|
|
Subscribe / Log in / New account

Logcheck compatibility

Logcheck compatibility

Posted Jan 27, 2011 9:55 UTC (Thu) by walles (guest, #954)
Parent article: Correlating log messages with syslog-ng

Hi!

Logcheck comes with a ton of regexps for stuff that one would expect to find in ones logs.

How much work would it be to get syslog-ng to put all messages not matching any of the logcheck regexps in a separate log file?

Currently, logcheck is using egrep to scan the logs, and egrep's performance is poor:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=445215

Being able to replace the logcheck daemon and just use its regexp database would be nice!

Regards /Johan

to post comments

Logcheck compatibility

Posted Jan 28, 2011 17:20 UTC (Fri) by nix (subscriber, #2304) [Link]

The initial pattern database was constructed by taking logcheck (and, IIRC, a few other similar programs) and turning them into syslog-ng patterns. So this is already done.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds