how can I add comments to logcheck ignore-rules?
Things I tried so far:
Is there a better way than starting lines with $^ ?
Is it guaranteed that lines starting with $^ will never match? What about performance?
As of logcheck 1.1.9.1 (which was released in 2002), blank lines, lines that only consist of [:space:] characters, and comments (lines that begin with #) are filtered out before the rule files are passed to egrep.
This is mentioned in passing in the "WRITING RULES" section of docs/README.logcheck-database, which is available in /usr/share/doc/logcheck-database/README.logcheck-database.gz on my system (Ubuntu 12.04, logcheck 1.3.14):
logcheck will preprocess [local rule files] to eliminate dangerous blanks (since "egrep '' syslog" matches every line) and comment lines
It's also mentioned in this handy wiki article: "Logcheck administration":
Filter files may have comment lines (beginning with #) and empty lines (containing only none or more space and tabs). These are ignored by logcheck.
It can be verified in the logcheck source code by searching for the cleanrules function, which writes rule files with these lines filtered out to a temporary directory before feeding them to egrep:
# pipe to cat on greps to get usable exit status
egrep --text -v '^[[:space:]]*$|^#' "$dir/$rulefile" \
| cat >> "$cleaned/$rulefile"
