[Logcheck-users] Can't ignore liblogging-stdlog anymore

adam oczos morespam at tutanota.com
Mon Jul 17 22:17:37 UTC 2017



Hi everyone;
After migrating to stretch, I can't get rid of certain messages via logcheck.


Jul 17 06:25:03 host liblogging-stdlog:  [origin software="rsyslogd" swVersion="8.24.0" x-pid="326" x-info="http://www.rsyslog.com"] rsyslogd was HUPed

It appears in messages and syslog. I used to have my ignore rules working, as it was rsyslogd before, but now I can't. The following regex is in ignore.d.server/rsyslog and ignore.d.server/liblogging-stdlog and ignore.d.server/syslog (probably too much).

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ liblogging-stdlog:  \[origin software="rsyslogd" swVersion="[0-9.]+" x-pid="[[:digit:]]+"x-info="http:\/\/www\.rsyslog\.com"\] rsyslogd was HUPed$

Both configs successfully tested using logcheck-test. For instance:

# logcheck-test -l /var/log/messages liblogging-stdlog 
Jul 17 06:25:04 host liblogging-stdlog:  [origin software="rsyslogd" swVersion="8.24.0" x-pid="326" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
================================================================================
parsed file: /var/log/messages
used rule: 'liblogging-stdlog'

But... These lines are still being mailed to me as a warning. Am I using a wrong ignore file, or... ? :BUMP:
Any ideas / help appreciated!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/logcheck-users/attachments/20170718/5aa2d146/attachment.html>


More information about the Logcheck-users mailing list