Debian Sarge Logcheck Query
Hi all,
I'm using logcheck to get notifications on my Debian Sarge box, but I would
really like to get rid of a few extra messages that can be ignored. The
entries I want to ignore are:
Feb 16 20:49:38 jake in.qpopper[2843]: connect from 10.200.50.152
Feb 16 20:49:38 jake in.qpopper[2843]: (v4.0.5) Unable to get canonical name
of client 10.200.50.152: Unknown host (1) [pop_init.c:1087]
Feb 16 20:49:39 jake in.qpopper[2843]: (v4.0.5) POP login by user "user" at
(10.200.50.152) 10.200.50.152 [pop_log.c:244]
Feb 16 20:49:39 jake in.qpopper[2843]: Stats: user 0 0 0 0 10.200.50.152
10.200.50.152 [pop_updt.c:296]
I've read through the man pages and had a look at the other files in the
ignore.d.server directory (I'm using server level) and have come up with the
following entries, but they don't seem to work. I've added these lines into
a file called "qpopper" in the /etc/logcheck/ignore.d.server directory.
^\w{3} [ :0-9]{11} jake in.qpopper\[[0-9]+\]: connect from$
^\w{3} [ :0-9]{11} jake in.qpopper\[[0-9]+\]: (v.4.0.5) Unable to get
canonical name of client$
^\w{3} [ :0-9]{11} jake in.qpopper\[[0-9]+\]: (v.4.0.5) POP login by user$
^\w{3} [ :0-9]{11} jake in.qpopper\[[0-9]+\]: Stats:$
I realise I'm probably getting the syntax or something wrong, but I have no
idea what language this is or exactly what these commands do.
Can anyone shed some light on this or direct me to a language reference or
something?
Thanks,
Pete
Reply to: