Bug#286329: [Logcheck-devel] Bug#286329: Sorry, wrong directory

[maximilian attems]

On Sun, 26 Dec 2004, Marc Sherman wrote:

> Sorry about this, but I messed this patch up.  This message gets tagged 
> as a sercurity violation, so I put the exclusion in the wrong directory. 
>   It needs to go in a new file .../violations.ignore.d/logcheck-samba.

ok thanks for the report as current logcheck cvs is not yet released.
i fixed it in cvs.
 
> Please consider this a vote for a single unified ignore directory in a 
> future version of logcheck, instead of the split 
> cracking/violations/events structure we currently have.

objected,
it's a feature to have a different level of events.

but you are right that current implementation of dirs is suboptimal
and is a TODO entry for post sarge.
 
> Until then, you might want to consider changing the labels of the emails 
> to match the names of the directories, to make it a little more obvious 
> at least:
> 
> # Controls Subject: lines on logcheck reports:
> ATTACKSUBJECT="Cracking Alerts"
> SECURITYSUBJECT="Security Violations"
> EVENTSSUBJECT="System Events"

that is the older name for the mid layer,
"Security Violations" is much too strong for what get logged.
"Cracking Alerts" will be renamed in "Security Violations".
look in /usr/share/doc/logcheck/TODO
 
> One more question... why do the files you provide in the 
> logcheck-database package use the "logcheck-" prefix in the violations 
> directory, but not in the ignore directory?  Consistancy would be good 
> here, I think.

good question, the renaming was done before my time.
it's a bit hardcoded in logcheck code.
greplogoutput() needs clean up, but works currently ;-)

--
maks