"Paul J. Keenan" <[EMAIL PROTECTED]> writes: > The logcheck script is in /usr/sbin/logcheck.sh - the script uses > grep to do the pattern matching. From the source and the grep(1) > manpage, it seems that for the lines to include in the log > (logcheck.hacking and logcheck.violations) the matching is > case-insensitive, but for the exclusions (logcheck.violations.ignore > and logcheck.ignose) the matching is case-sensitive. HTH.
Actually, the Debian package uses egrep. Check the script. That's why (as you correctly stated) you need \[. I filed bugs against the docs and against the included default patterns a while ago, and I believe it's being fixed. For example, here are some (correct?) patterns I added: uservd\[[[:digit:]]+\]: call connected$ uservd/check\[[[:digit:]]+\]: uservd\[[[:digit:]]+\] is running$ named\[.*\]: Cleaned cache of .* RRsets named\[.*\]: USAGE .* .* CPU=.*/.* CHILDCPU=.*/.* named\[.*\]: NSTATS .* .* A=.* PTR=.* AAAA=.* named\[.*\]: XSTATS .* .* RR=.* RNXD=.* RFwdR=.* RDupR=.* RFail=.* RFErr=.* RErr =.* RAXFR=.* RLame=.* ROpts=.* SSysQ=.* SAns=.* SFwdQ=.* SDupQ=.* SErr=.* RQ=.* RIQ=.* RFwdQ=.* RDupQ=.* RTCP=.* SFwdR=.* SFail=.* SFErr=.* SNaAns=.* SNXD=.* -- Rob Browning <[EMAIL PROTECTED]> PGP=E80E0D04F521A094 532B97F5D64E3930
