[Logcheck-devel] templates cleanup part2
maks attems
debian at sternwelten.at
Fri Jun 11 11:20:19 UTC 2004
On Fri, 11 Jun 2004, Gerfried Fuchs wrote:
> * maks attems <debian at sternwelten.at> [2004-06-10 14:10]:
> I wouldn't drop it because it can make sense. E.g. I will add entries
> for this message locally:
>
> May 28 10:40:53 tausendmorgenwald dhclient: receive_packet failed on eth0: Network is down
> Jun 9 18:57:51 tausendmorgenwald shutdown[8355]: shutting down for system halt
hmmm, am i confused, these aboves should never be reported as
"Attack Alerts"?
i'm not speaking about violations.ignore.d rules, but about
cracking.ignore.d!!
did you ever put a rule inside this dir?
> object:
>
> These directories may contain files prefixed with "logcheck-" (containing
> generic alert/override patterns), named "(packagename)" (containing patterns
> specific to that one package) or prefixed with "local-" (created by the local
> administrator to contain patterns tailored for a particular site).
> Logcheck will then use rules collected from all the files found in the
> appropriate directories.
>
> Changes: "prefixed _with_", "named" added. In our last discussion I got
> the opinion that we have also "local" as possible filename? I don't want
> that to get dropped, and am using it.
didn't find that "with" important,
feel free to add a reference to the file named local! :)
> > didn't mention the local file as admins will find local-foo easier
> > for their setup.
>
> Do you think so? Why? I think local itself is easier, I don't see the
> need to have multiple local files sitting around....
yes definetly, i may want to have local-foo which i can disgard
quickly in the case i'll removed package foo, no need to dig
throught a big file.
a++ maks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20040611/7625a3e5/attachment.pgp
More information about the Logcheck-devel
mailing list