[Logcheck-devel] Bug#508138: logcheck: loglines leakage
Gerfried Fuchs
rhonda at deb.at
Tue Dec 9 09:36:51 UTC 2008
* Paolo <oopla at users.sf.net> [2008-12-08 09:43:01 CET]:
> seems that somehow logcheck fails to filter out some lines, eg i get this
> warning:
>
> Security Events
^^^^^^^^^^^^^^^
> =-=-=-=-=-=-=-=
> daemon.info: Dec 7 21:13:47 smartd[9668]: Device: /dev/hdb, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 100 to 99
> daemon.info: Dec 7 21:43:48 smartd[9668]: Device: /dev/hdb, SMART Prefailure Attribute: 1 Raw_Read_Error_Rate changed from 99 to 100
>
> however:
>
> # grep -h '21:13:4[78]' /var/log/socklog/main/* | egrep -v -f /etc/logcheck/ignore.d.server/smartd
^^^^^^^^^^^^^^^
ignore.d.server rules won't filter out security events. I guess it's
matched as such because of the contained /failure/ in the line. I'm not
completely sure if this should be filtered out, but a matching rule for
that has to live below violations.ignore.d - and there is the
logcheck-smartd file in there which as far as I can see should match ...
> so the patterns in /etc.../smartd do match and logcheck run should end up
> with no such lines.
Can you egrep -v -f /etc/logcheck/ignore.d.server/smartd instead and
see if the Prefailure Attribute line does show up for you? From what I
can see it shouldn't ...
Thanks,
Rhonda
More information about the Logcheck-devel
mailing list