Markus Hedlund
2012-Apr-13 08:22 UTC
[Logcheck-users] Rule doesn't work even though it works with egrep
Hi,
I get these lines in my logcheck emails:
Apr 12 10:35:47 server sudo: www-data : TTY=unknown ;
PWD=/var/www/public_html ; USER=root ; COMMAND=/var/scripts/script.sh
123
Even though I have this in i.d.s/sudo:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sudo: www-data : TTY=unknown ;
PWD=/var/www/public_html ; USER=root ; COMMAND=/var/scripts/script.sh
[0-9]+$
I've tested the sudo rules with "egrep -f sudo /var/log/auth.log"
and
they seem to match. What am I missing?
Version: 1.3.13
Sincerely
Markus Hedlund