[Logcheck-devel] Bug#482523: logcheck: Rule does not work - regex was tested

Valeri Geiser valeri at a-little-bit.de
Fri May 23 09:43:56 UTC 2008


Package: logcheck
Version: 1.2.63~bpo40+2
Severity: normal

Hi, this is probably not a bug, but a mistake of mine. But after going 
through the documentation and the website again and again I cannot see 
where I am mistaken.

The following logline:

May 22 19:38:26 mail in.imapproxyd[9532]: Raw_Proxy(): Failed to read 
line from client on socket 7

is not catched by the rule

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: Raw.*$

in the file imapproxy.

But the proposed test lists the line:
sed -e 's/[[:space:]]*$//' /var/log/syslog.0 | egrep '^\w{3} [ :0-9]{11} 
[._[:alnum:]-]+ in.imapproxyd\[[0-9]+\]: Raw.*$'

Also I do not see any ignore-rule that should apply to this. Several 
other rules in that specific file have the same problem. Do you have 
a hint?

Thanks & regards,
  Valeri 


-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.9-023stab043.3-smp
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages logcheck depends on:
ii  adduser          3.102                   Add and remove users and groups
ii  cron             3.0pl1-100              management of regular background p
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logtail          1.2.63~bpo40+2          Print log file lines that have not
ii  mailx            1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii  postfix [mail-tr 2.3.8-2+b1              A high-performance mail transport 
ii  sysklogd [system 1.4.1-18                System Logging Daemon

Versions of packages logcheck recommends:
ii  logcheck-database         1.2.63~bpo40+2 database of system log rules for t

-- no debconf information






More information about the Logcheck-devel mailing list