[Logcheck-devel] Bug#712941: logcheck-database: logcheck triggers a fatal error in egrep

[shizuma]

 Hello Hannes,

 Thanks for your assistance.

 I've returned my system to pristine wheezy condition (I think):
 tar zcvf my_setup.tgz cracking.* ignore.d.* violations.*
 rm -rf cracking.* ignore.d.* violations.*
 apt-get install --reinstall logcheck-database
 dpkg -i /var/cache/apt/archives/grep_2.12-2_amd64.deb
 mkdir cracking.ignore.d
 chown root.logcheck cracking.ignore.d

 cat logcheck.logfiles
 # these files will be checked by logcheck
 # This has been tuned towards a default syslog install
 /var/log/syslog
 /var/log/auth.log
 logcheck.logfiles (END)

 cat logcheck.conf
 INTRO=0
 REPORTLEVEL="server"
 SENDMAILTO="---- at -------"
 MAILASATTACH=0
 FQDN=0
 ATTACKSUBJECT="Security Alerts on -------"
 SECURITYSUBJECT="Security Events on -------"
 EVENTSSUBJECT="System Events on -------"
 TMP="/tmp"
 logcheck.conf (END)

 Is there something else I must do?

 Will keep you posted.

 Thanks.


 On Mon, 1 Jul 2013 06:58:49 +0200, Hannes von Haugwitz wrote:
> tags 712941 unreproducible moreinfo
> thanks
>
> Hello,
>
> On Thu, Jun 20, 2013 at 07:33:51PM -0400, shizuma at vif.com wrote:
>>  Since I upgraded to wheezy in may, logcheck reports contain only 
>> one
>>  line:
>>
>> egrep: character class syntax is [[:space:]], not [:space:]
>>
>
> I'm not able to reproduce this issue on Debian wheezy with the 
> standard
> rule set from logcheck-database package.
>
> Please provide more information about how to reproduce this issue.
>
>> Configuration Files:
>>  /etc/logcheck/ignore.d.server/samba changed [not included]
>
> Maybe this change or the rule file from another package is causing 
> this
> issue. Can you please check that and report back if the issue still
> exist?
>
> Best regards
>
> Hannes