Carl Suster
2018-Feb-02 05:31 UTC
[Logcheck-devel] Bug#889116: logcheck-database: enhance more wpasupplicant rules with optional regex group
Package: logcheck-database Version: 1.3.18 Severity: wishlist Tags: patch Logcheck output includes lines like: Feb 2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-STARTED EAP authentication started Feb 2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=26 -> NAK Feb 2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 Feb 2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected Feb 2 15:53:18 local wpa_supplicant[777]: wlp4s0: CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully There is already the following rule intended to capture these: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: CTRL-EVENT-EAP-(STARTED EAP authentication started|SUCCESS EAP authentication completed successfully|METHOD EAP vendor 0 method (17 \(LEAP|25 \(PEAP)\) selected)$ However this is not capturing the "wlp4s0: " part. Some other rules in the file contain optional regexp groups to capture this part in other log lines, e.g.: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-SUBNET-STATUS-UPDATE status=0$ So could we replace the first rule above with: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ wpa_supplicant\[[0-9]+\]: ((wlan[0-9]|wlp[0-9]s[0-9]): )?CTRL-EVENT-EAP-(STARTED EAP authentication started|SUCCESS EAP authentication completed successfully|METHOD EAP vendor 0 method (17 \(LEAP|25 \(PEAP)\) selected)$