[Logcheck-devel] Bug#482523: logcheck: Rule does not work - regex was tested
Valeri Geiser
valeri at a-little-bit.de
Fri May 23 09:43:56 UTC 2008
Package: logcheck
Version: 1.2.63~bpo40+2
Severity: normal
Hi, this is probably not a bug, but a mistake of mine. But after going
through the documentation and the website again and again I cannot see
where I am mistaken.
The following logline:
May 22 19:38:26 mail in.imapproxyd[9532]: Raw_Proxy(): Failed to read
line from client on socket 7
is not catched by the rule
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: Raw.*$
in the file imapproxy.
But the proposed test lists the line:
sed -e 's/[[:space:]]*$//' /var/log/syslog.0 | egrep '^\w{3} [ :0-9]{11}
[._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: Raw.*$'
Also I do not see any ignore-rule that should apply to this. Several
other rules in that specific file have the same problem. Do you have
a hint?
Thanks & regards,
Valeri
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.9-023stab043.3-smp
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Versions of packages logcheck depends on:
ii adduser 3.102 Add and remove users and groups
ii cron 3.0pl1-100 management of regular background p
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logtail 1.2.63~bpo40+2 Print log file lines that have not
ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii postfix [mail-tr 2.3.8-2+b1 A high-performance mail transport
ii sysklogd [system 1.4.1-18 System Logging Daemon
Versions of packages logcheck recommends:
ii logcheck-database 1.2.63~bpo40+2 database of system log rules for t
-- no debconf information
More information about the Logcheck-devel
mailing list