Date: Wed, 14 Jan 2009 23:05:37 +0200 From: Toomas Aas <toomas.aas@raad.tartu.ee> To: questions@freebsd.org Subject: Can't ignore anything with logcheck Message-ID: <496E53A1.7030903@raad.tartu.ee>
next in thread | raw e-mail | index | archive | help
Hello! For many years I've been using the security/logcheck port for monitoring my system logs. Majority of this time it's been logcheck 1.1.1, but now I installed a new server and with it came my first experience with logcheck 1.2.54 which now seems to be maintained by Debian. The configuration has changed quite thoroughly, but I have no problem with that, if only I could get it all to work... The short summary of my problem is that I can't get logcheck to ignore any messages that I don't want reported. In my case these messages appear under "System Events" section in the logfile, so my understanding is that putting the matching regexes into ignore.d.server/local should filter them out. But it doesn't. I've verified all my regexes with egrep as directed in logcheck documentation and they are processed correctly. I've tried running 'logcheck -d' from command line and it seems to process all the configuration files (including my local rules file), but it doesn't give me any indication why it chooses to ignore my regexes. At this point my question is whether anyone at all has gotten this to work on FreeBSD or should I start looking for a replacement for logcheck (recommendations welcome)? -- Toomas Aas ... Bugs are Sons of Glitches!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?496E53A1.7030903>