Re: logcheck problem

To: debian-devel@lists.debian.org
Subject: Re: logcheck problem
From: Eirik Schwenke <debian-devel@e12e.ukshells.co.uk>
Date: Mon, 28 Jul 2003 02:13:16 +0100 (BST)
Message-id: <[🔎] Pine.LNX.4.53.0307280136230.28264@echo.ukshells.co.uk>
Reply-to: debian-devel@lists.debian.org, debian-devel@e12e.ukshells.co.uk

On Thu, 6 Dec 2001 17:19:49 +0100 (CET) "Tille, Andreas" <TilleA@rki.de> wrote:

> Hello,
> I suspect something is brocken with the latest logcheck.  I continuousely
> get the appended message.  I do not think that it is caused by my exclude rules
> because I did not change anything important (and even if it is a bug logcheck
> should care about!).

(... logcheck v 1.1.1-12 ...)

> ---------- Forwarded message ----------
> Date: Thu, 06 Dec 2001 16:02:03 +0100
> From: Cron Daemon <tillea@rki.de>
> To: tillea@rki.de
> Subject: Cron <root@wr-limob01> test -x /usr/sbin/logcheck && nice -n10
>     /usr/sbin/logcheck
> egrep: Invalid content of \{\}

I get the same message with my current version of logcheck. (1.1.1-13.1)

I first tried running the command:

for f in `find /etc/logcheck/ -type f`;do
  echo "testing inverted" | egrep -vf $f;
  echo "testing normal" | egrep -if $f;
done

And got no errors from egrep.

I then attempted to find out where the error occures, by running the logcheck-
script manually as root, and watching for the egrep-error message. But with
inconsisten results.

Has anyone else seen this error ? The main problem is obviously that the logcheck-script
doesn't catch and report errors that occures when processing pattern-files. So it's
almost impossible to find the error, if indeed it is in the pattern-files.

I don't really understand what causes this because it appears to be highly inconsistent,
and doesn't show up on every run.

I made a further attempt by adding the following lines to a modifed locheck-script,
and running it manually to genereate an error log, again watching for the egrep
error, and trying to see where it manifested -- but I got inconsistent results. I
believe this is because of logtail and the way logcheck works -- by only checking the
logs that are new, and only using specific ("needed") filter-files.

DEBUG=1
ERRORLOG=./logcheck.error

grep_debug() {
   echo "egrep called with: $*" >> $ERRORLOG
   egrep $*
}

#Note: the following should replace GREP=egrep
if [[ $DEBUG > 0 ]]; then
   GREP=grep_debug
   trap "echo 'ERROR TRAPPED***' >> $ERRORLOG;echo Trapped error! > /dev/stderr" ERR
else
   GREP=egrep
fi

One one run witch genereated the egrep error above (egrep: Invalid content of \{\})
the error appears to be in one of the ignore-files:

egrep called with: -v -f /var/lib/logcheck/cleaned/logcheck.violations.ignore
ERROR TRAPPED***

Please reply to me as well the list, as I'm not on it. Sorry for no correct in-reply-to-
header, but I found the original post on the web, and found no "full-headers"-link.
(http://lists.debian.org/debian-devel/2001/debian-devel-200112/msg00412.html)
-- 
Eirik Schwenke

Reply to:

Prev by Date: Bug#203148: ITP: libi18n-java -- internationalization library for java
Next by Date: Re: proposal: per-user temporary directories on by default?
Previous by thread: Re: Bug#203148: ITP: libi18n-java -- internationalization library for java
Next by thread: Re: clamav-daemon: Bashism in init file, and restart
Index(es):
- Date
- Thread