Bug#273433: [Logcheck-devel] Bug#273433: logcheck: odd behaviour with perdition rules

[Jamie L. Penman-Smithson]

Hey maks :)

On Sun, 2004-09-26 at 16:08 +0200, maks attems wrote:
> thanks for those rule, i'll incorporate them soon.
> but wanted to quick answer your question.

I have a feeling the rules are already in the package.

> logcheck removes trailing slashes before applying the egrep ignore
> regexes, sorry that's not documented in README.logcheck-database.gz.
> will update that too.

Well I tried:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect:
[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}-
>[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} +$

and..

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect:
[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}-
>[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3} $

It seems the only way to get it to work is by using .*:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ perdition\[[0-9]+\]: Connect:
[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}-
>[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.*$

It looks like logcheck doesn't handle spaces at the end of rules very
well..?

> please report back if your aboves rail without the trailing slashes
> works.
> thanks again!

Thanks,

-- 
-jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org
 w: http://www.silverdream.org | p: sms at silverdream.org
 pgp key @ http://silverdream.org/~jps/pub.key
 22:30:01 up 2 days,  2:19, 14 users,  load average: 0.41, 0.61, 0.72

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040926/e224ff7f/attachment.pgp