[Logcheck-devel] Bug#506863: Ignore filter not working as expected

[Hansa]

Package: logcheck
Version: 1.2.45
OS: FreeBSD 6.2-RELEASE

I use the following filter to ignore tls_prune DBERROR's:
/usr/local/etc/logcheck/ignore.d.server/cyrus
	^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tls_prune\[[0-9]+\]: DBERROR db[0-9]:
[0-9]+ lockers$

Running logcheck however it still prints out a security event:
# su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck -l
message.log -o -t"

Security Events
=-=-=-=-=-=-=-=
Nov  5 03:00:00 gonzo tls_prune[7326]: DBERROR db4: 4 lockers
....

If I test the rule it works flawless:
# sed -e 's/[[:space:]]*$//' message.log | egrep \
  '^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tls_prune\[[0-9]+\]: DBERROR db[0-9]:
[0-9]+ lockers$'

Output:
  Oct 24 04:00:00 gonzo tls_prune[55124]: DBERROR db4: 4 lockers

I guess this is a bug.

Best regards,

Hansa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cyrus
Type: application/octet-stream
Size: 1847 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20081125/165987f2/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: message.log
Type: application/octet-stream
Size: 629 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20081125/165987f2/attachment-0001.obj