[Logcheck-devel] Bug#491127: logcheck: please consider an option which will always check the entire log file
Justin Pryzby
justinpryzby at users.sourceforge.net
Wed Jul 16 21:45:34 UTC 2008
On Wed, Jul 16, 2008 at 11:15:51PM +0200, Marc Haber wrote:
> Package: logcheck
> Version: 1.2.67
> Severity: wishlist
>
> It would help with debugging to have an option that causes logcheck to
> always look through the entire log file, ie not using logtail.
A couple related things occurred to me, perhaps these can just be
described in README{,.Debian}.
1. How to filter an already-filtered email with a new rule, to see if
it matches (to first order that just does |grep -xEvf
/etc/logcheck/..., but that should also take into account the
violations and their exceptions). logcheck --stdin or something.
2. How to filter many emails (1 per hour * 16 hours) through a given
filter, perhaps as a test or a temporary measure (if something is
known, understood and perhaps fixed, and additional log lines
don't add any useful information and just act as clutter).
|formail -ds grep -xEvf /tmp/filter |formail -ds procmail
3. How to filter the logfiles themselves again, starting at a given
point. Probably best if logcheck supports this itself, to handle
rotation, but can probably be mediated with something like: sed
-sn '/^Xyz 12 34:56:78/,$p' /var/log/{sys,auth.} | logcheck
--stdin, as soon as 1. is implemented.
More information about the Logcheck-devel
mailing list