Package: logcheck-database
Version: 1.3.18
Severity: wishlist
Tags: patch
Logcheck output includes lines like:
Feb 2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-STARTED EAP
authentication started
Feb 2 15:53:18 local wpa_supplicant[777]: wlp4s0:
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=26 -> NAK
Feb 2 15:53:18 local wpa_supplicant[777]: wlp4s0:
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
Feb 2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-METHOD EAP
vendor 0 method 25 (PEAP) selected
Feb 2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-SUCCESS EAP
authentication completed successfully
There is already the following rule intended to capture these:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]:
CTRL-EVENT-EAP-(STARTED EAP authentication started|SUCCESS EAP authentication
completed successfully|METHOD EAP vendor 0 method (17 \(LEAP|25 \(PEAP)\)
selected)$
However this is not capturing the "wlp4s0: " part. Some other rules in the file
contain optional
regexp groups to capture this part in other log lines, e.g.:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]:
((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-SUBNET-STATUS-UPDATE status=0$
So could we replace the first rule above with:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]:
((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-EAP-(STARTED EAP authentication
started|SUCCESS EAP authentication completed successfully|METHOD EAP vendor 0
method (17 \(LEAP|25 \(PEAP)\) selected)$
