Marc Haber
2008-Jul-16 21:15 UTC
[Logcheck-devel] Bug#491127: logcheck: please consider an option which will always check the entire log file
Package: logcheck Version: 1.2.67 Severity: wishlist It would help with debugging to have an option that causes logcheck to always look through the entire log file, ie not using logtail. Greetings Marc
Justin Pryzby
2008-Jul-16 21:45 UTC
[Logcheck-devel] Bug#491127: logcheck: please consider an option which will always check the entire log file
On Wed, Jul 16, 2008 at 11:15:51PM +0200, Marc Haber wrote:> Package: logcheck > Version: 1.2.67 > Severity: wishlist > > It would help with debugging to have an option that causes logcheck to > always look through the entire log file, ie not using logtail.A couple related things occurred to me, perhaps these can just be described in README{,.Debian}. 1. How to filter an already-filtered email with a new rule, to see if it matches (to first order that just does |grep -xEvf /etc/logcheck/..., but that should also take into account the violations and their exceptions). logcheck --stdin or something. 2. How to filter many emails (1 per hour * 16 hours) through a given filter, perhaps as a test or a temporary measure (if something is known, understood and perhaps fixed, and additional log lines don't add any useful information and just act as clutter). |formail -ds grep -xEvf /tmp/filter |formail -ds procmail 3. How to filter the logfiles themselves again, starting at a given point. Probably best if logcheck supports this itself, to handle rotation, but can probably be mediated with something like: sed -sn '/^Xyz 12 34:56:78/,$p' /var/log/{sys,auth.} | logcheck --stdin, as soon as 1. is implemented.
martin f krafft
2008-Aug-31 18:36 UTC
[Logcheck-devel] Bug#491127: logcheck: please consider an option which will always check the entire log file
tags 491127 help thanks also sprach Marc Haber <mh+debian-bugs at zugschlus.de> [2008.07.16.2215 +0100]:> It would help with debugging to have an option that causes > logcheck to always look through the entire log file, ie not using > logtail.Patches welcome. -- .''`. martin f. krafft <madduck at debian.org> : :' : proud Debian developer, author, administrator, and user `. `'` http://people.debian.org/~madduck - http://debiansystem.info `- Debian - when you have better things to do than fixing systems -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: Digital signature (see http://martin-krafft.net/gpg/) Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20080831/f30cb114/attachment.pgp
Debian Bug Tracking System
2008-Aug-31 18:39 UTC
[Logcheck-devel] Processed: Re: Bug#491127: logcheck: please consider an option which will always check the entire log file
Processing commands for control at bugs.debian.org:> tags 491127 helpBug#491127: logcheck: please consider an option which will always check the entire log file There were no tags set. Tags added: help> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)