Re: Logwatch puzzles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Craig White <craigwhite@xxxxxxxxxxx> wrote:

On Sun, 2006-04-09 at 10:52 +0100, Anne Wilson wrote:

On Saturday 08 April 2006 15:25, Anne Wilson wrote:
> On Saturday 08 April 2006 14:14, Craig White wrote:
> > On Sat, 2006-04-08 at 10:27 +0100, Anne Wilson wrote:
> > > This box runs samba in order to serve up a public directory.  I'm
> > > seeing many lines in Logwatch that do not appear in the main server
> > > Logwatch, and trying to understand what is causing them.  I find this
> > > puzzling, for instance:
> > >
> > >  nmbd/nmbd_incomingrequests.c:process_name_query_request(454)
> > > process_name_query_request: Name query from 192.168.0.80 on subnet
> > > 192.168.0.70 for name LYDGATE.LAN<1d> : 91 Time(s)
> > >
> > > 192.168.0.70 is this box, and 192.168.0.80 was active for a
> > > considerable time yesterday, but "on subnet 192.168.0.70" sounds odd?
> > >
> > > There are other lines that seem to suggest that it is trying to connect
> > > to a windows active domain.  There is a W2K box on the lan, for which I
> > > have no access, so can't answer for its configuration, but again, I
> > > don't see any such lines on the main server Logwatch.
> > >
> > > Both boxes have Logwatch set to level Low.
> > >
> > > I've tried googling, but although I've found dozens of entries with
> > > similar phrases, none that I've read so far seem to fit my
> > > circumstances. What I really need now is some suggestions for
> > > troubleshooting this.  I know I could just ignore them, but among all
> > > that crud there could be hiding something that I need to see, but would
> > > miss.
> >
> > ----
> > yeah it does sound odd but perusing /var/log/samba/nmbd.log on a few
> > servers - including those with multiple ip addresses shows that this is
> > the terminology used in samba logging. I suppose to answer definitively,
> > one would go through the source code.
>
> As a temporary measure I'll try to set exclude lines in Logwatch for the
> most obvious groups of lines, in the hope that I can more easily see what
> else is there.
>
I've hit a problem, seen in this report:

Anacron job 'cron.daily'
/etc/cron.daily/0logwatch:

Quantifier follows nothing in regex; marked by <-- HERE in m/* <-- HERE winbindd*/ at /etc/cron.daily/0logwatch line 1113, <TESTFILE> line 2.

Obviously this is not a file that I have altered in any way, so it has to be what it is reading that is the problem. The lines it refers to are

IGNORE: for my $ignore_filter (@IGNORE) {
               chomp $ignore_filter;
               if ($ThisLine =~ m/$ignore_filter/) {
                  $Ignored++;
                  next LINE;

I believe the line that it is objecting to was
*winbindd*

Presumably it doesn't like the '*' as a starting point. How, then, can I ignore all lines concerned with winbindd?
----
just guessing that you did some editing within the 'samba.conf' file in
the log.d services directory that maybe has caused this issue.

Craig

Sounds like you just want winbindd as your matcher in your @IGNORE array. This will match any line that contains the string winbindd. You don't need anything in front of or behind winbindd to tell perl to skip anything since the perl pattern match will be true if $ThisLine contains the string winbindd anywhere. If you needed something to skip over the first part of the line, you'd want a perl regular expression instead of what you would use for grep and friends. This would be something like /.*winbindd.*/ with ".*" being the perl matcher roughly equivalent to grep's "*".

Cheers,
Dave

--
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux