[Logcheck-devel] Bug#494740: logcheck: Kernel rules don't match messages of newer kernels

Michel Messerschmidt www at michel-messerschmidt.de
Mon Aug 11 20:35:47 UTC 2008 

Package: logcheck
Version: 1.2.67
Severity: normal

Hi,

newer kernels output messages with various whitespace before the
timestamp, but logcheck rules match only messages without whitespace
inside the timestamp.

Examples output from kernel 2.6.26-1:
[    0.000000] Linux version 2.6.26-1-686 (Debian 2.6.26-1) (waldi at debian.org) (gcc version 4.1.3 20080623 (prerelease) (Debian 4.1.2-23)) #1 SMP Wed Jul 30 20:02:15 UTC 2008
[    0.000000] BIOS-provided physical RAM map:
[   62.752070] EXT3-fs: mounted filesystem with ordered data mode.
[  106.437384] [drm] Initialized drm 1.1.0 20060810
[ 1304.916137] Suspending console(s)


Example for current kernel rule:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[[[:digit:]]+\.[[:digit:]]+\])? cdrom: open failed\.$
                                            ^^^^

Suggestion: update all kernel rules to match multiple whitespace as follows:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[ *[[:digit:]]+\.[[:digit:]]+\])? cdrom: open failed\.$
                                            ^^^^^^


-- System Information:
Debian Release: lenny/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-1-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck depends on:
ii  adduser            3.108                 add and remove users and groups
ii  bsd-mailx [mailx]  8.1.2-0.20071201cvs-3 A simple mail user agent
ii  cron               3.0pl1-104            management of regular background p
ii  exim4              4.69-6                metapackage to ease Exim MTA (v4) 
ii  exim4-daemon-light 4.69-6                lightweight Exim MTA (v4) daemon
ii  lockfile-progs     0.1.11-0.1            Programs for locking and unlocking
ii  logtail            1.2.67                Print log file lines that have not
ii  rsyslog [system-lo 3.18.1-1              enhanced multi-threaded syslogd

Versions of packages logcheck recommends:
ii  logcheck-database             1.2.67     database of system log rules for t

Versions of packages logcheck suggests:
pn  syslog-summary                <none>     (no description available)

-- no debconf information

More information about the Logcheck-devel mailing list