[Logcheck-devel] Bug#508138: logcheck: loglines leakage
oopla-pzp
oopla at users.sf.net
Wed Sep 9 06:22:48 UTC 2009
On Mon, Aug 17, 2009 at 08:03:43PM -0400, Frédéric Brière wrote:
...
> > /var/log/socklog-klog/main/current
> > 2008-12-03_16:50:42.17649 kern.warn: ide: failed opcode was: unknown
>
> Yuck. (Why would socklog choose two different formats anyway?)
dunno - maybe too beer for socklog devs? ;)
> > While I did change patterns in ignore.d.server/*, I overlooked those in
> > violations.ignore.d/* :-}
>
> Are you saying you updated *all* rules files to that syntax? How do you
yes
> keep your sanity when a new version of logcheck is released?
isn't this a problem with syslog as well? or is there any standard for logs
like for http-logs?
thanks
--
paolo
More information about the Logcheck-devel
mailing list