On Wed, 2005-05-04 at 19:44 +0200, maximilian attems wrote: > On Wed, 04 May 2005, Jamie L. Penman-Smithson wrote: > > > > Now logcheck doesn't usually allo for the @ in logs which results in > > > > bascially no ignore line matching. Please add @ to the regexes, thanks. > > <snip log snippets> > > > > > > ~/src/logcheck/rulefiles/linux$ egrep '\[._\[:alnum:\]-\]' -r . | wc -l > > > 896 > > > > > > that's not fun. while changing all those we'd better switch to the use of > > > macros. very inclined to merge that with those open bugs. > > > > for i in *; do cat $i | sed -e "s/\[\._\[:alnum:\]-\]+/[EMAIL > > PROTECTED]:alnum: > > \]-\]\+/" >> $i.new; done > > > > ..appears to work here.. > > yes i know, could have done something similar with perl, > but we just want to change all hostname and who says they > are exactly formated like aboves and really hostnames you > change. needs human edit and than it's better to do it > right, no?
That only matches the first occurrence of [._[:alnum:]-]+ and since
every rule starts with "^\w{3} [ :0-9]{11} [._[:alnum:]-]+" it'll only
change the regexp we use for the hostname.
It's better than manually going through and changing every occurrence
800+ times. I've tested it here:
$ for i in *; do cat $i | sed -e "s/\[\._\[:alnum:\]-\]+/[EMAIL
PROTECTED]:alnum:
\]-\]\+/" >> $i.new; done
$ egrep -vf ../logcheck/rulefiles/linux/TEST_ignore.d.server/postfix.new
postfix.log | egrep
-vf ../logcheck/rulefiles/linux/violations.ignore.d/logcheck-postfix
$
They work just as well as the old rules, they just match the additional
'@'..
However, if you'd rather wait for macro support, that's fine.
-j
signature.asc
Description: This is a digitally signed message part
