Bug#273433: [Logcheck-devel] Bug#273433: logcheck: odd behaviour with perdition rules
maks attems
debian at sternwelten.at
Sun Sep 26 14:08:22 UTC 2004
hello Jamie :)
thanks for those rule, i'll incorporate them soon.
but wanted to quick answer your question.
On Sun, 26 Sep 2004, Jamie L. Penman-Smithson wrote:
..
> ...even though these messages are matched by the 'Connect' rule above:
>
> jps at evenstar:~$ sudo egrep "^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition
> \[[0-9]+\]: Connect: [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}-
> >[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} $" /var/log/mail.log
> Sep 19 17:40:07 evenstar perdition[1329]: Connect: 82.133.58.132-
> >82.133.58.132
> Sep 19 17:40:07 evenstar perdition[1334]: Connect: 82.133.58.132-
> >82.133.58.132
> Sep 19 17:40:07 evenstar perdition[1335]: Connect: 82.133.58.132-
> >82.133.58.132
> Sep 19 17:40:07 evenstar perdition[1337]: Connect: 82.133.58.132-
> >82.133.58.132
>
> I've fiddled with it and can't see for the life of me why logcheck isn't
> applying that rule..
logcheck removes trailing slashes before applying the egrep ignore
regexes, sorry that's not documented in README.logcheck-database.gz.
will update that too.
please report back if your aboves rail without the trailing slashes
works.
thanks again!
--
maks
More information about the Logcheck-devel
mailing list