[Logcheck-devel] 1.2.24 release

maks attems debian at sternwelten.at
Fri Jul 23 12:58:20 UTC 2004 

On Fri, 23 Jul 2004, Gerfried Fuchs wrote:

> * maks attems <debian at sternwelten.at> [2004-07-19 16:04]:
> > sarge items (1.2.24 || 1.2.25 || 1.2.26):
> > #255932: News file is not displayed on upgrade
> > Alfie said to works on that.
> 
>  Sorry...  I am going to reformat it.  Timestamp of the file is
> available through CVS, will check the log who commited it and use that
> in the format line. I hope I won't forget, because my offline version
> has now my name and address in there, and I don't want to claim that
> entry for myself.  :)
> 
>  Again, sorry for the delay.
> 
>  And now, todd did it. Well, my own fault :)  <nitpick>Although
> according to the time in CVS his entry is 15 minutes off.</nitpick>

<confess>hmm actually me did it on the name of todd,</confess>
as it was he who created that news entry.
vim's highlighting liked the new format, but didn't test if it shows up.

#255932 still open, as reformat was only 1/2 of the job,
still needed is renaming (acked by todd) and
afterward take care to name it News.Debian for the debian package
in order to get it displayed.
 
> > #215640: logcheck: documentation confusing/contradictory
> > ideas for better explanations in manpage, but needs rephrasing.
> 
>  If it isn't done yet I might want to take a look at it. Though I am not
> a native speaker I hope my writing skills are not the worst. (At least
> you accepted my rewrite of the templates. :))

cool, what the logcheck manpage also lacks is some examples of usage like:

# testing new rules
logcheck -o -t

# work on new logfile
logcheck -o -l /var/log/daemon-foo.log

# debug wrong rules (egrep warnings)
logcheck -o -d 

maybe others know some more, i also like the -T switch but thats more
devel stuff..

logcheck needs some explanation in the manpage what it's doing,
but please take care of aboves patch, i found his wording very confusing.

> > #258427: logcheck/logtail didn't detect tampering logfile
> > Alfie didn't find that to be a bug, but i will take a better look 
> > at logtail how it's happening to get the hole logfile mailed
> 
>  I've read your close message, but simply don't understand it
> correctly....  Please get back to me on this, maybe in german. :)
> 
>  What I meant is that if logcheck notices tampering with a file it
> should notice this in the mails. Not few root kits do in fact tamper
> with the logfiles, so it should rather complain in some way than ignore
> the tampering. That was my original meaning why I don't think that its a
> bug but a feature. Of course a strange feature that should get a more
> meaningful warning message, but still a good feature.

it's not so hard to add a message there at logtail line 86,
but this should be tested a bit, no idea if someone dislikes that new
warning. (by the way line 79 is redundant, didn't delete it yet).

also the other current warning message should be allowed to be turned off,
thought about 'logtail -i' ignore warning messages, silent better?
would be logtail side for #195935, would still need logcheck counterpart.
but that's sugar..
 
> > ps i'm going surfing next week for 2 weeks.
> 
>  Cool. If you find interesting projects/pics send the URLs!!

well it might by hard doing so, as i'll be 100% offline!

a++ maks

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040723/29a9279a/attachment.pgp

More information about the Logcheck-devel mailing list