From: Tom H. <to...@wh...> - 2010-10-15 16:02:24
Attachments:
signature.asc
|
Hi, On a new machine I am using metalog [1] as my syslog daemon. For some reason, the daemon does not write the hostname to its logfiles by default. Because of this (I think), regexes that use the __prefix_line macro from filter.d/common.conf (currently only sshd) do no longer match. I had my try at the pattern in order to remove the hostname requirement or better: make it optional, but I had no luck so far. Maybe someone with more experience could help me out? Some example lines: Oct 15 17:00:01 [sshd] Did not receive identification string from 219.95.4.185 Oct 15 17:00:03 [sshd] Invalid user firebird from 219.95.4.185 Oct 15 17:00:04 [sshd] Invalid user alx from 219.95.4.185 [1] http://metalog.sourceforge.net/ -- Regards, Tom |