Logcheck devel - Apr 2005 - Bug#306913: logcheck: please allow @ in "hostname" part of logs

Package: logcheck
Version: 1.2.37
Severity: normal

When using with syslog-ng configured to also log the source of the log
entry log lines look like:

| Apr 24 06:47:01 s_local at nikki CRON[13878]: (pam_unix) session opened for
user root by (uid=0)

Now logcheck doesn't usually allo for the @ in logs which results in
bascially no ignore line matching.  Please add @ to the regexes, thanks.

| System Events
| =-=-=-=-=-=-| Apr 24 06:47:01 s_local at nikki CRON[13878]: (pam_unix) session
opened for user root by (uid=0)
| Apr 24 06:47:01 s_local at nikki su[13895]: + ??? root:nobody
| Apr 24 06:47:01 s_local at nikki su[13895]: (pam_unix) session opened for user
nobody by (uid=0)
| Apr 24 06:47:06 s_local at nikki CRON[13878]: (pam_unix) session closed for
user root
[..]


Peter

On Fri, 29 Apr 2005, Peter Palfrader wrote:
> When using with syslog-ng configured to also log the source of the log
> entry log lines look like:
> 
> | Apr 24 06:47:01 s_local at nikki CRON[13878]: (pam_unix) session opened
for user root by (uid=0)
> 
> Now logcheck doesn't usually allo for the @ in logs which results in
> bascially no ignore line matching.  Please add @ to the regexes, thanks.
> 
> | System Events
> | =-=-=-=-=-=-> | Apr 24 06:47:01 s_local at nikki CRON[13878]:
(pam_unix) session opened for user root by (uid=0)
> | Apr 24 06:47:01 s_local at nikki su[13895]: + ??? root:nobody
> | Apr 24 06:47:01 s_local at nikki su[13895]: (pam_unix) session opened for
user nobody by (uid=0)
> | Apr 24 06:47:06 s_local at nikki CRON[13878]: (pam_unix) session closed
for user root
> [..]
~/src/logcheck/rulefiles/linux$ egrep '\[._\[:alnum:\]-\]'  -r . | wc -l
896

that's not fun. while changing all those we'd better switch to the use
of
macros. very inclined to merge that with those open bugs.
> 
> 
> Peter
> 
regards
--
maks