On Fri, 1 Dec 2023, 22:15 Hilmar Preusse, <hill...@web.de> wrote: > > 2023-12-01T09:36:52.230653+01:00 haka2 schroot[3182]: [unstable- > amd64-sbuild-327cf8c2-30d1-4469-aa7b-9bc3653dbc45 chroot] (root->root) > Running > command: "perl -e #012 use strict;#012 > use warnings;#012 use POSIX;#012 <snip> > > These #012 are page feed chars IIRC. Unfortunately > logcheck is not able to handle the situation and generates E-Mails, which > report the full command line by line. There is definitely a white list > rule for > schroot in /etc/logcheck/ignore.d.server/schroot, but it is not able to > handle > the lot of special characters. Consider to not print the full perl script > into > the log file (if possible). > > It may be an issue in logcheck, but rather prefer to avoid message instead > of > trying to white list afterwards. >
just wanted to add 1. i think these are from the journal rather than syslog - so it may be stdout or stderr rather than something being deliberately "logged" (?). 2. it is on the logcheck radar to potentially concatenate the blank lines before processing, but this wont happen soon 3a. There should be no issue adding special characters to the logcheck rule (untested) - the limting factor.for that is what grep accepts. or use a "." 3b. (i expect the logcheck rule needs updating anyway) 4. I suggest also worth improving schroot(or whatever generates the log entries) as it would be better for users to log (at most) a short line saying what is happening ("building package foo.dsc") rather than output all the code/implementation would be more useful for users.