In /etc/logcheck/ignore.d.server/syslogd, there is already a regular
expression to match these sorts of things:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ syslogd [.0-9]{5}#[0-9]+: restart
\(remote reception\)\.$
However, as the original poster points out, this regular expression does
not actually work on Ubuntu (firstly, because Ubuntu packages have
'ubuntu' in the version number, which is not matched by the '[0-9]+' in
the regex, and secondly because "remote reception" is not included in
the restart message).
Saying that this behaviour is intentional can't be right - why is there
a (broken) regex in /etc/logcheck/ignore.d.server/syslogd if it is
intentional to report these lines?
I see Daniel Holback's point that you might want to be notified if
somebody manages to shut syslog down. When syslog is intentionally
shutdown, however, the "exiting on signal 15" message occurs - this can
be reported. When syslog routinely restarts, there is no 'signal 15'
message, just the 'restart' message, which should be ignored. This way,
we can catch the strange events and ignore the routine ones.
Chris Wagner is right that reporting routine operations leads to
mindlessly deleting logcheck messages because we know they are not
important - this is what logcheck is trying to avoid.
--
logcheck in dapper reports normal syslog restarts
https://bugs.launchpad.net/bugs/116773
You received this bug notification because you are a member of Ubuntu
Server Team, which is a direct subscriber.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
