On Wed, Jul 16, 2008 at 11:15:51PM +0200, Marc Haber wrote: > Package: logcheck > Version: 1.2.67 > Severity: wishlist > > It would help with debugging to have an option that causes logcheck to > always look through the entire log file, ie not using logtail. A couple related things occurred to me, perhaps these can just be described in README{,.Debian}.
1. How to filter an already-filtered email with a new rule, to see if it matches (to first order that just does |grep -xEvf /etc/logcheck/..., but that should also take into account the violations and their exceptions). logcheck --stdin or something. 2. How to filter many emails (1 per hour * 16 hours) through a given filter, perhaps as a test or a temporary measure (if something is known, understood and perhaps fixed, and additional log lines don't add any useful information and just act as clutter). |formail -ds grep -xEvf /tmp/filter |formail -ds procmail 3. How to filter the logfiles themselves again, starting at a given point. Probably best if logcheck supports this itself, to handle rotation, but can probably be mediated with something like: sed -sn '/^Xyz 12 34:56:78/,$p' /var/log/{sys,auth.} | logcheck --stdin, as soon as 1. is implemented. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]