From anonymous, 5 Years ago, written in Plain Text.
Embed
  1. # In this file, patterns for journalwatch are defined to blacklist all journal
  2. # messages which are not errors.
  3. #
  4. # Lines starting with '#' are comments. Inline-comments are not permitted.
  5. #
  6. # The patterns are separated into blocks delimited by empty lines. Each block
  7. # matches on a log entry field, and the patterns in that block then are matched
  8. # against all messages with a matching log entry field.
  9. #
  10. # The syntax of a block looks like this:
  11. #
  12. # <field> = <value>
  13. # <pattern>
  14. # [<pattern>]
  15. # [...]
  16. #
  17. # If <value> starts and ends with a slash, it is interpreted as a regular
  18. # expression, if not, it's an exact match. Patterns are always regular
  19. # expressions.
  20. #
  21. # Below are some useful examples. If you have a small set of users, you might
  22. # want to adjust things like "user \w" to something like "user (root|foo|bar)".
  23. #
  24. # The regular expressions are extended Python regular expressions, for details
  25. # see:
  26. #
  27. # https://docs.python.org/3.4/library/re.html#regular-expression-syntax
  28. # https://docs.python.org/3.4/howto/regex.html
  29. # http://doc.pyschools.com/html/regex.html
  30. #
  31. # The journal fields are explained in systemd.journal-fields(7).
  32.  
  33. _SYSTEMD_UNIT = systemd-logind.service
  34. New session [a-z]?\d+ of user \w+\.
  35. Removed session [a-z]?\d+\.
  36.  
  37. SYSLOG_IDENTIFIER = /(CROND|crond)/
  38. pam_unix\(crond:session\): session (opened|closed) for user \w+
  39. \(\w+\) CMD .*
  40.  
  41. SYSLOG_IDENTIFIER = systemd
  42. (Stopped|Stopping|Starting|Started) .*
  43. (Created slice|Removed slice) user-\d*\.slice\.
  44. Received SIGRTMIN\+24 from PID .*
  45. (Reached target|Stopped target) .*
  46. Startup finished in \d*ms\.