Ipfilter log concern Syslog.pm
Arnaud Gaillard
Arnaud at balelec.ch
Thu Jan 24 17:07:46 CET 2002
So we wanted to check as well that the parsing of the ipfilter log and it
was not working. The reason is that the ipfilter log is using a facility
called
local0
in the syslogd.
As a reminder the syslogd comes with pre-defined facilities like 'mail',
'user', etc. but as well with other facilities like 'local0', 'local1', etc.
which have to be understood as 'customisable' facilites.
Thus certain programs that do not wish to use the classical 'mail', 'user',
etc. facilites can use something else. (it is important indeed to be able to
seggregate logs).
So in the parsing algorithm of Lire::Syslog.pm there is a problem because
the parsing algorithm for the facility is assuming that the facility
contains only a-z characters.
This means that if you change line 59 from:
([a-z]+)\.([a-z]+) # Facility.loglevel
to
([a-z0-9]+)\.([a-z]+) # Facility.loglevel
this is working much better
Our 0.02 euro
A++
Arnaud T & Arnaud G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.logreport.org/pipermail/development/attachments/20020124/b64090bf/attachment.html
More information about the Development
mailing list