On Wed, Dec 19, 2001, Ross Vandegrift wrote:
>
> Let's say you have a syslog line like:
>
> Jan 3 11:34:57 willow named[236]: rcvd
NOTIFY(55.106.207.in-addr.arpa, IN,
SOA) from [207.106.55.189].1024
>
...
>
> A more general solution that would account for more domains
> might look like this:
>
> named.*: rcvd NOTIFY(.*, IN, SOA) from [.*
>
I think you will need to escape literal ('s and ['s.
In answer to someone else's question, page through
/usr/sbin/logcheck.sh and you'll see that the regex files are passed
directly to grep via the -f switch.
Note that (if memory serves) leaving a blank line in the ignore file
will effectively match everything, causing logcheck to filter all
messages.
