Bug#325800: [Logcheck-devel] Bug#325800: logcheck: filters miss nfs mount/unmount messages

[maximilian attems]

tags 325800 pending
thanks

On Tue, 30 Aug 2005, toby cabot wrote:

> Hi, thanks for maintaining logcheck, it works very well.  At some
> point it appears as if the log messages for nfs mounts and unmounts
> changed out from under you.  There's a rule in
> /etc/logcheck/ignore.d.server/nfs to filter out messages like this:
> 
> Aug 22 21:00:49 phoenix mountd[29423]: authenticated mount request from warthog.caboteria.org:601 for /home (/home)
> 
> but it expects the message to be slightly different: "rpc.mountd:"
> instead of "mountd[29423]".  I believe that adding the following line
> to the file will catch those messages:
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mountd\[[0-9]+\]: authenticated (un|)mount request from [._[:alnum:]-]+:[0-9]+ for (/[[:alnum:]]*)+ \((/[[:alnum:]]*)+\)$
> 
> Thanks,
> Toby

thanks a lot for the catch and posting example message.
added your rule to current cvs.

will be part of next release.

--
maks