[Logcheck-devel] Bug#325800: logcheck: filters miss nfs mount/unmount messages
toby cabot
toby at caboteria.org
Wed Aug 31 03:28:35 UTC 2005
Package: logcheck
Version: 1.2.41
Severity: wishlist
Hi, thanks for maintaining logcheck, it works very well. At some
point it appears as if the log messages for nfs mounts and unmounts
changed out from under you. There's a rule in
/etc/logcheck/ignore.d.server/nfs to filter out messages like this:
Aug 22 21:00:49 phoenix mountd[29423]: authenticated mount request from warthog.caboteria.org:601 for /home (/home)
but it expects the message to be slightly different: "rpc.mountd:"
instead of "mountd[29423]". I believe that adding the following line
to the file will catch those messages:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: authenticated (un|)mount request from [._[:alnum:]-]+:[0-9]+ for (/[[:alnum:]]*)+ \((/[[:alnum:]]*)+\)$
Thanks,
Toby
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.10-1-686-smp
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages logcheck depends on:
ii adduser 3.67 Add and remove users and groups
ii cron 3.0pl1-91 management of regular background p
ii debconf [debconf 1.4.58 Debian configuration management sy
ii debianutils 2.14.2 Miscellaneous utilities specific t
ii grep 2.5.1.ds1-5 GNU grep, egrep and fgrep
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logcheck-databas 1.2.41 database of system log rules for t
ii logtail 1.2.41 Print log file lines that have not
ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii postfix [mail-tr 2.2.4-1 A high-performance mail transport
ii sysklogd [system 1.4.1-17 System Logging Daemon
logcheck recommends no packages.
-- debconf information:
* logcheck/noroot:
logcheck/changes:
* logcheck/install-note:
More information about the Logcheck-devel
mailing list