# logcheck run results in "egrep: empty (sub)expression"



## hbauer (Jul 24, 2021)

I am trying to setup logcheck to monitor my logfiles. Currently I just installed the package with the logfiles auth.log

When running logcheck I get the message


```
sudo -u logcheck logcheck
egrep: empty (sub)expression
```

the file is there, contains logs and looks normal. 

Any idea where to start the debugging?


----------



## T-Daemon (Jul 24, 2021)

The closest to the problem on your systems with security/logcheck is a similar one in this PR 251775 with egrep(1), to be more accurate, with the regular expression implementation in FreeBSD. See PR for details.  

I would open a security/logcheck PR to address the problem.


----------



## hbauer (Aug 3, 2021)

Thank you for this hint. Unfortunately I have no idea how I could do this 



> I would open a security/logcheck PR to address the problem.


 in an efficient way


----------



## T-Daemon (Aug 3, 2021)

Don't overthink the case, just open a problem report, it doesn't have to be perfect.

1. Go to https://bugs.freebsd.org/bugzilla/
2. If you don't have an account create "New Account"
3. Then Report an update or defect to a port

Problem report subject:

security/logcheck: Regex error "egrep: empty (sub)expression"

Describe your problem and link to the similar case in PR 251775.

Wait for reply.


----------

