> The pattern for rsyslogd can be improved. Please add the following
> line:
>
> imuxsock: Acquired UNIX socket '/run/systemd/journal/syslog' \(fd 3\) from
> systemd. \[v8.2206.0\]
>
> You might want to generalize the fd (on my system it is always fd 3,
> but I don't know if this is general) and possibly the version number;
> ideally this would remain in sync to whatever is in testing.
I have the following rules in etc/logcheck/ignore.d.server/local-rsyslog
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd\[1\]: rsyslog\.service:
Sent signal SIGHUP to main process [0-9]+ \(rsyslogd\) on client
request\.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ rsyslogd\[[0-9]+\]: \[origin
software="rsyslogd" swVersion="[0-9.]+" x-pid="[0-9]+"
x-info="https://www.rsyslog.com"\] rsyslogd was HUPed$
so you might like to add those too. (i believe these are caused by
logrotate via /usr/lib/rsyslog/rsyslog-rotate , the latter being part
of rsyslog). they are relevant to bullseye systems
thanks for considering
