Re: logcheck.violations.ignore --does not work

• Previous message: Christopher Browne: "Re: Linux Filesystem and Security of Files"
• In reply to: Peter T. Breuer: "Re: logcheck.violations.ignore --does not work"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Mark Hansen <meh@NOSPAMunify.com>
Date: Wed, 09 Apr 2003 15:57:06 -0700

Peter T. Breuer wrote:
> In article <yI_ka.15778$_g3.59429@news1.mts.net> you wrote:
>
>> "> In comp.os.linux.misc LHradowy <laura.hradowy@nospam.mts.ca> wrote:
>>> > I have logcheck running a on cron every hour, I need to ignore the following
>>> > line. It runs every 10 minutes.
>>> > I have put it in the /usr/local/etc/logcheck.violations.ignore but it does
>>>
>>> Why?
>>>
>>> Why not in the logcheck.ignore file?
>
>> I check the file logcheck.ignore and would not
>> cron.*CMD
>> take care of it. This is what is in the logcheck.ignore file...
>
> No, it would not take care of it.
>
> CRON.*CMD
>
> would.
>
>>> > not work. I have tried wild cards and still nothing! Anything I put in
>> this
>>>
>>> Try just ".*" :-).
>>>
>>> I'm afraid your report is incoherent. Show what you "try" and we'll
>>> tell you what's wrong with your expression.
>
> Well?
>
>
>>> > file it does not ignore. So I still get these lines under Unusual System
>>> > Events....
>>> > Apr 9 12:10:00 opsftp CROND[21176]: (root) CMD (/usr/lib/sa/sa1 1 1)
>>>
>>> And what's wrong with ..
>>>
>>> CROND.*: .* CMD .*/sa/sa1
>
>> Tried that in the file, does not work.
>
>
> Yes it DOES work. It matces the expression you gave. Cut it down to
>
> CROND.*: .* CMD
>
> if you aren't concerned about what command cron runs! (;-).
>
>> I have tried */usr/lib/sa/sa1*
>
> That would not work! Why do you try that? It doesn't match.
>
>
>> *sa/sa1*
>
> Nor does that match! What are you doing?
>
>> *CMD*/usr/lib/sa
>
> That does not match either! Are you on drugs?
>
>> ... the list goes on.
>
> But you haven't provided any evidence to cause me to believe that you
> have basic competence ... use an expression that matches! It's
> pointless showing me nonmatching expressions and saying "they don't
> work".
>
>> My point is that even with
>> Tried that cron.*CMD in the logcheck.ignore file it does not work!
>
> That DOES NOT MATCH! Are you crazy?
>
> Stop making up nonsense! Just use a correct regular expression. What I
> gave you matches fine. You only give the impression by the above that you
> can't be trusted to write it down correctly.

It seems the original poster is confused about the difference between
a regular expression and a glob. His patters would make good "glob"
patters.

OP: In regular expression syntax, the period character match any single
character, the asterisk character indicates "match the previous expressions
zero or more times". So the expressions ".*" (that is dot star) will match
zero or more of any character.

Look up some documentation on regular expressions to get more info
on how to write them.

Good luck.

>
>
> Peter

• Previous message: Christopher Browne: "Re: Linux Filesystem and Security of Files"
• In reply to: Peter T. Breuer: "Re: logcheck.violations.ignore --does not work"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]