Package: logcheck
Version: 1.2.45
OS: FreeBSD 6.2-RELEASE
I use the following filter to ignore tls_prune DBERROR's:
/usr/local/etc/logcheck/ignore.d.server/cyrus
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tls_prune\[[0-9]+\]: DBERROR db[0-9]:
[0-9]+ lockers$
Running logcheck however it still prints out a security event:
# su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck -l
message.log -o -t"
Security Events
=-=-=-=-=-=-=-=
Nov 5 03:00:00 gonzo tls_prune[7326]: DBERROR db4: 4 lockers
....
If I test the rule it works flawless:
# sed -e 's/[[:space:]]*$//' message.log | egrep \
'^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tls_prune\[[0-9]+\]: DBERROR db[0-9]:
[0-9]+ lockers$'
Output:
Oct 24 04:00:00 gonzo tls_prune[55124]: DBERROR db4: 4 lockers
I guess this is a bug.
Best regards,
Hansa
cyrus
Description: Binary data
message.log
Description: Binary data
_______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
