[Logcheck-devel] Bug#270018: HylaFax send logs after log level reduction

Ross Boylan RossBoylan at stanfordalumni.org
Sun Oct 31 20:42:23 UTC 2004 

Thanks for the revised rules.  In reviewing them, I think I noticed at
least one other problem.

On Sun, Oct 31, 2004 at 02:43:12PM +0000, Jamie L. Penman-Smithson wrote:
> Thanks for those rules, I've hacked them a bit and this is what I've got
> (everything has been tested against the log message you've given):
I probably should have done that too:)

For a couple of rules I inexplicably added a 1 to the job number.
This happens to work with my test data, but is not right.  I think it
should be
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxSend\[[0-9]+\]: SEND FAX: JOB [[:digit:]]+ DEST [ [:digit:]()-]+ COMMID \w+ DEVICE '/[/[:alnum:]]+'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxSend\[[0-9]+\]: SEND FAX: JOB [[:digit:]]+ SENT in [[:digit:]:]{4,5}$
Also, notice that in the first rule above I added the requirement that
the device name start with a /.

Out of curiosity, where does the requirement to quote " come from?  I
don't see it in the egrep man page.

In a couple of places (one of which is above) you use
[[:digit:]:]{4,5} for time.  Since, in principle, it is unbounded
above, perhaps it should be 
[[:digit:]:]{4,}
or at least a higher number than 5.
Even more exact, it could be
[[:digit:]]+:[[:digit:]]{2}
In reviewing my logs, including messages not posted to this bug, it
looks as if the seconds are always reported as 2 digits, even when <
10.

Putting that all together (but retaining the quoting of "), I get this
for the recent set of changes:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: MODEM [.[:space:][:alnum:]/]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ HylaFAX\[[0-9]+\]: Filesystem has SysV-style file creation semantics\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxGetty\[[0-9]+\]: ANSWER: Can not lock modem device$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxQueuer\[[0-9]+\]: NOTIFY: bin/notify \"doneq/q[[:digit:]]+\" \"done\" \"[[:digit:]]+:[[:digit:]]{2}\"$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxQueuer\[[0-9]+\]: NOTIFY exit status: 0 \([[:digit:]]+\)$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxSend\[[0-9]+\]: SEND FAX: JOB [[:digit:]]+ DEST [ [:digit:]()-]+ COMMID \w+ DEVICE '/[/[:alnum:]]+'$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ FaxSend\[[0-9]+\]: SEND FAX: JOB [[:digit:]]+ SENT in [[:digit:]]+:[[:digit:]]{2}$

More information about the Logcheck-devel mailing list