[Logcheck-devel] Bug#452879: Logcheck doesn't ignore smbd_audit logs
Marcin Kuras
cura at debian.linux.org.pl
Sun Nov 25 21:02:36 UTC 2007
Package: Logcheck
Version: 1.2.54
Distro: Debian Etch (stable)
Kernel: 2.6.18-5-686 #1 SMP
I'm trying to force logcheck (reportlevel=server) to ignore smbd_audit logs.
smbd_audit is a vfs module of samba. It writes logs into /var/log/syslog file.
Typical log looks like this:
Oct 24 08:36:14 server4 smbd_audit: Documents|Johnson|192.168.50.19|unlink
ok|Projects/doc1.pdf
I've added the simplest rule I guess:
^.*smbd_audit.*$
to these files:
/etc/logcheck/violations.ignore.d/logcheck-samba
/etc/logcheck/ignore.d.server/samba
..but logcheck doesn't want to ignore logs with "smbd_audit".
On the other hand - logcheck "ignore" works fine for many other of my regexp
rules...
Regards,
--
Marcin Kuras
More information about the Logcheck-devel
mailing list