From owner-freebsd-questions@FreeBSD.ORG Wed Jan 14 21:23:17 2009 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A2A51106568B for ; Wed, 14 Jan 2009 21:23:17 +0000 (UTC) (envelope-from toomas.aas@raad.tartu.ee) Received: from smtp-out.neti.ee (smtp-out.neti.ee [194.126.126.44]) by mx1.freebsd.org (Postfix) with ESMTP id 61F488FC0A for ; Wed, 14 Jan 2009 21:23:17 +0000 (UTC) (envelope-from toomas.aas@raad.tartu.ee) Received: from smtp-out.neti.ee (relay8.neti.ee [88.196.174.139]) by HOT-Bounce1.estpak.ee (Postfix) with ESMTP id 27B579130F6 for ; Wed, 14 Jan 2009 23:05:40 +0200 (EET) X-Virus-Scanned: Debian amavisd-new at estpak.ee Received: from Relayhost2.neti.ee (Relayhost2 [88.196.174.142]) by MXR-8.estpak.ee (Postfix) with ESMTP id 86D70157DF5 for ; Wed, 14 Jan 2009 23:05:39 +0200 (EET) X-SMTP-Auth-NETI-Businesmail: no Received: from boeing.kodu.lan (88-196-104-92-dsl.trt.estpak.ee [88.196.104.92]) by Relayhost2.neti.ee (Postfix) with ESMTP id 0FDFD1FD810 for ; Wed, 14 Jan 2009 23:05:38 +0200 (EET) Message-ID: <496E53A1.7030903@raad.tartu.ee> Date: Wed, 14 Jan 2009 23:05:37 +0200 From: Toomas Aas User-Agent: Thunderbird 2.0.0.18 (X11/20090102) MIME-Version: 1.0 To: questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: Subject: Can't ignore anything with logcheck X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Jan 2009 21:23:18 -0000 Hello! For many years I've been using the security/logcheck port for monitoring my system logs. Majority of this time it's been logcheck 1.1.1, but now I installed a new server and with it came my first experience with logcheck 1.2.54 which now seems to be maintained by Debian. The configuration has changed quite thoroughly, but I have no problem with that, if only I could get it all to work... The short summary of my problem is that I can't get logcheck to ignore any messages that I don't want reported. In my case these messages appear under "System Events" section in the logfile, so my understanding is that putting the matching regexes into ignore.d.server/local should filter them out. But it doesn't. I've verified all my regexes with egrep as directed in logcheck documentation and they are processed correctly. I've tried running 'logcheck -d' from command line and it seems to process all the configuration files (including my local rules file), but it doesn't give me any indication why it chooses to ignore my regexes. At this point my question is whether anyone at all has gotten this to work on FreeBSD or should I start looking for a replacement for logcheck (recommendations welcome)? -- Toomas Aas ... Bugs are Sons of Glitches!