[Logcheck-devel] regexp database question
Mici Maci
mmaci at freemail.hu
Sat Dec 18 16:38:52 UTC 2004
Hi All,
I'm interested in setting up a central log collector and
analyser system. I have written a CGI, that displays
log messages throug an https connection, and I have
added a selection menu to choose an ignorance level:
none < paranoid < server < workstation. I use Your
*.d *.ignore.d ignore.d.{server,workstation,paranoid}
files to deal with a log line.
The CGI works fine on my PC but behaves differently
on the productional system. Reason: I realized that the
database files are different on the two machines: on my
PC there are lots of packages installed that have their own
/etc/logcheck/... regexp files. For example: apmd,
clamav-daemon, fetchmail, gnome-bin, ntpdate,
nullmailer, syslog-ng, etc. in addition to logcheck-database.
(I use Debian Linux.) On the productional system
there's only logcheck-database and syslog-ng installed.
Patterns for a lot of service is missing.
How does it work? Will these additional regexp files
migrated into the logcheck-database package in the
future? Or do I have to grab all the disorganized files
from other packages? I don't want to install unnecessary
packages at all. Could You please help me find the
solution?
mm.
More information about the Logcheck-devel
mailing list