Re: System log monitor
On Tue, Dec 12, 2000 at 11:17:34AM +1100, Steve wrote:
> Unfortunately, none of this solves the overall problem of packages
> introducing badly formed ignore rules. In the end is suppose you will
> just have to trust subsystems to perform sensible checks and not be
> too general, and file bug-reports against those that don't.
I don't think it is possible to make it "foolproof", unless the log output
from each program goes to a different file, so it is known which filter to
apply. Some designs would probably make it easier to get correct, but I
think the most important thing will be to provide some skeleton regexs that
match the timestamp hostname program[pid]:message format commonly used, so
people don't try to start from scratch. Something like
^[A-Za-z]{3} [ 0-9]{2} ([0-9]{2}:){2}[0-9]{2} [^ ]* program: message
This requires explicit matching of the month, day, and time fields. (BTW,
this is an extended regex, so use egrep or use \ a lot :) As long as host
names don't contain spaces in them, it should work. Maybe a regex other
than [^ ]* should be used to match the hostname.
This might also lead people to use more consistent log message formats,
which is probably a good thing.
--
#define X(x,y) x##y
Peter Cordes ; e-mail: X(peter@llama.nslug. , ns.ca)
"The gods confound the man who first found out how to distinguish the hours!
Confound him, too, who in this place set up a sundial, to cut and hack
my day so wretchedly into small pieces!" -- Plautus, 200 BCE
Reply to: