I've got a slight problem with a regexp in one of my logcheck ignore
files. The lines that I want to get rid of are in the form of the
following:
Sep 7 17:21:48 Bigbrother dhcpd: DHCPREQUEST for 192.168.0.8 from
00:50:04:d2:e0:2c via eth1
Sep 7 17:21:48 Bigbrother dhcpd: DHCPACK on 192.168.0.8 to
00:50:04:d2:e0:2c via eth1
and
Sep 7 07:09:45 Bigbrother dhcpd: DHCPREQUEST for 192.168.0.125 from
00:0c:29:65:14:f5 (guts) via eth1
Sep 7 07:09:45 Bigbrother dhcpd: DHCPACK on 192.168.0.125 to
00:0c:29:65:14:f5
(guts) via eth1
The default setup got rid of the former lines just fine. That was:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPREQUEST for
[.0-9]+ (\([\.0-9]+\) |)from [:[:alnum:]]+ via [[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPACK on [.0-9]+ to
[:[:al\num:]]+ via [[:alnum:]]+$
I modified it in order to get rid of the latter by adding
(\([._[:alnum:]-]+\)|) giving me:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPREQUEST for
[.0-9]+ (\([\.0-9]+\) |)from [:[:alnum:]]+ (\([._[:alnum:]-]+\)|) via
[[:alnum:]]+$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ dhcpd(-2.2.x|): DHCPACK on [.0-9]+ to
[:[:al\num:]]+ (\([._[:alnum:]-]+\)|) via [[:alnum:]]+$
Now the filter gets rid of the latter, but lets the former through! Is
there some glaring omission in my regexp that I haven't caught yet?
Possibly because of the double parenthesis? The outer set is for a
selection, the inner set is literal. Any suggestions are welcome.
--
Alex Malinovich
Support Free Software, delete your Windows partition TODAY!
Encrypted mail preferred. You can get my public key from any of the
pgp.net keyservers. Key ID: A6D24837
Attachment:
signature.asc
Description: This is a digitally signed message part