[Logcheck-devel] Bug#809605: logcheck: dhclient rules do not match because of [pid]
Calum Mackay
calum.mackay at cdmnet.org
Fri Jan 1 18:11:17 UTC 2016
Package: logcheck
Version: 1.3.17
Severity: normal
I'm getting lines like this in logcheck emails:
Jan 1 00:03:21 getz dhclient[27185]: DHCPREQUEST of 82.27.1.1 on enp2s0 to 62.254.1.1 port 67
despite there being lines in ignore.d.server/dhclient that are clearly intended
to match it:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?: DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].-]+ to [.0-9]{7,15} port 67$
This doesn't match, clearly, since the regex doesn't take account of the [pid]
following dhclient.
an alternative regex might be:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhclient(-2.2.x)?\[[1-9][0-9]*]: DHCP(REQUEST|RELEASE) (of [.0-9]{7,15} )?on [[:alnum:].-]+ to [.0-9]{7,15} port 67$
which would need to be done for all such lines in the dhclient ignore file.
Unless, for some reason my system is syslogging the pid when it shouldn't be?
thanks much,
calum.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.3.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages logcheck depends on:
ii adduser 3.113+nmu3
ii cron 3.0pl1-128
ii exim4-daemon-heavy [mail-transport-agent] 4.86-7
ii lockfile-progs 0.1.17
ii logtail 1.3.17
ii mime-construct 1.11+nmu1
ii rsyslog [system-log-daemon] 8.12.0-1
Versions of packages logcheck recommends:
ii logcheck-database 1.3.17
Versions of packages logcheck suggests:
ii syslog-summary 1.14-2.1
-- Configuration Files:
/etc/cron.d/logcheck changed:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
@reboot logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck -R; fi
4 * * * * logcheck if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi
/etc/logcheck/logcheck.conf [Errno 13] Permission denied: u'/etc/logcheck/logcheck.conf'
/etc/logcheck/logcheck.logfiles [Errno 13] Permission denied: u'/etc/logcheck/logcheck.logfiles'
-- no debconf information
More information about the Logcheck-devel
mailing list