On Mon, Aug 17, 2009 at 08:03:43PM -0400, Frédéric Brière wrote: ... > > /var/log/socklog-klog/main/current > > 2008-12-03_16:50:42.17649 kern.warn: ide: failed opcode was: unknown > > Yuck. (Why would socklog choose two different formats anyway?)
dunno - maybe too beer for socklog devs? ;) > > While I did change patterns in ignore.d.server/*, I overlooked those in > > violations.ignore.d/* :-} > > Are you saying you updated *all* rules files to that syntax? How do you yes > keep your sanity when a new version of logcheck is released? isn't this a problem with syslog as well? or is there any standard for logs like for http-logs? thanks -- paolo _______________________________________________ Logcheck-devel mailing list Logcheck-devel@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
