[Logcheck-users] Why does this rule not work?
dietmar.4711 at web.de
dietmar.4711 at web.de
Mon Jan 12 01:22:02 UTC 2015
Hello,
I have log output from git in my auth.log which I want to eliminate.
All lines begin like this:
Jan 11 23:36:21 mg sudo: git :
I now created this rule:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: git :
Regarding the output from "logcheck-test", this just works fine:
--- snip ---
logcheck-test -a '^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: git :'
Jan 11 23:36:21 mg sudo: git : TTY=unknown ;
================================================================================
parsed file: /var/log/auth.log
used rule: '^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: git :'
--- snap ---
But I am getting this in my logheck mails over and over again, it seems to be ignored completely.
I am sure the rule exists in the correct file, since other manually added rules there (e.g. rules to eliminate some sshd output in auth.log) just work fine.
Any ideas?
Thank you,
Dietmar
More information about the Logcheck-users
mailing list