Your message dated Tue, 25 Nov 2008 17:18:30 +0100 with message-id <[EMAIL PROTECTED]> and subject line Re: Bug#506863: Ignore filter not working as expected has caused the Debian Bug report #506863, regarding Ignore filter not working as expected to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 506863: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506863 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems
--- Begin Message ---Package: logcheck Version: 1.2.45 OS: FreeBSD 6.2-RELEASE I use the following filter to ignore tls_prune DBERROR's: /usr/local/etc/logcheck/ignore.d.server/cyrus ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tls_prune\[[0-9]+\]: DBERROR db[0-9]: [0-9]+ lockers$ Running logcheck however it still prints out a security event: # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck -l message.log -o -t" Security Events =-=-=-=-=-=-=-= Nov 5 03:00:00 gonzo tls_prune[7326]: DBERROR db4: 4 lockers .... If I test the rule it works flawless: # sed -e 's/[[:space:]]*$//' message.log | egrep \ '^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tls_prune\[[0-9]+\]: DBERROR db[0-9]: [0-9]+ lockers$' Output: Oct 24 04:00:00 gonzo tls_prune[55124]: DBERROR db4: 4 lockers I guess this is a bug. Best regards, Hansa
cyrus
Description: Binary data
Description: Binary data
--- End Message ---
--- Begin Message ---* Hansa <[EMAIL PROTECTED]> [2008-11-25 12:59:54 CET]: > Package: logcheck > Version: 1.2.45 > OS: FreeBSD 6.2-RELEASE Nice, great to hear it's used there. :) > I use the following filter to ignore tls_prune DBERROR's: > /usr/local/etc/logcheck/ignore.d.server/cyrus > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ tls_prune\[[0-9]+\]: DBERROR db[0-9]: > [0-9]+ lockers$ > > Running logcheck however it still prints out a security event: > # su -m logcheck -c "/usr/local/bin/bash /usr/local/sbin/logcheck -l > message.log -o -t" > > Security Events > =-=-=-=-=-=-=-= > Nov 5 03:00:00 gonzo tls_prune[7326]: DBERROR db4: 4 lockers > .... Please notice that the ignore.d.server directory won't overrule security events but only system events. You need to put those lines into the violations.ignore.d directory instead. Hope that helps, and thanks for the cross-OS feedback. :) Rhonda
--- End Message ---
_______________________________________________ Logcheck-devel mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
