[Logcheck-devel] Bug#546908: logcheck: Since upgrade to latest, some patterns are no longer filtered
Raphael Manfredi
Raphael_Manfredi at pobox.com
Wed Sep 16 12:12:35 UTC 2009
Package: logcheck
Version: 1.3.3
Severity: normal
After upgrading to the latest logcheck, I've noticed that some local
rules I have written no longer filter out the logs properly.
I've been able to correlate the non-matching to the presence of the
'/' (slash) character or '[' (left bracket) in the string that the
".*" pattern ought to match.
For instance, I have this rule in violations.ignore.d/local:
sm-mta.* nobody at .*.ram.loc .* did not issue MAIL.* during connection
But I still have this line show up in the "System Events" section:
Sep 16 11:27:19 tours sm-mta[5597]: n8G9RJLe005597: nobody at tours.ram.loc [192.168.0.4] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Putting that line in a file and using the pattern above with egrep
triggers a match.
Is this due to a locale problem maybe? It used to work fine with
an earlier version of logcheck (1.2.6, IIRC).
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.30.6
Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages logcheck depends on:
ii adduser 3.110 add and remove users and groups
ii cron 3.0pl1-86 management of regular background p
ii lockfile-progs 0.1.10 Programs for locking and unlocking
ii logtail 1.3.3 Print log file lines that have not
ii mailx 1:8.1.2-0.20020411cvs-1 A simple mail user agent.
ii sendmail-bin [ma 8.14.3-1 powerful, efficient, and scalable
ii sysklogd [system 1.5-1 System Logging Daemon
Versions of packages logcheck recommends:
ii logcheck-database 1.3.3 database of system log rules for t
Versions of packages logcheck suggests:
ii syslog-summary 1.12-0.1 Summarize the contents of a syslog
-- no debconf information
More information about the Logcheck-devel
mailing list