Bug#251404: [Logcheck-devel] Bug#251404: logcheck-database: rules don't match non local syslog messages
maks attems
debian at sternwelten.at
Fri May 28 19:20:44 UTC 2004
hey christoph,
On Fri, 28 May 2004, Christoph Martin wrote:
> Package: logcheck-database
> Version: 1.2.20a
> Severity: normal
> Tags: patch
>
> syslog has a "weird" feature. If a syslog deamon forwards the messages
> to another host, there is one additional blank at the end of each
> message on the remote host. Since most of the regex matches of
> logcheck end with a $, these rules will not match non local syslog
> messages. You should remove all the $ or replace them with <blank>?$.
well logcheck removes trailing slashes whitespace before log
entry is processed. so your bug report seems wired to me.
> Example patch:
> --- /etc/logcheck/ignore.d.paranoid/cron~ Sun May 16 08:37:22 2004
> +++ /etc/logcheck/ignore.d.paranoid/cron Fri May 28 12:27:16 2004
> @@ -1,1 +1,1 @@
> -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\) CMD \(.*\)$
> +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: \([[:alnum:]-]+\) CMD \(.*\) ?$
are you using logcheck-database outside of logcheck,
or did logcheck report aboves line?
thanks for further infos
a+ maks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040528/50fdadf1/attachment.pgp
More information about the Logcheck-devel
mailing list