[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: logcheck.ignore entries

Any reason why you are using full stops before the stars?


On Wed, 2004-04-14 at 18:01, Jeff Coppock wrote:
> I'm having trouble with getting entries here to work.  I have the
> following /var/log/auth.log messages that I want to filter out of
> logcheck (version 1.2.16, sarge):
> CRON[15302]: (pam_unix) session opened for user root by (uid=0)
> CRON[15302]: (pam_unix) session closed for user root 
> CRON[15613]:(pam_unix) session opened for user mail by (uid=0)
> CRON[15613]:(pam_unix) session closed for user mail
> So, I have the following entry in /etc/logcheck/logcheck.ignore:
> CRON.*: \(pam_unix\) session (opened|closed) for user (root|mail) .*
> However, logcheck still reports these messages on every run.  I'm barely
> a novice at regex and came up with this entry by googling around.
> Could there be something I need to add to the logcheck.conf file to make
> this work?  
> Is my entry botched?
> The actual log messages also include the date/time/hostname.  Do I need
> to account for that in the entry?
> thanks,
> jc
> -- 
> Jeff Coppock		Systems Engineer
> Diggin' Debian		Admin and User

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: