How do I tell LogCheck that I don't care what's in the rest of the
search
string?
^\w{3} [ :0-9]{11} m0n0wall ipmon\[[0-9]+\]: [0-9:]{8}\.[0-9]{6} xl0 (@
0:3|@100:3) (b|p) 192\.168\.2\.[0-9]{1,3} -> [0-9.]{7,15} PR igmp len
[0-9]{2} \([0-9]{2}+\) IN$
^\w{3} [ :0-9]{11} m0n0wall ipmon\[[0-9]+\]: [0-9:]{8}\.[0-9]{6} xl0 (@
0:3|@100:3) (b|p) 192\.168\.2\.[0-9]{1,3} -> [0-9.]{7,15} PR igmp len
[0-9]{2} \([0-9]{2}+\) K-S IN$
As you can see the only diff with these two statements is the ending
"IN$"
and "K-S IN$"
If I could figure this out I know I could reduce the number of lines in my
ignore.d.server/local file.
Thanks,
Denis
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.alioth.debian.org/pipermail/logcheck-users/attachments/20080319/790b3047/attachment.htm