[Logcheck-devel] Bug#506863: Ignore filter not working as expected
Hansa
mythtv at logic-q.nl
Tue Nov 25 11:59:54 UTC 2008
Package: logcheck
Version: 1.2.45
OS: FreeBSD 6.2-RELEASE
I use the following filter to ignore tls_prune DBERROR's:
/usr/local/etc/logcheck/ignore.d.server/cyrus
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tls_prune\[[0-9]+\]: DBERROR db[0-9]:
[0-9]+ lockers$
Running logcheck however it still prints out a security event:
# su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck -l
message.log -o -t"
Security Events
=-=-=-=-=-=-=-=
Nov 5 03:00:00 gonzo tls_prune[7326]: DBERROR db4: 4 lockers
....
If I test the rule it works flawless:
# sed -e 's/[[:space:]]*$//' message.log | egrep \
'^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tls_prune\[[0-9]+\]: DBERROR db[0-9]:
[0-9]+ lockers$'
Output:
Oct 24 04:00:00 gonzo tls_prune[55124]: DBERROR db4: 4 lockers
I guess this is a bug.
Best regards,
Hansa
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cyrus
Type: application/octet-stream
Size: 1847 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20081125/165987f2/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: message.log
Type: application/octet-stream
Size: 629 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20081125/165987f2/attachment-0001.obj
More information about the Logcheck-devel
mailing list