Hi everyone;
After migrating to stretch, I can't get rid of certain messages via
logcheck.
Jul 17 06:25:03 host liblogging-stdlog: ?[origin software="rsyslogd"
swVersion="8.24.0" x-pid="326"
x-info="http://www.rsyslog.com"] rsyslogd was HUPed
It appears in messages and syslog. I used to have my ignore rules working, as it
was rsyslogd before, but now I can't. The following regex is in
ignore.d.server/rsyslog and ignore.d.server/liblogging-stdlog and
ignore.d.server/syslog (probably too much).
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ liblogging-stdlog: ?\[origin
software="rsyslogd" swVersion="[0-9.]+"
x-pid="[[:digit:]]+"x-info="http:\/\/www\.rsyslog\.com"\]
rsyslogd was HUPed$
Both configs successfully tested using logcheck-test. For instance:
# logcheck-test -l /var/log/messages liblogging-stdlog
Jul 17 06:25:04 host liblogging-stdlog: ?[origin software="rsyslogd"
swVersion="8.24.0" x-pid="326"
x-info="http://www.rsyslog.com"] rsyslogd was HUPed
===============================================================================parsed
file: /var/log/messages
used rule: 'liblogging-stdlog'
But... These lines are still being mailed to me as a warning. Am I using a wrong
ignore file, or... ? :BUMP:
Any ideas / help appreciated!
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.alioth.debian.org/pipermail/logcheck-users/attachments/20170718/5aa2d146/attachment.html>