GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
logcheck-test(1) FreeBSD General Commands Manual logcheck-test(1)

logcheck-test - test new logcheck rules easily

logcheck-test [-q|-i] [-a|-m|-l FILE] [-e] [-P PREFIX] [-S SUFFIX] RULE
logcheck-test [-q|-i] [-a|-m|-l FILE] -r RULEFILE

logcheck-test parses a log file for matching lines specified by a single rule or a rule file. If using a single RULE you can set a PREFIX and a SUFFIX to write new rules easily.

-h, --help
Show usage information
-a, --auth.log
Parse /var/log/auth.log for matching lines
-m, --messages
Parse /var/log/messages for matching lines
-l, --log-file FILE
Parse FILE for matching lines
-i, --invert-match
Show line that don't match the RULE or the RULEFILE
-q, --quiet
Suppress rule summary at the end of output
-e, --surround-rule
Surround RULE with standard prefix and suffix:

^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ RULE$

-P, --append-prefix PREFIX
Append PREFIX to rule prefix. Option can be given multiple times
-S, --prepend-suffix SUFFIX
Prepend SUFFIX to rule suffix. Option can be given multiple times
-r, --rule-file RULEFILE
Use file RULEFILE for rule input

With logcheck-test you can easily write and test new rules.

Test a single rule against /var/log/messages:

logcheck-test -m "RULE"

Test a single rule against ~/log, surround the rule with standard prefix and suffix and append "kernel " to prefix:

logcheck-test -l ~/log -e -P "kernel " "RULE"

Test the rules in rulefiles/linux/ignore.d.server/kernel against ~/log:

logcheck-test -l ~/log -r rulefiles/linux/ignore.d.server/kernel

Test which lines the rules in rulefiles/linux/ignore.d.server/kernel doesn't match:

logcheck-test -l ~/log -r rulefiles/linux/ignore.d.server/kernel -i

On successful matching logcheck-test will complete with exit code 0. An exit code of 1 indicates no successful matching.

An exit code greater then 1 indicates an error occurred. Textual errors are written to the standard error stream.

logcheck(8)

logcheck is developed by Debian logcheck Team at: https://salsa.debian.org/debian/logcheck. This manual was written by Hannes von Haugwitz <hannes@vonhaugwitz.com>.
February 19, 2010
Search for    or go to Top of page |  Section 1 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.