[ Up-to-date 'sarge/testing' with kernel-2.4.26-1-686-smp and logcheck-1.2.28 ]
What I am trying to do is simple: eliminate lines like the following generated by Shorewall in /var/log/syslog : Oct 24 11:32:50 msslayer kernel: Shorewall:net2all:DROP:IN=eth0 ... I created a new file, /etc/logcheck/ignore.d.server/local-shorewall, that contains: ^\w{3} [ :0-9]{11} msslayer kernel: Shorewall:net2all: but none of the "Shorewall lines" are being eliminated in the hourly email sent by 'logcheck' (with REPORTLEVEL="server" in logcheck.conf). Note that the (initial testing) pattern above, when accessed in a separate "egrep -f local-shorewall /var/log/syslog" command, *does* correctly match the "Shorewall lines" ... My hunch is that the file is named incorrectly and/or placed in the wrong sub-directory of /etc/logcheck. I've tried other approaches (e.g., placed the 'egrep' pattern file in other dirs, named the file "logcheck.shorewall", etc), read and re-read the included docs, and, of course, searched the web, but no luck. Thanks for any ideas! -- Prof Kenneth H Jacker [EMAIL PROTECTED] Computer Science Dept www.cs.appstate.edu/~khj Appalachian State Univ Boone, NC 28608 USA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]