[Logcheck-devel] Bug#614318: logcheck sends an email even when there are no entries after filtering
Jim Barber
jim.barber at ddihealth.com
Mon Feb 21 05:35:19 UTC 2011
I have found the package that is at fault.
It was the upgrade of rsyslog from version 4.6.4-2 to 5.7.3-1
As per rsyslog bug #612829 the daemon no longer strips off trailing blanks from the syslog output.
In my /var/log/syslog file there are blank lines every time my snmp daemon logs something:
eg.
Feb 21 13:28:51 monitor snmpd[1310]: Connection from UDP: [10.128.0.1]:37645->[10.128.0.6]
Feb 21 13:28:51 monitor snmpd[1310]: Connection from UDP: [10.128.0.1]:37645->[10.128.0.6]
Feb 21 13:28:51 monitor snmpd[1310]: Connection from UDP: [10.128.0.1]:37645->[10.128.0.6]
Instead of:
Feb 21 13:28:51 monitor snmpd[1310]: Connection from UDP: [10.128.0.1]:37645->[10.128.0.6]
Feb 21 13:28:51 monitor snmpd[1310]: Connection from UDP: [10.128.0.1]:37645->[10.128.0.6]
Feb 21 13:28:51 monitor snmpd[1310]: Connection from UDP: [10.128.0.1]:37645->[10.128.0.6]
The fix is to add the following pattern to the ignore.d.server list for logcheck:
^\s*$
This stops it reporting on the blank lines, or lines that consist of only white-space.
Regards,
--
----------
Jim Barber
DDI Health
More information about the Logcheck-devel
mailing list