Bug#271286: [Logcheck-devel] Bug#271286: minor fix for ignore.d.server/oidentd
Jonas Meurer
jonas at freesources.org
Mon Sep 13 07:05:22 UTC 2004
On 13/09/2004 maks attems wrote:
> > anyway, some oidentd logs don't have a hostname:
> > oidentd[34562]: Connection from 241.145.24.135:2353
>
> could you post full log line?
this is the line, rendered by syslog-summary. the full log line is:
Sep 12 13:27:31 diana50 oidentd[16365]: Connection from 241.145.24.135:2353
> > therefore you have to add:
> > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
> > \([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\):[0-9]{1,5}$
>
> hmm that shouldn't work for aboves messages because of the enclosed '\(...\)'
so the line you have to add is:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}:[0-9]{1,5}$
bu maybe this works:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ oidentd\[[0-9]+\]: Connection from \
[._[:alum:]-]+ \(?[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\)?:[0-9]{1,5}$
> you can easily test your regexes in a file like local-oidentd
> put in the /etc/logcheck/ignore.d.server.
i added the new line, and it seems to work quite well. not sure about
the second one, which superseeds the two obsolete ones.
bye
jonas
More information about the Logcheck-devel
mailing list