:02 up 17 min,  2 users,  load average: 2.65, 2.52, 1.58

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20041101/f26e8266/attachment.pgp