> https://git.alphanet.ch/gitweb/?p=various;a=blob;f=logcheck/syslog-summary;h=dcfe82b9ab2065309dc39f929d0d5c9055c75f55;hb=HEAD
>
(as above, we wouldn't want to include any syslog-summary in the
debian package but we should keep the support for such local scripts:
i think it should still work if the script is correct)
> HOWEVER, it broke with bullseye, I guess the log format changed,
i didn't try, but 38 has some issues:
- it assumes a PID is logged on every line - this is not the case for,
eg, lines from the kernel
- has a lot of backtracking because you include [ and ] in $1: it will
first match to the end of the PID and then backtrack every character
until the [
-- i dont think you want [ and ] in $1 at all
- it only matches lines from the journal, not rsyslog
- (i dont know about perl but \ is not usually an escape character
inside [...] groups: you usually put "]" first, "[" not first and "-"
last in the group)
And at the end (line 62) you lose anything not matching line 38:
better to set count=1 there and log as other lines
Hope that's helpful
