On Wed, Dec 19, 2001, Ross Vandegrift wrote: > > Let's say you have a syslog line like: > > Jan 3 11:34:57 willow named[236]: rcvd NOTIFY(55.106.207.in-addr.arpa, IN, SOA) from [207.106.55.189].1024 >
... > > A more general solution that would account for more domains > might look like this: > > named.*: rcvd NOTIFY(.*, IN, SOA) from [.* > I think you will need to escape literal ('s and ['s. In answer to someone else's question, page through /usr/sbin/logcheck.sh and you'll see that the regex files are passed directly to grep via the -f switch. Note that (if memory serves) leaving a blank line in the ignore file will effectively match everything, causing logcheck to filter all messages.