Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 14 Jan 2009 23:05:37 +0200
From:      Toomas Aas <toomas.aas@raad.tartu.ee>
To:        questions@freebsd.org
Subject:   Can't ignore anything with logcheck
Message-ID:  <496E53A1.7030903@raad.tartu.ee>

Next in thread | Raw E-Mail | Index | Archive | Help
Hello!

For many years I've been using the security/logcheck port for monitoring 
my system logs. Majority of this time it's been logcheck 1.1.1, but now I 
installed a new server and with it came my first experience with logcheck 
1.2.54 which now seems to be maintained by Debian. The configuration has 
changed quite thoroughly, but I have no problem with that, if only I could 
get it all to work...

The short summary of my problem is that I can't get logcheck to ignore any 
messages that I don't want reported. In my case these messages appear 
under "System Events" section in the logfile, so my understanding is that 
putting the matching regexes into ignore.d.server/local should filter them 
out. But it doesn't.

I've verified all my regexes with egrep as directed in logcheck 
documentation and they are processed correctly. I've tried running 
'logcheck -d' from command line and it seems to process all the 
configuration files (including my local rules file), but it doesn't give 
me any indication why it chooses to ignore my regexes.

At this point my question is whether anyone at all has gotten this to work 
on FreeBSD or should I start looking for a replacement for logcheck 
(recommendations welcome)?

--
Toomas Aas
... Bugs are Sons of Glitches!



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?496E53A1.7030903>