Install Now
logcheck-test - test new logcheck rules easily
Contents
Description
logcheck-test parses a log file for matching lines specified by a single rule or a rule file. If using a
single RULE you can set a PREFIX and a SUFFIX to write new rules easily.
Examples
With logcheck-test you can easily write and test new rules.
Test a single rule against /var/log/syslog:
logcheck-test -s "RULE"
Test a single rule against ~/log, surround the rule with standard prefix and suffix and append "kernel "
to prefix:
logcheck-test -l ~/log -e -P "kernel " "RULE"
Test the rules in rulefiles/linux/ignore.d.server/kernel against ~/log:
logcheck-test -l ~/log -r rulefiles/linux/ignore.d.server/kernel
Test which lines the rules in rulefiles/linux/ignore.d.server/kernel doesn't match:
logcheck-test -l ~/log -r rulefiles/linux/ignore.d.server/kernel -i
Exit Status
On successful matching logcheck-test will complete with exit code 0. An exit code of 1 indicates no
successful matching.
An exit code greater then 1 indicates an error occurred. Textual errors are written to the standard error
stream.
Name
logcheck-test - test new logcheck rules easily
Options
-h,--help
Show usage information
-a,--auth.log
Parse /var/log/auth.log for matching lines
-s,--syslog
Parse /var/log/syslog for matching lines
-l,--log-fileFILE
Parse FILE for matching lines
-i,--invert-match
Show line that don't match the RULE or the RULEFILE
-q,--quiet
Suppress rule summary at the end of output
-e,--surround-rule
Surround RULE with standard prefix and suffix:
^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ RULE$
-P,--append-prefixPREFIX
Append PREFIX to rule prefix. Option can be given multiple times
-S,--prepend-suffixSUFFIX
Prepend SUFFIX to rule suffix. Option can be given multiple times
-r,--rule-fileRULEFILE
Use file RULEFILE for rule input
See Also
logcheck(8)
Synopsis
logcheck-test [-q|-i] [-a|-s|-lFILE] [-e] [-PPREFIX] [-SSUFFIX] RULElogcheck-test [-q|-i] [-a|-s|-lFILE] -rRULEFILE
PNG Icons