[Logcheck-commits] CVS logcheck/docs

CVS User maks-guest logcheck-devel at lists.alioth.debian.org
Mon Jul 18 21:39:02 UTC 2005 

Update of /cvsroot/logcheck/logcheck/docs
In directory haydn:/tmp/cvs-serv27992/docs

Modified Files:
	README.logcheck-database 
Log Message:

README.logcheck-database follows markdown syntax,
so could be evetually changed into html later.
add testing rules section header.


--- /cvsroot/logcheck/logcheck/docs/README.logcheck-database	2005/07/18 20:56:05	1.10
+++ /cvsroot/logcheck/logcheck/docs/README.logcheck-database	2005/07/18 21:39:02	1.11
@@ -1,17 +1,18 @@
-######################################################################
 SYNOPSIS
---------
+========
+
 Logcheck-database provides the egrep patterns required by the
 package "logcheck"; they are used to filter recent log messages
 (collected using "logtail") into a mailed news summary.
 
-======================================================================
+
 SETS OF RULES
--------------
+=============
+
 There are three layers of sets of filtering rules, all of which are
 normal egrep pattern-matches, applied in turn.
 
-1) the "ATTACK ALERTS" layer, designed to detect the traces of active
+1. the "ATTACK ALERTS" layer, designed to detect the traces of active
 	intrusion attempts.
 
    Patterns raising the alarm go in "/etc/logcheck/cracking.d"; any
@@ -31,7 +32,7 @@
 	this means they are totally ignored - log messages handled
 	at one layer are not carried over to lower layers.
 
-2) the "SECURITY EVENTS" layer, designed to detect less critical
+2. the "SECURITY EVENTS" layer, designed to detect less critical
 	events still considered worthy of special attention. 
 
    Patterns raising the alarm go in "/etc/logcheck/violations.d";
@@ -43,7 +44,7 @@
 	Events" that match with violations.ignore patterns are
 	discarded as false alarms.
 
-3) the "SYSTEM EVENTS" layer, handling leftover log messages.
+3. the "SYSTEM EVENTS" layer, handling leftover log messages.
 
    This layer doesn't have an equivalent to the alarm-raising
 	cracking.d and violations.d; instead _all_ remaining lines
@@ -61,76 +62,78 @@
 When _no_ logged events make it through the filters no report is
 mailed.
 
-======================================================================
+

[174 lines skipped]

More information about the Logcheck-commits mailing list