[Logcheck-commits] CVS logcheck/docs
CVS User maks-guest
logcheck-devel@lists.alioth.debian.org
Tue, 28 Sep 2004 09:40:30 -0600
Update of /cvsroot/logcheck/logcheck/docs
In directory haydn:/tmp/cvs-serv21627/docs
Modified Files:
README.logcheck-database
Log Message:
small docu update, please proof read. :)
--- /cvsroot/logcheck/logcheck/docs/README.logcheck-database 2004/04/27 08:12:29 1.2
+++ /cvsroot/logcheck/logcheck/docs/README.logcheck-database 2004/09/28 15:40:30 1.3
@@ -155,6 +155,11 @@
hostnames explicitly - hence "oempc" above, rather than the pattern
"[._[:alnum:]-]+".
+A quick test for a new rule would be to grep aboves regex against
+its logfile, but it is safer to remove any trailing space before:
+sed -e 's/ *$//' /var/log/syslog | egrep \
+'^\w{3} [ :0-9]{11} oempc wwwoffled\[[0-9]+\]: WWWOFFLE (On|Off)line\.$'
+
Pass all rules files through "sort -u" to simplify maintenance, then
ensure they have a final end-of-line carriage return so that they
"cat" nicely. Since System Events aren't subdivided by package, it