[Logcheck-commits] CVS logcheck/docs
CVS User ttroxell
logcheck-devel@lists.alioth.debian.org
Thu, 14 Oct 2004 13:00:33 -0600
Update of /cvsroot/logcheck/logcheck/docs
In directory haydn:/tmp/cvs-serv21730/docs
Modified Files:
README.logcheck-database
Log Message:
clarifying changes, hope you don't mind
--- /cvsroot/logcheck/logcheck/docs/README.logcheck-database 2004/10/12 19:45:56 1.4
+++ /cvsroot/logcheck/logcheck/docs/README.logcheck-database 2004/10/14 19:00:33 1.5
@@ -155,11 +155,14 @@
hostnames explicitly - hence "oempc" above, rather than the pattern
"[._[:alnum:]-]+".
-A quick test for a new rule would be to grep aboves regex against
-its logfile, but it is safer to remove any trailing space before:
+To test new rules, you can grep your log file, and remove trailing
+space with something like this:
+
sed -e 's/[[:space:]]+$//' /var/log/syslog | egrep \
'^\w{3} [ :0-9]{11} oempc wwwoffled\[[0-9]+\]: WWWOFFLE (On|Off)line\.$'
+If the log line is displayed, then your regex works.
+
Pass all rules files through "sort -u" to simplify maintenance, then
ensure they have a final end-of-line carriage return so that they
"cat" nicely. Since System Events aren't subdivided by package, it