* Paolo <[EMAIL PROTECTED]> [2008-12-08 09:43:01 CET]: > seems that somehow logcheck fails to filter out some lines, eg i get this > warning: > > Security Events ^^^^^^^^^^^^^^^ > =-=-=-=-=-=-=-= > daemon.info: Dec 7 21:13:47 smartd[9668]: Device: /dev/hdb, SMART Prefailure > Attribute: 1 Raw_Read_Error_Rate changed from 100 to 99 > daemon.info: Dec 7 21:43:48 smartd[9668]: Device: /dev/hdb, SMART Prefailure > Attribute: 1 Raw_Read_Error_Rate changed from 99 to 100 > > however: > > # grep -h '21:13:4[78]' /var/log/socklog/main/* | egrep -v -f > /etc/logcheck/ignore.d.server/smartd ^^^^^^^^^^^^^^^ ignore.d.server rules won't filter out security events. I guess it's matched as such because of the contained /failure/ in the line. I'm not completely sure if this should be filtered out, but a matching rule for that has to live below violations.ignore.d - and there is the logcheck-smartd file in there which as far as I can see should match ...
> so the patterns in /etc.../smartd do match and logcheck run should end up > with no such lines. Can you egrep -v -f /etc/logcheck/ignore.d.server/smartd instead and see if the Prefailure Attribute line does show up for you? From what I can see it shouldn't ... Thanks, Rhonda _______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel