1logcheck-test(1)            General Commands Manual           logcheck-test(1)
2
3
4

NAME

6       logcheck-test - test new logcheck rules easily
7

SYNOPSIS

9       logcheck-test [-q|-i] [-a|-s|-l FILE] [-e] [-P PREFIX] [-S SUFFIX] RULE
10       logcheck-test [-q|-i] [-a|-s|-l FILE] -r RULEFILE
11

DESCRIPTION

13       logcheck-test  parses a log file for matching lines specified by a sin‐
14       gle rule or a rule file. If using a single RULE you can  set  a  PREFIX
15       and a SUFFIX to write new rules easily.
16
17

OPTIONS

19       -h, --help
20              Show usage information
21
22       -a, --auth.log
23              Parse /var/log/auth.log for matching lines
24
25       -s, --syslog
26              Parse /var/log/syslog for matching lines
27
28       -l, --log-file FILE
29              Parse FILE for matching lines
30
31       -i, --invert-match
32              Show line that don't match the RULE or the RULEFILE
33
34       -q, --quiet
35              Suppress rule summary at the end of output
36
37       -e, --surround-rule
38              Surround RULE with standard prefix and suffix:
39
40              ^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ RULE$
41
42       -P, --append-prefix PREFIX
43              Append PREFIX to rule prefix. Option can be given multiple times
44
45       -S, --prepend-suffix SUFFIX
46              Prepend  SUFFIX  to  rule  suffix.  Option can be given multiple
47              times
48
49       -r, --rule-file RULEFILE
50              Use file RULEFILE for rule input
51

EXAMPLES

53       With logcheck-test you can easily write and test new rules.
54
55       Test a single rule against /var/log/syslog:
56              logcheck-test -s "RULE"
57
58
59       Test a single rule against ~/log, surround the rule with standard  pre‐
60       fix and suffix and append "kernel " to prefix:
61              logcheck-test -l ~/log -e -P "kernel " "RULE"
62
63
64       Test the rules in rulefiles/linux/ignore.d.server/kernel against ~/log:
65              logcheck-test -l ~/log -r rulefiles/linux/ignore.d.server/kernel
66
67
68       Test  which  lines  the rules in rulefiles/linux/ignore.d.server/kernel
69       doesn't match:
70              logcheck-test -l ~/log -r rulefiles/linux/ignore.d.server/kernel
71              -i
72
73

EXIT STATUS

75       On successful matching logcheck-test will complete with exit code 0. An
76       exit code of 1 indicates no successful matching.
77
78       An exit code greater then 1 indicates an error occurred. Textual errors
79       are written to the standard error stream.
80

SEE ALSO

82       logcheck(8)
83

AUTHOR

85       logcheck   is   developed   by   Debian   logcheck   Team   at  alioth:
86       http://alioth.debian.org/projects/logcheck/. This manual was written by
87       Hannes von Haugwitz <hannes@vonhaugwitz.com>.
88
89
90
91                                 Feb 19, 2010                 logcheck-test(1)
Impressum