Package: logcheck
Version: 1.2.69
The current ruleset "kernel" provided with this logcheck package don't
match entries where the kernel timeline has leading spaces, like:
[ 42.302707]
For example, the following entry:
Feb 4 17:05:24 hostname kernel: [ 144.591487] tun: Universal TUN/TAP
device driver, 1.6
didn't matched the re:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:(
\[[[:digit:]]+\.[[:digit:]]+\])? tun: Universal TUN/TAP device driver,
[.[:digit:]]+$
But did match after adding a " +?" in front of
"[[:digit:]]+\.[[:digit:]]", giving the following re:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ kernel:( \[
+?[[:digit:]]+\.[[:digit:]]+\])? tun: Universal TUN/TAP device driver,
[.[:digit:]]+$
I am using Debian GNU/Linux "lenny" 5.0.4 with kernel 2.6.26-2-amd64.
--
Daniel Le Bray
Centre de Ressources Informatiques
Universite du Havre
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
