Bug#273433: [Logcheck-devel] Bug#273433: logcheck: odd behaviour with perdition rules
Jamie L. Penman-Smithson
jamie at silverdream.org
Sun Sep 26 22:27:31 UTC 2004
Hey maks :)
On Sun, 2004-09-26 at 16:08 +0200, maks attems wrote:
> thanks for those rule, i'll incorporate them soon.
> but wanted to quick answer your question.
I have a feeling the rules are already in the package.
> logcheck removes trailing slashes before applying the egrep ignore
> regexes, sorry that's not documented in README.logcheck-database.gz.
> will update that too.
Well I tried:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect:
[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}-
>[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} +$
and..
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect:
[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}-
>[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} $
It seems the only way to get it to work is by using .*:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect:
[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}-
>[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.*$
It looks like logcheck doesn't handle spaces at the end of rules very
well..?
> please report back if your aboves rail without the trailing slashes
> works.
> thanks again!
Thanks,
--
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
w: http://www.silverdream.org | p: sms at silverdream.org
pgp key @ http://silverdream.org/~jps/pub.key
22:30:01 up 2 days, 2:19, 14 users, load average: 0.41, 0.61, 0.72
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040926/e224ff7f/attachment.pgp
More information about the Logcheck-devel
mailing list