On Fri, 1 Dec 2023, 22:15 Hilmar Preusse, <hill...@web.de> wrote:
>
> 2023-12-01T09:36:52.230653+01:00 haka2 schroot[3182]: [unstable-
> amd64-sbuild-327cf8c2-30d1-4469-aa7b-9bc3653dbc45 chroot] (root->root)
> Running
> command: "perl -e #012 use strict;#012
> use warnings;#012 use POSIX;#012 <snip>
>
> These #012 are page feed chars IIRC. Unfortunately
> logcheck is not able to handle the situation and generates E-Mails, which
> report the full command line by line. There is definitely a white list
> rule for
> schroot in /etc/logcheck/ignore.d.server/schroot, but it is not able to
> handle
> the lot of special characters. Consider to not print the full perl script
> into
> the log file (if possible).
>
> It may be an issue in logcheck, but rather prefer to avoid message instead
> of
> trying to white list afterwards.
>
just wanted to add
1. i think these are from the journal rather than syslog - so it may be
stdout or stderr rather than something being deliberately "logged" (?).
2. it is on the logcheck radar to potentially concatenate the blank lines
before processing, but this wont happen soon
3a. There should be no issue adding special characters to the logcheck rule
(untested) - the limting factor.for that is what grep accepts. or use a "."
3b. (i expect the logcheck rule needs updating anyway)
4. I suggest also worth improving schroot(or whatever generates the log
entries) as it would be better for users to log (at most) a short line
saying what is happening ("building package foo.dsc") rather than output
all the code/implementation would be more useful for users.
