This one time, at band camp, Juha Pahkala said: > Hello, > > I've just installed logcheck on my debian-testing system. I'm having some > odd problems with the *ignore.server/cron filters. I'm trying to filter > out the entries that cron makes in syslog. These include in my case the > following lines > > Aug 9 16:35:01 server /USR/SBIN/CRON[1041]: (root) CMD > (/root/bin/util/check_irexec) > Aug 9 16:35:01 server /USR/SBIN/CRON[1042]: (root) CMD > (/root/bin/util/check_mythbackend) > Aug 9 16:40:01 server /USR/SBIN/CRON[1103]: (root) CMD > (/root/bin/util/check_irexec) > Aug 9 16:40:01 server /USR/SBIN/CRON[1104]: (root) CMD > (/root/bin/util/check_mythbackend) > > ie. every five minutes a check that the relevant processes are alive. and > the line in the default installation: > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[[0-9]+\]: > \([[:alnum:]-]+\) CMD \(.*\)$ > > works for the check_mythbackend script, but for some reason it doesn't > filter out the check_irexec script entries although they are virtually the > same. it doesn't look like its a problem with the regex, so what could it > be? Just a guess - it's being picked up because of the match on 'exec' - IIRC logcheck reports that in Security Violations. Try changing the name of the script, or adding that regex to a file under violations.ignore.d/ HTH, -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : sgran@debian.org | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
Attachment:
pgpplKtGbxvzP.pgp
Description: PGP signature