[Logcheck-devel] Bug#251404: logcheck-database: rules don't match non local syslog messages

[Christoph Martin]

Package: logcheck-database
Version: 1.2.20a
Severity: normal
Tags: patch

syslog has a "weird" feature. If a syslog deamon forwards the messages
to another host, there is one additional blank at the end of each
message on the remote host. Since most of the regex matches of
logcheck end with a $, these rules will not match non local syslog
messages. You should remove all the $ or replace them with <blank>?$.

Example patch:
--- /etc/logcheck/ignore.d.paranoid/cron~       Sun May 16 08:37:22 2004
+++ /etc/logcheck/ignore.d.paranoid/cron        Fri May 28 12:27:16 2004
@@ -1,1 +1,1 @@
-^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\) CMD \(.*\)$
+^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\) CMD \(.*\) ?$

Christoph



-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux violet 2.4.20 #1 SMP Fri May 2 16:13:28 MEST 2003 i686
Locale: LANG=C, LC_CTYPE=C

Versions of packages logcheck-database depends on:
ii  debconf                       1.4.25     Debian configuration management sy
ii  debconf [debconf-2.0]         1.4.25     Debian configuration management sy