Any reason why you are using full stops before the stars? -- Pierre On Wed, 2004-04-14 at 18:01, Jeff Coppock wrote: > I'm having trouble with getting entries here to work. I have the > following /var/log/auth.log messages that I want to filter out of > logcheck (version 1.2.16, sarge): > > CRON[15302]: (pam_unix) session opened for user root by (uid=0) > CRON[15302]: (pam_unix) session closed for user root > CRON[15613]:(pam_unix) session opened for user mail by (uid=0) > CRON[15613]:(pam_unix) session closed for user mail > > So, I have the following entry in /etc/logcheck/logcheck.ignore: > > CRON.*: \(pam_unix\) session (opened|closed) for user (root|mail) .* > > However, logcheck still reports these messages on every run. I'm barely > a novice at regex and came up with this entry by googling around. > > Could there be something I need to add to the logcheck.conf file to make > this work? > > Is my entry botched? > > The actual log messages also include the date/time/hostname. Do I need > to account for that in the entry? > > thanks, > jc > > -- > Jeff Coppock Systems Engineer > Diggin' Debian Admin and User >
Attachment:
signature.asc
Description: This is a digitally signed message part