Uwe Storbeck
2011-Aug-31 14:48 UTC
[Logcheck-devel] Bug#613124: rule update for changed snmp log messages
For me these log messages contain a space at the end of the line
(snmpd version 5.4.3~dfsg-2). So this rule may need an additional
" ?" or " *" at the end to work for all cases:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from UDP:
\[[.0-9]{7,15}\]:[0-9]{4,5}->\[[.0-9]{7,15}\] ?$
Hannes von Haugwitz
2011-Sep-02 20:04 UTC
[Logcheck-devel] Bug#613124: Bug#613124: rule update for changed snmp log messages
On Wed, Aug 31, 2011 at 04:48:05PM +0200, Uwe Storbeck wrote:> For me these log messages contain a space at the end of the line > (snmpd version 5.4.3~dfsg-2). So this rule may need an additional > " ?" or " *" at the end to work for all cases: > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ snmpd\[[0-9]+\]: Connection from UDP: \[[.0-9]{7,15}\]:[0-9]{4,5}->\[[.0-9]{7,15}\] ?$I couldn't reproduce your issue. Does logcheck really report those log lines? Actually logcheck removes all trailing whitespaces before applying the rules. Greetings Hannes
Uwe Storbeck
2011-Sep-13 16:52 UTC
[Logcheck-devel] Bug#613124: Bug#613124: rule update for changed snmp log messages
On Sep 02, Hannes von Haugwitz wrote:> Does logcheck really report those log lines? Actually logcheck removes > all trailing whitespaces before applying the rules.Sorry, I did not know that logcheck strips trailing spaces now. I only checked the pattern with egrep against syslog. It matched on one of my servers but not on another. But with logcheck it works on all servers. So ignore my last message. ;) Regards Uwe