[Logcheck-devel] Bug#569014: logcheck kernel rules don't match [<blank><number>.<number>]
Dan Le Bray
daniel.le-bray at univ-lehavre.fr
Tue Feb 9 13:44:35 UTC 2010
Package: logcheck
Version: 1.2.69
The current ruleset "kernel" provided with this logcheck package don't
match entries where the kernel timeline has leading spaces, like:
[ 42.302707]
For example, the following entry:
Feb 4 17:05:24 hostname kernel: [ 144.591487] tun: Universal TUN/TAP
device driver, 1.6
didn't matched the re:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:(
\[[[:digit:]]+\.[[:digit:]]+\])? tun: Universal TUN/TAP device driver,
[.[:digit:]]+$
But did match after adding a " +?" in front of
"[[:digit:]]+\.[[:digit:]]", giving the following re:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[
+?[[:digit:]]+\.[[:digit:]]+\])? tun: Universal TUN/TAP device driver,
[.[:digit:]]+$
I am using Debian GNU/Linux "lenny" 5.0.4 with kernel 2.6.26-2-amd64.
--
Daniel Le Bray
Centre de Ressources Informatiques
Universite du Havre
More information about the Logcheck-devel
mailing list