Differences between revisions 1 and 11 (spanning 10 versions)
Revision 1 as of 2014-08-28 11:27:25
Size: 321
Editor: ?OndřejSurý
Comment:
Revision 11 as of 2015-04-29 06:18:43
Size: 2356
Editor: ?RichieB
Comment: Changed PID to 1, added 3 more lines
Deletions are marked like this. Additions are marked like this.
Line 3: Line 3:
ignore.d.server/systemd:
Line 4: Line 5:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Starting|Started) Session [[:digit:]]+ of user [^[:space:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Reexecuting|Reloading)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: systemd [[:digit:]]+ running in system mode. \((\+[[:alnum:]]+ ?)+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Expecting device [^[:space:]]+\.device\.\.\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Start(ing|ed) Cleanup of Temporary Directories\.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Start(ing|ed) Run anacron jobs\.+$
Line 5: Line 12:
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Starting|Started) Session [[:digit:]]+ of user [^[:space:]]+\.$ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: Removed session [[:digit:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Stopping (Timers|Default|Basic System|Paths|Sockets)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Stopped target (Timers|Default|Basic System|Paths|Sockets)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Starting (Shutdown|Exit the Session\.\.|Timers|Default|Basic System|Paths|Sockets)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Reached target (Shutdown|Timers|Default|Basic System|Paths|Sockets)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Received SIGRTMIN\+24 from PID [[:digit:]]+ \(kill\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Startup finished in [[:digit:]]+ms\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Start|Stopp)(ing|ed) User Manager for UID [0-9]+\.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Starting|Created|Stopping|Removed)( slice)? (user|system)-[\\[:alnum:]]+\.slice\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd: pam_unix\(systemd-user:session\): session (opened|closed) for user [[:alnum:]]+( by \(uid=[0-9]+\))?$
Line 7: Line 23:

Reloads by logrotate are logged to syslog by systemd as well. The following systemd rules ignore the systemd part of them. Additional rules for the reloaded/restarted daemons are required:

{{{
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Reload(ing|ed) LSB: .*\.$
}}}

This is page to collect logcheck rules for systemd.

ignore.d.server/systemd:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[[[:digit:]]+\]: (Starting|Started) Session [[:digit:]]+ of user [^[:space:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Reexecuting|Reloading)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: systemd [[:digit:]]+ running in system mode. \((\+[[:alnum:]]+ ?)+\)$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Expecting device [^[:space:]]+\.device\.\.\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Start(ing|ed) Cleanup of Temporary Directories\.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Start(ing|ed) Run anacron jobs\.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: New session [[:digit:]]+ of user [^[:space:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd-logind\[[[:digit:]]+\]: Removed session [[:digit:]]+\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Stopping (Timers|Default|Basic System|Paths|Sockets)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Stopped target (Timers|Default|Basic System|Paths|Sockets)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Starting (Shutdown|Exit the Session\.\.|Timers|Default|Basic System|Paths|Sockets)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Reached target (Shutdown|Timers|Default|Basic System|Paths|Sockets)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Received SIGRTMIN\+24 from PID [[:digit:]]+ \(kill\)\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Startup finished in [[:digit:]]+ms\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Start|Stopp)(ing|ed) User Manager for UID [0-9]+\.+$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: (Starting|Created|Stopping|Removed)( slice)? (user|system)-[\\[:alnum:]]+\.slice\.$
^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd: pam_unix\(systemd-user:session\): session (opened|closed) for user [[:alnum:]]+( by \(uid=[0-9]+\))?$

Reloads by logrotate are logged to syslog by systemd as well. The following systemd rules ignore the systemd part of them. Additional rules for the reloaded/restarted daemons are required:

^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ systemd\[1\]: Reload(ing|ed) LSB: .*\.$