[Logcheck-devel] Bug#712941: logcheck-database: logcheck triggers a fatal error in egrep
shizuma
shizuma at vif.com
Mon Jul 1 10:56:42 UTC 2013
Hello Hannes,
Thanks for your assistance.
I've returned my system to pristine wheezy condition (I think):
tar zcvf my_setup.tgz cracking.* ignore.d.* violations.*
rm -rf cracking.* ignore.d.* violations.*
apt-get install --reinstall logcheck-database
dpkg -i /var/cache/apt/archives/grep_2.12-2_amd64.deb
mkdir cracking.ignore.d
chown root.logcheck cracking.ignore.d
cat logcheck.logfiles
# these files will be checked by logcheck
# This has been tuned towards a default syslog install
/var/log/syslog
/var/log/auth.log
logcheck.logfiles (END)
cat logcheck.conf
INTRO=0
REPORTLEVEL="server"
SENDMAILTO="---- at -------"
MAILASATTACH=0
FQDN=0
ATTACKSUBJECT="Security Alerts on -------"
SECURITYSUBJECT="Security Events on -------"
EVENTSSUBJECT="System Events on -------"
TMP="/tmp"
logcheck.conf (END)
Is there something else I must do?
Will keep you posted.
Thanks.
On Mon, 1 Jul 2013 06:58:49 +0200, Hannes von Haugwitz wrote:
> tags 712941 unreproducible moreinfo
> thanks
>
> Hello,
>
> On Thu, Jun 20, 2013 at 07:33:51PM -0400, shizuma at vif.com wrote:
>> Since I upgraded to wheezy in may, logcheck reports contain only
>> one
>> line:
>>
>> egrep: character class syntax is [[:space:]], not [:space:]
>>
>
> I'm not able to reproduce this issue on Debian wheezy with the
> standard
> rule set from logcheck-database package.
>
> Please provide more information about how to reproduce this issue.
>
>> Configuration Files:
>> /etc/logcheck/ignore.d.server/samba changed [not included]
>
> Maybe this change or the rule file from another package is causing
> this
> issue. Can you please check that and report back if the issue still
> exist?
>
> Best regards
>
> Hannes
More information about the Logcheck-devel
mailing list