RE: LogCheck and it's rules

To: Robert Ramiega <robert@plukwa.pdi.net>
Cc: Debian Users <debian-user@lists.debian.org>
Subject: RE: LogCheck and it's rules
From: Pollywog <pollywog@shadypond.com>
Date: Mon, 13 Dec 1999 23:40:42 -0000 (UTC)
Message-id: <[🔎] XFMail.19991213234042.pollywog@shadypond.com>
Reply-to: Pollywog <pollywog@shadypond.com>
In-reply-to: <[🔎] 19991214001325.N11487@plukwa.pdi.net>

On 13-Dec-1999 Robert Ramiega wrote:
>  Hi!
>  I'm running Potato on my PPC machine. 
> I have one problem with logcheck. It seems  i can't create proper ignore
> rules: here is excerpt from logcheck.ignore:
> 
> named[.*]: USAGE .* .* CPU=.*/.* CHILDCPU=.*/.*
> PAM_unix[.*]: (ssh) session opened for user .* by (.*)
> 
>  and i still get in logcheck mails:
> Dec 13 23:46:53 plukwa named[159]: USAGE 945125213 945085613

try
named.*: USAGE .*

> CPU=61.74u/56.5s CHILDCPU=0u/0s
> Dec 13 23:04:55 plukwa PAM_unix[17035]: (ssh) session opened for user root
> by
> (uid=0)

PAM_unix.*: (ssh) session opened for user root .*


> 
>  Those 2 lines (both from logcheck.ignore and logcheck mails) are not the
> only ones (basically any line with named, PAM_unix and so on gets reported
> under Unsual Events and some of those lines came with package and were not
> modified by me). 
>  Can someone help me?
> 
> (just popped into my head... does th case of regex matter? it's the same as
> in /var/log/messages but....)
I believe case DOES matter with logcheck.

--
Andrew

Reply to:

Follow-Ups:
- RE: LogCheck and it's rules
  - From: Ethan Benson <erbenson@alaska.net>

References:
- LogCheck and it's rules
  - From: Robert Ramiega <robert@plukwa.pdi.net>

Prev by Date: library problem !
Next by Date: Re: lo on potato
Previous by thread: LogCheck and it's rules
Next by thread: RE: LogCheck and it's rules
Index(es):
- Date
- Thread