[Logcheck-devel] Bug#407087: Logcheck rule update.

[Dave Vehrs]

Package:  logcheck-database
Version:  1.2.52
Severity: Minor
Tags:     Patch

I've got a suggested rule update for the kernel file in the
/etc/logcheck/ignore.d.workstation directory.

The file already contains this rule: 
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: input: Logitech USB Mouse as /class/input/input[[:digit:]]+$

However my system was reporting the following two similar events:
[date] [hostname] kernel: input: B16_b_02 USB-PS/2 Optical Mouse as /class/input/input644
[date] [hostname] kernel: input: Chicony  PFU-65 USB Keyboard as /class/input/input636

Which I was able to capture with the following two rules:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: input: Chicony  PFU-65 USB Keyboard as /class/input/input[[:digit:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: input: B16_b_02 USB-PS/2 Optical mouse as /class/input/input[[:digit:]]+$

However, then I got to thinking about combining the rules, so that
other input devices will be captured as well.  Thats when I came up
with one final rule to replace the Logitech rule currently in the
kernel file and eliminate the need for my new rules.

So I'm suggesting we replace the current rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: input: Logitech USB Mouse as /class/input/input[[:digit:]]+$

With this more generic version:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: input: [-_/[:alnum:][:space:]]+ as /class/input/input[[:digit:]]+$

Thanks,

Dave