logcheck help
[ Up-to-date 'sarge/testing' with kernel-2.4.26-1-686-smp and
logcheck-1.2.28 ]
What I am trying to do is simple: eliminate lines like the following
generated by Shorewall in /var/log/syslog :
Oct 24 11:32:50 msslayer kernel: Shorewall:net2all:DROP:IN=eth0 ...
I created a new file, /etc/logcheck/ignore.d.server/local-shorewall,
that contains:
^\w{3} [ :0-9]{11} msslayer kernel: Shorewall:net2all:
but none of the "Shorewall lines" are being eliminated in the hourly
email sent by 'logcheck' (with REPORTLEVEL="server" in logcheck.conf).
Note that the (initial testing) pattern above, when accessed in a
separate "egrep -f local-shorewall /var/log/syslog" command, *does*
correctly match the "Shorewall lines" ...
My hunch is that the file is named incorrectly and/or placed in the
wrong sub-directory of /etc/logcheck.
I've tried other approaches (e.g., placed the 'egrep' pattern file in
other dirs, named the file "logcheck.shorewall", etc), read and
re-read the included docs, and, of course, searched the web, but no luck.
Thanks for any ideas!
--
Prof Kenneth H Jacker khj@cs.appstate.edu
Computer Science Dept www.cs.appstate.edu/~khj
Appalachian State Univ
Boone, NC 28608 USA
Reply to: