On Thu, Mar 16, 2023 at 01:31:37PM +0000, Richard Lewis wrote: > I dont understand - logcheck rules cater for both formats since 1.4.1 iirc > and this is already explained in NEWS.Debian. (and i thought that included > instructions for updating local rules in that)
it's not. just checked the NEWS from 1.4.2 and it only explains
that systemd's journal is now also checked. no word about different time
formats.
> Did you maybe not upgade logcheck-database to latest version?
this is also about giving advice what to do with *local* logcheck rules.
> the longer term solution is perhaps macros in rules, which may happen in
> trixie.
we need some solution/workaround/configuration/advice for bookworm, else
people will just not use logcheck, if it creates too much noise.
> > <h01ger> dropping timestamps from all logcheck rules could migate this and
> > is an easy way to run mixed suite setups
> not sure the package should drop the prefixes,
i'm basically wondering why to have timestamp regexes in logcheck rules
at all. *not* having them has two benefits, I guess: a.) (very) slightly faster,
b.) easier to maintain/read by humans. what benefits *does* having them?
> > <mbiebl> It was my impression that logcheck changed the regexps which
> > match the timestamps in a way that both matched the old and new format?
> yes!
cool. so this sounds like easy advice to give for updating local rules! :)
and that's what I'm asking for to be done in debian/NEWS.
--
cheers,
Holger
⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org
⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
⠈⠳⣄
We live in a world where teenagers get more and more desperate trying to
convince adults to behave like grown ups.
signature.asc
Description: PGP signature
