On Fri, 29 Apr 2005, Peter Palfrader wrote: > When using with syslog-ng configured to also log the source of the log > entry log lines look like: > > | Apr 24 06:47:01 [EMAIL PROTECTED] CRON[13878]: (pam_unix) session opened > for user root by (uid=0) > > Now logcheck doesn't usually allo for the @ in logs which results in > bascially no ignore line matching. Please add @ to the regexes, thanks. > > | System Events > | =-=-=-=-=-=-= > | Apr 24 06:47:01 [EMAIL PROTECTED] CRON[13878]: (pam_unix) session opened > for user root by (uid=0) > | Apr 24 06:47:01 [EMAIL PROTECTED] su[13895]: + ??? root:nobody > | Apr 24 06:47:01 [EMAIL PROTECTED] su[13895]: (pam_unix) session opened for > user nobody by (uid=0) > | Apr 24 06:47:06 [EMAIL PROTECTED] CRON[13878]: (pam_unix) session closed > for user root > [..]
~/src/logcheck/rulefiles/linux$ egrep '\[._\[:alnum:\]-\]' -r . | wc -l 896 that's not fun. while changing all those we'd better switch to the use of macros. very inclined to merge that with those open bugs. > > > Peter > regards -- maks -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
