This one time, at band camp, Juha Pahkala said:
> Hello,
>
> I've just installed logcheck on my debian-testing system. I'm having some
> odd problems with the *ignore.server/cron filters. I'm trying to filter
> out the entries that cron makes in syslog. These include in my case the
> following lines
>
> Aug 9 16:35:01 server /USR/SBIN/CRON[1041]: (root) CMD
> (/root/bin/util/check_irexec)
> Aug 9 16:35:01 server /USR/SBIN/CRON[1042]: (root) CMD
> (/root/bin/util/check_mythbackend)
> Aug 9 16:40:01 server /USR/SBIN/CRON[1103]: (root) CMD
> (/root/bin/util/check_irexec)
> Aug 9 16:40:01 server /USR/SBIN/CRON[1104]: (root) CMD
> (/root/bin/util/check_mythbackend)
>
> ie. every five minutes a check that the relevant processes are alive. and
> the line in the default installation:
>
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]:
> \([[:alnum:]-]+\) CMD \(.*\)$
>
> works for the check_mythbackend script, but for some reason it doesn't
> filter out the check_irexec script entries although they are virtually the
> same. it doesn't look like its a problem with the regex, so what could it
> be?
Just a guess - it's being picked up because of the match on 'exec' -
IIRC logcheck reports that in Security Violations. Try changing the
name of the script, or adding that regex to a file under
violations.ignore.d/
HTH,
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : sgran@debian.org |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
Attachment:
pgpplKtGbxvzP.pgp
Description: PGP signature