[Logcheck-commits] CVS logcheck/docs
CVS User maks-guest
logcheck-devel at lists.alioth.debian.org
Mon Jul 18 21:39:02 UTC 2005
Update of /cvsroot/logcheck/logcheck/docs
In directory haydn:/tmp/cvs-serv27992/docs
Modified Files:
README.logcheck-database
Log Message:
README.logcheck-database follows markdown syntax,
so could be evetually changed into html later.
add testing rules section header.
--- /cvsroot/logcheck/logcheck/docs/README.logcheck-database 2005/07/18 20:56:05 1.10
+++ /cvsroot/logcheck/logcheck/docs/README.logcheck-database 2005/07/18 21:39:02 1.11
@@ -1,17 +1,18 @@
-######################################################################
SYNOPSIS
---------
+========
+
Logcheck-database provides the egrep patterns required by the
package "logcheck"; they are used to filter recent log messages
(collected using "logtail") into a mailed news summary.
-======================================================================
+
SETS OF RULES
--------------
+=============
+
There are three layers of sets of filtering rules, all of which are
normal egrep pattern-matches, applied in turn.
-1) the "ATTACK ALERTS" layer, designed to detect the traces of active
+1. the "ATTACK ALERTS" layer, designed to detect the traces of active
intrusion attempts.
Patterns raising the alarm go in "/etc/logcheck/cracking.d"; any
@@ -31,7 +32,7 @@
this means they are totally ignored - log messages handled
at one layer are not carried over to lower layers.
-2) the "SECURITY EVENTS" layer, designed to detect less critical
+2. the "SECURITY EVENTS" layer, designed to detect less critical
events still considered worthy of special attention.
Patterns raising the alarm go in "/etc/logcheck/violations.d";
@@ -43,7 +44,7 @@
Events" that match with violations.ignore patterns are
discarded as false alarms.
-3) the "SYSTEM EVENTS" layer, handling leftover log messages.
+3. the "SYSTEM EVENTS" layer, handling leftover log messages.
This layer doesn't have an equivalent to the alarm-raising
cracking.d and violations.d; instead _all_ remaining lines
@@ -61,76 +62,78 @@
When _no_ logged events make it through the filters no report is
mailed.
-======================================================================
+
[174 lines skipped]
More information about the Logcheck-commits
mailing list