Jamie L. Penman-Smithson
2004-Oct-08 04:21 UTC
[Logcheck-devel] The innd rule that wouldn't match..
According to egrep this rule.. ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ innd: [-[:alnum:].]+:[0-9]+ (closed| checkpoint) seconds [0-9]+ accepted [0-9]+ refused [0-9]+ rejected [0-9]+ duplicate [0-9]+ accepted size [0-9]+ duplicate size [0-9]+$ ..matches these log messages: Sep 29 03:45:45 lorien innd: news.jgaa.com:35 closed seconds 3741 accepted 103 refused 84 rejected 6 duplicate 0 accepted size 393751 duplicate size 0 However, logcheck still reports them: [...] D: [1097209122] report : WARNING : can't exec /usr/bin/syslog-summary. Running without summary D: [1097209122] report: cat'ing - System Events D: [1097209122] Setting the footer text D: [1097209122] Sending report to STDOUT This email is sent by logcheck. If you wish to no-longer receive it, you can either deinstall the logcheck package or modify its configuration file (/etc/logcheck/logcheck.conf). [...] Sep 26 16:54:22 lorien innd: gw.efnet.com:55 closed seconds 5 accepted 13 refused 11 rejected 0 duplicate 0 accepted size 24085 duplicate size 0 Sep 26 16:54:28 lorien innd: news.uhro.net:33 checkpoint seconds 124 accepted 1 refused 11 rejected 99 duplicate 0 accepted size 4841 duplicate size 0 I've fiddled with it for two days and still it won't work - so I'm hoping some fresh eyes will spot the [probably] glaring mistake(?) Thanks - glad to be on the team :) -j -- -jamie <jamie at silverdream.org> | spamtrap: spam at silverdream.org w: http://www.silverdream.org | p: sms at silverdream.org pgp key @ http://silverdream.org/~jps/pub.key 04:30:01 up 13 days, 8:19, 17 users, load average: 0.35, 0.24, 0.28 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20041008/cfb1e173/attachment.pgp
On Fri, Oct 08, 2004 at 05:21:53AM +0100, Jamie L. Penman-Smithson wrote:> According to egrep this rule.. > > ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ innd: [-[:alnum:].]+:[0-9]+ (closed| > checkpoint) seconds [0-9]+ accepted [0-9]+ refused [0-9]+ rejected > [0-9]+ duplicate [0-9]+ accepted size [0-9]+ duplicate size [0-9]+$ > > ..matches these log messages: > > Sep 29 03:45:45 lorien innd: news.jgaa.com:35 closed seconds 3741 > accepted 103 refused 84 rejected 6 duplicate 0 accepted size 393751 > duplicate size 0yup doublechecked it does.> However, logcheck still reports them:did you check permissions of the innd rules file?> Thanks - glad to be on the team :)saw your cvs ci, be gentle atm we are close to a release. that means please no code changes in src/! adding tested rules is ok. and please document your steps in debian/changelog under your name. a++ maks