[Logcheck-devel] Bug#278337: logcheck: perdition adds extra spaces on SOME syslog messages

Brendon Baumgartner brendon at brendon.com
Tue Oct 26 08:28:19 UTC 2004 

Package: logcheck
Version: 1.2.29
Severity: minor
Tags: patch

Whew. First, thanks for all the work on this guys. Tracking these rules
is a real stinker. maximilian attems and the rest of the team has done a great job.

Here are tested rules for perdition. (different from whats in CVS). Notice 
the messed up spacing at the end. Maybe a bug should be filed with perdition
as well? I don't know of any program that does this. It's not even consistent!!

maximilian suggested I use the latest perdition rules. I did, and low and 
behold, it wasn't working. I then looked closer. I checked /var/log/syslog, and
yes, those spaces do exist, and yes, there are TWO spaces on the Connect 
message, not one.

I'm using perdition 1.15-2 btw.

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}  $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Auth: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} user=\"[[:alnum:]+[:punct:]+]+\" server=\"[[:alnum:]+[:punct:]]+\" port=\"[0-9]+\" status=\"ok\" $
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Close: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}->[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} user=\"[[:alnum:]+[:punct:]+]+\" received=[0-9]+ sent=[0-9]+ $



-- System Information:
Debian Release: testing/unstable
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.22
Locale: LANG=C, LC_CTYPE=C

Versions of packages logcheck depends on:
ii  adduser          3.51                    Add and remove users and groups
ii  cron             3.0pl1-86               management of regular background p
ii  debconf [debconf 1.3.20                  Debian configuration management sy
ii  debianutils      2.6.1                   Miscellaneous utilities specific t
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logcheck-databas 1.2.29                  A database of system log rules for
ii  logtail          1.2.29                  Print log file lines that have not
ii  mailx            1:8.1.2-0.20031014cvs-1 A simple mail user agent
ii  perl             5.8.3-3                 Larry Wall's Practical Extraction 
ii  postfix [mail-tr 2.1.4-5                 A high-performance mail transport 
ii  sysklogd [system 1.4.1-10                System Logging Daemon

-- debconf information:
  logcheck/changes: 
* logcheck/install-note:

More information about the Logcheck-devel mailing list