[Logcheck-users] End of search string question
Denis Dimick
dgdimick at gmail.com
Wed Mar 19 22:58:09 UTC 2008
How do I tell LogCheck that I don't care what's in the rest of the search
string?
^\w{3} [ :0-9]{11} m0n0wall ipmon\[[0-9]+\]: [0-9:]{8}\.[0-9]{6} xl0 (@
0:3|@100:3) (b|p) 192\.168\.2\.[0-9]{1,3} -> [0-9.]{7,15} PR igmp len
[0-9]{2} \([0-9]{2}+\) IN$
^\w{3} [ :0-9]{11} m0n0wall ipmon\[[0-9]+\]: [0-9:]{8}\.[0-9]{6} xl0 (@
0:3|@100:3) (b|p) 192\.168\.2\.[0-9]{1,3} -> [0-9.]{7,15} PR igmp len
[0-9]{2} \([0-9]{2}+\) K-S IN$
As you can see the only diff with these two statements is the ending "IN$"
and "K-S IN$"
If I could figure this out I know I could reduce the number of lines in my
ignore.d.server/local file.
Thanks,
Denis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/logcheck-users/attachments/20080319/790b3047/attachment.htm
More information about the Logcheck-users
mailing list