> One cute thing I noticed about logcheck...after I dumped the output of
> dmesg into logcheck.ignore (with appropriate changes to account for
> differing PID's) logcheck stopped supplying anything...I checked the
> output twice for wildcards that went to far and couldn't find any...after
> I deleted the dmesg lines and put some more general items in...logcheck
> started.
>
> Either I mucked up and didn't see it later or theres a maximum number of
> lines logcheck will parse.
>
> Dont think this is the problem mentioned above...just thought I'd mention
> it as an associated experience :)
> Sorry for the waffle
> AG
It's interesting alright, but as you say not the problem - I've grep'd
/var/log/messages* for DENY messages and there are none since about 4 days
after my last reboot.
I have had some difficulty getting logcheck to ignore some other messages
though (postfix stuff), so perhaps I should move them higher up the list ...
Thanks,
Tony
