Hello,
I have log output from git in my auth.log which I want to eliminate.
All lines begin like this:
Jan 11 23:36:21 mg sudo: git :
I now created this rule:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: git :
Regarding the output from "logcheck-test", this just works fine:
--- snip ---
logcheck-test -a '^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: git :'
Jan 11 23:36:21 mg sudo: git : TTY=unknown ;
================================================================================
parsed file: /var/log/auth.log
used rule: '^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sudo: git :'
--- snap ---
But I am getting this in my logheck mails over and over again, it seems to be
ignored completely.
I am sure the rule exists in the correct file, since other manually added rules
there (e.g. rules to eliminate some sshd output in auth.log) just work fine.
Any ideas?
Thank you,
Dietmar
_______________________________________________
Logcheck-users mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/logcheck-users
