Vianney Lejeune
2009-Apr-05 13:37 UTC
[Logcheck-users] logcheck doesn't ignore messages matched by egrep -f
Hello,
I have this message in syslog that I'd like to ignore:
==Apr 5 15:31:37 server77 upnpd[11728]: TimerThreadRemove failed!
==
I use these rules to ignore it in a file located in ignore.d.server
(which contains some other rules which work):
==^\w{3} [ :0-9]{11} [._[:alnum:]-]+ upnpd\[[0-9]+\]:
TimerThreadRemove failed!$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ upnpd\[[0-9]+\]:[[:print:]]+$
==
The command egrep -f /etc/logcheck/ignore.d.server/rule /var/log/
syslog matches the message correctly but logcheck keeps sending me an
email regarding this log entry. Is it a bug or did I miss something?
Regards,
Mr Lejeune
Frédéric Brière
2009-Jul-18 01:05 UTC
[Logcheck-users] logcheck doesn't ignore messages matched by egrep?-f
Vianney Lejeune <via.lej at free.fr> wrote:> I have this message in syslog that I'd like to ignore: > > Apr 5 15:31:37 server77 upnpd[11728]: TimerThreadRemove failed!Is it being filed under "System Events" or "Security Events"? In the latter case, you'll have to store your rule under violations.ignore.d. -- Never trust an operating system you don't have sources for. ;-) -- Unknown source