On Thu, Oct 12, 2006 at 07:29:04PM -0400, Roberto C. Sanchez wrote:
> On Thu, Oct 12, 2006 at 03:36:43AM -0400, Kevin Mark wrote:
> > Hi Roberto,
> > I did 'Oct 11 22:06:01 miami /USR/SBIN/CRON[19062]: (root) CMD
> > (/usr/sbin/getimage' > roberto.txt and used the regex that you did on
> > the text and it matched[0]. That leads me to look elsewhere. Is this
> > supposed to match what to display or what not to display? is the log
> > level set right to exclude this message? not sure as never used that
> > app.
> > cheers,
> > Kev
> > [0]
> > egrep "^\w{3} [ :0-9]{11} [._[:alnum:]-]+ /USR/SBIN/CRON\[.*\]: \(root\)
> > CMD \(/usr/sbin/getimage" roberto.txt
>
> The way logcheck works is that you specify a regex for stuff to ignore.
>
> The odd thind is that I have a cron job that runs getimage on five
> servers every hour, but only one "slips through" the logcheck regex
> filter. That is, ignores the other four which start off the same way.
> This is very curious. I may have to do some deeper investigating. Any
> other ideas would be most welcome.
>
Hi Roberto,
try making the regex less restrictive and see if it picks up this one?
Maybe it has a extra space in the wrong place? maybe a hidden character?
maybe different versions of logcheck or the tools that it uses?
cheers,
Kev
--
| .''`. == Debian GNU/Linux == | my web site: |
| : :' : The Universal | debian.home.pipeline.com |
| `. `' Operating System | go to counter.li.org and |
| `- http://www.debian.org/ | be counted! #238656 |
| my keysever: pgp.mit.edu | my NPO: cfsg.org |
Attachment:
signature.asc
Description: Digital signature