Package: logcheck Version: 1.3.23 Severity: normal I received an email for some chatter from systemd:
System Events =-=-=-=-=-=-= Aug 30 14:00:24 lxc2 systemd[1]: Finished Cleanup of Temporary Directories. And indeed this line does exist in /var/log/syslog: # grep "Finished Cleanup" /var/log/syslog Aug 28 13:58:24 lxc2 systemd[1]: Finished Cleanup of Temporary Directories. Aug 29 13:59:24 lxc2 systemd[1]: Finished Cleanup of Temporary Directories. Aug 30 14:00:24 lxc2 systemd[1]: Finished Cleanup of Temporary Directories. However, this is already matched by a rule: # cd /etc/logcheck/ignore.d.server/ # grep Cleanup local-systemd ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Starting Cleanup of Temporary Directories...$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Started Cleanup of Temporary Directories.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: Finished Cleanup of Temporary Directories. And the rule _does_ work: # logcheck-test -l /var/log/syslog -r local-systemd | grep Cleanup Aug 28 13:58:24 lxc2 systemd[1]: Starting Cleanup of Temporary Directories... Aug 28 13:58:24 lxc2 systemd[1]: Finished Cleanup of Temporary Directories. Aug 29 13:59:24 lxc2 systemd[1]: Starting Cleanup of Temporary Directories... Aug 29 13:59:24 lxc2 systemd[1]: Finished Cleanup of Temporary Directories. Aug 30 14:00:24 lxc2 systemd[1]: Starting Cleanup of Temporary Directories... Aug 30 14:00:24 lxc2 systemd[1]: Finished Cleanup of Temporary Directories. So the rule to ignore the 'Finished' line on August 30th, 14:00:24 does work, and yet the email was sent anyway. This is not the only occurence, I've also seen the same thing with the line "Starting Daily man-db regeneration..." from systemd on the same system. But in general, the hundreds of other rules I've created work fine. I haven't altered how logcheck is run via cron or changed the configuration files from the default installed by Debian. Thanks for looking at this! -- System Information: Debian Release: 11.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-17-amd64 (SMP w/4 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages logcheck depends on: ii adduser 3.118 ii cron [cron-daemon] 3.0pl1-137 ii lockfile-progs 0.1.18 ii logtail 1.3.23 ii mime-construct 1.11+nmu3 ii rsyslog [system-log-daemon] 8.2102.0-2+deb11u1 ii ssmtp [mail-transport-agent] 2.64-10 Versions of packages logcheck recommends: ii logcheck-database 1.3.23 Versions of packages logcheck suggests: pn syslog-summary <none> -- no debconf information -- This transmission contains information from Delta Mobile Systems, Inc., that may be confidential and/or privileged. The information is intended for the exclusive use of the planned recipient. If you are not the intended recipient, be advised that any disclosure, copying, distribution or other use of this information is strictly prohibited. If you have received this transmission in error, please notify the sender immediately and delete this communication and any attachments without making any copies thereof.