I have found the package that is at fault.
It was the upgrade of rsyslog from version 4.6.4-2 to 5.7.3-1
As per rsyslog bug #612829 the daemon no longer strips off trailing blanks from
the syslog output.
In my /var/log/syslog file there are blank lines every time my snmp daemon logs
something:
eg.
Feb 21 13:28:51 monitor snmpd[1310]: Connection from UDP:
[10.128.0.1]:37645->[10.128.0.6]
Feb 21 13:28:51 monitor snmpd[1310]: Connection from UDP:
[10.128.0.1]:37645->[10.128.0.6]
Feb 21 13:28:51 monitor snmpd[1310]: Connection from UDP:
[10.128.0.1]:37645->[10.128.0.6]
Instead of:
Feb 21 13:28:51 monitor snmpd[1310]: Connection from UDP:
[10.128.0.1]:37645->[10.128.0.6]
Feb 21 13:28:51 monitor snmpd[1310]: Connection from UDP:
[10.128.0.1]:37645->[10.128.0.6]
Feb 21 13:28:51 monitor snmpd[1310]: Connection from UDP:
[10.128.0.1]:37645->[10.128.0.6]
The fix is to add the following pattern to the ignore.d.server list for
logcheck:
^\s*$
This stops it reporting on the blank lines, or lines that consist of only
white-space.
Regards,
--
----------
Jim Barber
DDI Health
_______________________________________________
Logcheck-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/logcheck-devel
