[Logwatch] Date parsing question

Marty Hoff martang@clearcommerce.com
Fri, 24 Jan 2003 09:45:04 -0600 (CST)


On Fri, 24 Jan 2003, Kirk Bauer wrote:

> On Fri, 24 Jan 2003, Marty Hoff wrote:
>
> > I'm trying to set up a new filter for my VPN logs.  I currently have done
> > as the README suggests - I just have the filter doing a cat.  However,
> > when I define the *ApplyStdDate in the config, I lose almost all of the
> > lines that are recorded in my log.  I think it comes down to the
> > following lines in the ApplyStdDate function:
> >
> > while (defined($ThisLine = <STDIN>)) {
> >    if ($ThisLine =~ m/^$SearchDate ..:..:.. [^ ]* [^ ]*\[[0123456789]*\]: /o) {
> >       print $ThisLine;
> >    } elsif ($ThisLine =~ m/^$SearchDate ..:..:.. [^ ]* [^ ]*: /o) {
> >       print $ThisLine;
> >    } elsif ($ThisLine =~ m/(Mon|Tue|Wed|Thu|Fri|Sat|Sun) $SearchDate ..:..:.. \d{4}/o) {
> >       print $ThisLine;
> >    }
> > }
> >
> >
> > I'm not very good at reading perl code.  Can someone help me figure out
> > why this would not catch the following type of line from my log:
> >
> > Jan 21 10:14:17 int_vpn.internal.clearcommerce.com fTCP ERR: Unknown next_proto, 69 from 66.14.149.35
>
> The default date range is "Yesterday", which would eliminate all lines
> with a timestamp other than yesterday's date.
>
> Have you tried doing '--range all' on the logwatch command-line?

Yes.  It doesn't catch any of these type of messages regardless of date
unless I turn off the ApplyStdDate in the conf file.  It only catches the
following type of messages.  There are several other message types that
it doesn't catch either.

Jan 23 22:26:04 int_vpn.internal.clearcommerce.com Uptime:   0 days 13 hrs

You should be able to duplicate this effect pretty easily.  If you'd like
I can send the conf files that I've defined for the service.  Just in
case it is important, this is on Solaris 2.6 using perl 5.005_03.

Marty

--------------------------------------------
Marty Hoff                   martang@clearcommerce.com
UNIX Administrator           ClearCommerce Corp.

Always remember you're unique, just like everyone else.