Bug#306913: [Logcheck-devel] Bug#306913: logcheck: please allow @ in "hostname" part of logs
Jamie L. Penman-Smithson
jamie at silverdream.org
Wed May 4 20:56:18 UTC 2005
On Wed, 2005-05-04 at 19:44 +0200, maximilian attems wrote:
> On Wed, 04 May 2005, Jamie L. Penman-Smithson wrote:
> > > > Now logcheck doesn't usually allo for the @ in logs which results in
> > > > bascially no ignore line matching. Please add @ to the regexes, thanks.
> > <snip log snippets>
> > >
> > > ~/src/logcheck/rulefiles/linux$ egrep '\[._\[:alnum:\]-\]' -r . | wc -l
> > > 896
> > >
> > > that's not fun. while changing all those we'd better switch to the use of
> > > macros. very inclined to merge that with those open bugs.
> >
> > for i in *; do cat $i | sed -e "s/\[\._\[:alnum:\]-\]+/\[\._@\[:alnum:
> > \]-\]\+/" >> $i.new; done
> >
> > ..appears to work here..
>
> yes i know, could have done something similar with perl,
> but we just want to change all hostname and who says they
> are exactly formated like aboves and really hostnames you
> change. needs human edit and than it's better to do it
> right, no?
That only matches the first occurrence of [._[:alnum:]-]+ and since
every rule starts with "^\w{3} [ :0-9]{11} [._[:alnum:]-]+" it'll only
change the regexp we use for the hostname.
It's better than manually going through and changing every occurrence
800+ times. I've tested it here:
$ for i in *; do cat $i | sed -e "s/\[\._\[:alnum:\]-\]+/\[\._@\[:alnum:
\]-\]\+/" >> $i.new; done
$ egrep -vf ../logcheck/rulefiles/linux/TEST_ignore.d.server/postfix.new
postfix.log | egrep
-vf ../logcheck/rulefiles/linux/violations.ignore.d/logcheck-postfix
$
They work just as well as the old rules, they just match the additional
'@'..
However, if you'd rather wait for macro support, that's fine.
-j
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20050504/1465202b/attachment.pgp
More information about the Logcheck-devel
mailing list