Can't ignore anything with logcheck
Toomas Aas
toomas.aas at raad.tartu.ee
Wed Jan 14 13:23:18 PST 2009
Hello!
For many years I've been using the security/logcheck port for monitoring
my system logs. Majority of this time it's been logcheck 1.1.1, but now I
installed a new server and with it came my first experience with logcheck
1.2.54 which now seems to be maintained by Debian. The configuration has
changed quite thoroughly, but I have no problem with that, if only I could
get it all to work...
The short summary of my problem is that I can't get logcheck to ignore any
messages that I don't want reported. In my case these messages appear
under "System Events" section in the logfile, so my understanding is that
putting the matching regexes into ignore.d.server/local should filter them
out. But it doesn't.
I've verified all my regexes with egrep as directed in logcheck
documentation and they are processed correctly. I've tried running
'logcheck -d' from command line and it seems to process all the
configuration files (including my local rules file), but it doesn't give
me any indication why it chooses to ignore my regexes.
At this point my question is whether anyone at all has gotten this to work
on FreeBSD or should I start looking for a replacement for logcheck
(recommendations welcome)?
--
Toomas Aas
... Bugs are Sons of Glitches!
More information about the freebsd-questions
mailing list