[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: I can't make logcheck ignore some things.

Adam Funk, 

> My logcheck output e-mails include the following lines (among others)
> that I want ignored:
> 
> Feb 11 06:35:31 garcia kernel: sda : READ CAPACITY failed.
> Feb 11 06:35:32 garcia kernel: sda : READ CAPACITY failed.
> Feb 11 06:35:44 garcia kernel: sda : READ CAPACITY failed.
> Feb 11 06:39:28 garcia kernel: sda : READ CAPACITY failed.
> 
> So I created a file /etc/logcheck/ignore.d.workstation/af-custom
> (REPORTLEVEL="workstation" in logcheck.conf) and put the following in
> it:
> 
> ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel: sda.*$
> 
> When I test this with egrep it should work:
> 
> # egrep '^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:
> sda.*$' /var/log/kern.log
> Feb  7 06:36:02 garcia kernel: sda: Unit Not Ready, sense:
> Feb  7 06:36:02 garcia kernel: sda : READ CAPACITY failed.
> ....
> 
> But the unwanted lines are still showing up in the the logcheck mails. 
> What am I doing wrong?

I had the same trouble with spamassassin, which adds certain characters
at the end of the line. Try changing 'unix-dgram' to 'unix-stream' in
syslog-ng.conf if that's what you're using.

-- 
regards,

Christopher Pharo Glæserud
Reply to: