[Logcheck-devel] Bug#508138: logcheck: loglines leakage

oopla-pzp oopla at users.sf.net
Wed Sep 9 06:22:48 UTC 2009


On Mon, Aug 17, 2009 at 08:03:43PM -0400, Frédéric Brière wrote:
...
> > /var/log/socklog-klog/main/current
> > 2008-12-03_16:50:42.17649 kern.warn: ide: failed opcode was: unknown
> 
> Yuck.  (Why would socklog choose two different formats anyway?)

dunno - maybe too beer for socklog devs? ;)

> > While I did change patterns in ignore.d.server/*, I overlooked those in
> > violations.ignore.d/*  :-}
> 
> Are you saying you updated *all* rules files to that syntax?  How do you

yes

> keep your sanity when a new version of logcheck is released?

isn't this a problem with syslog as well? or is there any standard for logs
like for http-logs?


thanks
-- 
paolo





More information about the Logcheck-devel mailing list