[Logcheck-devel] Bug#889116: logcheck-database: enhance more wpasupplicant rules with optional regex group

[Carl Suster]

Package: logcheck-database
Version: 1.3.18
Severity: wishlist
Tags: patch

Logcheck output includes lines like:

Feb  2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-STARTED EAP authentication started
Feb  2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=26 -> NAK
Feb  2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Feb  2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
Feb  2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully

There is already the following rule intended to capture these:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: CTRL-EVENT-EAP-(STARTED EAP authentication started|SUCCESS EAP authentication completed successfully|METHOD EAP vendor 0 method (17 \(LEAP|25 \(PEAP)\) selected)$

However this is not capturing the "wlp4s0: " part. Some other rules in the file contain optional
regexp groups to capture this part in other log lines, e.g.:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-SUBNET-STATUS-UPDATE status=0$

So could we replace the first rule above with:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-EAP-(STARTED EAP authentication started|SUCCESS EAP authentication completed successfully|METHOD EAP vendor 0 method (17 \(LEAP|25 \(PEAP)\) selected)$