[Logcheck-users] Rule doesn't work even though it works with egrep
Markus Hedlund
markus at snowfire.it
Fri Apr 13 08:22:46 UTC 2012
Hi,
I get these lines in my logcheck emails:
Apr 12 10:35:47 server sudo: www-data : TTY=unknown ;
PWD=/var/www/public_html ; USER=root ; COMMAND=/var/scripts/script.sh
123
Even though I have this in i.d.s/sudo:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: www-data : TTY=unknown ;
PWD=/var/www/public_html ; USER=root ; COMMAND=/var/scripts/script.sh
[0-9]+$
I've tested the sudo rules with "egrep -f sudo /var/log/auth.log" and
they seem to match. What am I missing?
Version: 1.3.13
Sincerely
Markus Hedlund
More information about the Logcheck-users
mailing list