Bug 257587

Summary: security/logcheck: Regex error "egrep: empty (sub)expression"
Product: Ports & Packages Reporter: hagen.bauer <hagen.bauer>
Component: Individual Port(s)Assignee: Yasuhiro Kimura <yasu>
Status: New ---    
Severity: Affects Only Me CC: dvl, lwhsu, yasu
Priority: --- Flags: bugzilla: maintainer-feedback? (yasu)
Version: Latest   
Hardware: amd64   
OS: Any   

Description hagen.bauer@caserio.de 2021-08-03 14:20:46 UTC 
I installed the package with the logfiles auth.log. When running logcheck I get the message

sudo -u logcheck logcheck
egrep: empty (sub)expression

The logfile is there, contains logs and looks normal.
Comment 1 hagen.bauer@caserio.de 2021-08-03 14:22:26 UTC 
Similar to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251775
Comment 2 Dan Langille freebsd_committer freebsd_triage 2021-09-19 15:02:31 UTC 
For me, this was not the port, it was me https://twitter.com/DLangille/status/1398804202965581826

Try running this to identify the file in question:

echo bash -x /usr/local/sbin/logcheck | sudo su -fm logcheck

See above for details.
Comment 3 hagen.bauer@caserio.de 2021-09-20 05:43:47 UTC 
I cant find any strangely named files in the logcheck configuration directory. Also in the output of your command doesnt does not show something like thatn. 

The error doesnt happen every run so it seems to be related to the content of the logfiles.
Comment 4 Dan Langille freebsd_committer freebsd_triage 2021-09-20 15:14:09 UTC 
In which case, when it happens, run the above command, to see if you can reproduce the issue. That will help identify the file in question. Take a copy of that file and hopefully we can track it down.

Do you have custom files installed with logcheck? I do. Often, it's my own rules which fail.