Hi,
On Sun, Jun 10, 2018 at 05:28:42PM +0200, jean-christophe manciot wrote:
> The rule *ulogd* described below (*IP multicast: 224.0.0.0 <-->
> 239.255.255.255*) does not match some matchable lines:
> ^.*? DST=2(?:2[4-9]|3\d)(?:\.(?:25[0-5]|2[0-4]\d|1\d\d|[1-9]\d?|0)){3} .*$
logcheck uses POSIX extended regular expression (ERE).
Your regular expression contains non-capturing group notation ('?:'),
which is not supported in ERE.
You can use `rgxg` to generate an extended regular expression for
'224.0.0.0/4':
$ rgxg cidr 224.0.0.0/4
(23[0-9]|22[4-9])(\.(25[0-5]|2[0-4][0-9]|1[0-9]{2}|[1-9]?[0-9])){3}
With this regular expression `logcheck-test` matches your example log
lines.
If that solves your issue please close this bug report.
Best regards
Hannes
