logcheck-test(1) - Man pages

dwww Home | Manual pages | Find package
logcheck-test(1)            General Commands Manual           logcheck-test(1)

NAME
       logcheck-test - test new logcheck rules easily

SYNOPSIS
       logcheck-test [-q|-i] [-a|-s|-l FILE] [-e] [-P PREFIX] [-S SUFFIX] RULE
       logcheck-test [-q|-i] [-a|-s|-l FILE] -r RULEFILE

DESCRIPTION
       logcheck-test  parses a log file for matching lines specified by a sin-
       gle rule or a rule file. If using a single RULE you can  set  a  PREFIX
       and a SUFFIX to write new rules easily.

OPTIONS
       -h, --help
              Show usage information

       -a, --auth.log
              Parse /var/log/auth.log for matching lines

       -s, --syslog
              Parse /var/log/syslog for matching lines

       -l, --log-file FILE
              Parse FILE for matching lines

       -i, --invert-match
              Show line that don't match the RULE or the RULEFILE

       -q, --quiet
              Suppress rule summary at the end of output

       -e, --surround-rule
              Surround RULE with standard prefix and suffix:

              ^[[:alpha:]]{3} [ :[:digit:]]{11} [._[:alnum:]-]+ RULE$

       -P, --append-prefix PREFIX
              Append PREFIX to rule prefix. Option can be given multiple times

       -S, --prepend-suffix SUFFIX
              Prepend  SUFFIX  to  rule  suffix.  Option can be given multiple
              times

       -r, --rule-file RULEFILE
              Use file RULEFILE for rule input

EXAMPLES
       With logcheck-test you can easily write and test new rules.

       Test a single rule against /var/log/syslog:
              logcheck-test -s "RULE"

       Test a single rule against ~/log, surround the rule with standard  pre-
       fix and suffix and append "kernel " to prefix:
              logcheck-test -l ~/log -e -P "kernel " "RULE"

       Test the rules in rulefiles/linux/ignore.d.server/kernel against ~/log:
              logcheck-test -l ~/log -r rulefiles/linux/ignore.d.server/kernel

       Test  which  lines  the rules in rulefiles/linux/ignore.d.server/kernel
       doesn't match:
              logcheck-test -l ~/log -r rulefiles/linux/ignore.d.server/kernel
              -i

EXIT STATUS
       On successful matching logcheck-test will complete with exit code 0. An
       exit code of 1 indicates no successful matching.

       An exit code greater then 1 indicates an error occurred. Textual errors
       are written to the standard error stream.

SEE ALSO
       logcheck(8)

AUTHOR
       logcheck  is  developed  by  Debian logcheck Team at: https://salsa.de-
       bian.org/debian/logcheck. This manual was written by Hannes  von  Haug-
       witz <hannes@vonhaugwitz.com>.

                                 Feb 19, 2010                 logcheck-test(1)
Generated by dwww version 1.15 on Tue Sep 2 13:43:20 CEST 2025.