On Mon, Feb 16, 2004 at 09:02:18PM +1000, Peter A. Cole wrote:
> I'm using logcheck to get notifications on my Debian Sarge box, but I would
> really like to get rid of a few extra messages that can be ignored. The
> entries I want to ignore are:
>
> Feb 16 20:49:38 jake in.qpopper[2843]: connect from 10.200.50.152
> Feb 16 20:49:38 jake in.qpopper[2843]: (v4.0.5) Unable to get canonical name
> of client 10.200.50.152: Unknown host (1) [pop_init.c:1087]
> Feb 16 20:49:39 jake in.qpopper[2843]: (v4.0.5) POP login by user "user" at
> (10.200.50.152) 10.200.50.152 [pop_log.c:244]
> Feb 16 20:49:39 jake in.qpopper[2843]: Stats: user 0 0 0 0 10.200.50.152
> 10.200.50.152 [pop_updt.c:296]
>
> ^\w{3} [ :0-9]{11} jake in.qpopper\[[0-9]+\]: connect from$
The $ at the end is your problem. This matches the end of the string.
> ^\w{3} [ :0-9]{11} jake in.qpopper\[[0-9]+\]: (v.4.0.5) Unable to get
> canonical name of client$
Quote the (). Also the '.'s should be quoted but it isn't really as
important. (v.4.0.5) -> \(v4.0.5\) or \(v4\.0\.5\) There was an extra
dot in there.
> ^\w{3} [ :0-9]{11} jake in.qpopper\[[0-9]+\]: (v.4.0.5) POP login by user$
> ^\w{3} [ :0-9]{11} jake in.qpopper\[[0-9]+\]: Stats:$
Ditto for these
Also you might want to get rid of everything before 'in.qpopper' -
unless you are dealing with multiple systems.
Don't think theres any more problems but I could have missed something.
> I realise I'm probably getting the syntax or something wrong, but I have no
> idea what language this is or exactly what these commands do.
Extended regular expressions. 'man grep' for more information.
Brian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
