Logcheck devel - Sep 2009 - Bug#546908: logcheck: Since upgrade to latest, some patterns are no longer filtered

Package: logcheck
Version: 1.3.3
Severity: normal

After upgrading to the latest logcheck, I've noticed that some local
rules I have written no longer filter out the logs properly.

I've been able to correlate the non-matching to the presence of the
'/' (slash) character or '[' (left bracket) in the string that
the
".*" pattern ought to match.

For instance, I have this rule in violations.ignore.d/local:

sm-mta.* nobody at .*.ram.loc .* did not issue MAIL.* during connection

But I still have this line show up in the "System Events" section:

Sep 16 11:27:19 tours sm-mta[5597]: n8G9RJLe005597: nobody at tours.ram.loc
[192.168.0.4] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

Putting that line in a file and using the pattern above with egrep
triggers a match.

Is this due to a locale problem maybe?  It used to work fine with
an earlier version of logcheck (1.2.6, IIRC).

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.30.6
Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash

Versions of packages logcheck depends on:
ii  adduser          3.110                   add and remove users and groups
ii  cron             3.0pl1-86               management of regular background p
ii  lockfile-progs   0.1.10                  Programs for locking and unlocking
ii  logtail          1.3.3                   Print log file lines that have not
ii  mailx            1:8.1.2-0.20020411cvs-1 A simple mail user agent.
ii  sendmail-bin [ma 8.14.3-1                powerful, efficient, and scalable 
ii  sysklogd [system 1.5-1                   System Logging Daemon

Versions of packages logcheck recommends:
ii  logcheck-database             1.3.3      database of system log rules for t

Versions of packages logcheck suggests:
ii  syslog-summary                1.12-0.1   Summarize the contents of a syslog

-- no debconf information

Your message dated Thu, 17 Sep 2009 19:08:59 +0200
with message-id <17916.1253207339 at nice.ram.loc>
and subject line Found the root cause
has caused the Debian Bug report #546908,
regarding logcheck: Since upgrade to latest, some patterns are no longer
filtered
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner at bugs.debian.org
immediately.)


-- 
546908: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=546908
Debian Bug Tracking System
Contact owner at bugs.debian.org with problems
-------------- next part --------------
An embedded message was scrubbed...
From: Raphael Manfredi <Raphael_Manfredi at pobox.com>
Subject: logcheck: Since upgrade to latest, some patterns are no longer filtered
Date: Wed, 16 Sep 2009 14:12:35 +0200
Size: 4244
URL:
<http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20090917/80c13b95/attachment.eml>
-------------- next part --------------
An embedded message was scrubbed...
From: Raphael Manfredi <Raphael_Manfredi at pobox.com>
Subject: Found the root cause
Date: Thu, 17 Sep 2009 19:08:59 +0200
Size: 2466
URL:
<http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20090917/80c13b95/attachment-0001.eml>