[Logcheck-devel] Re: logcheck
maks attems
debian at sternwelten.at
Mon Oct 18 08:51:38 UTC 2004
hello,
please ask such questions on logcheck-devel,
everyone from the team is reading it.
thanks.
On Fri, 15 Oct 2004, martin f krafft wrote:
> for debianbook.madduck.net, i have three questions about logcheck:
>
> - do you officially advocate to use local-* files for manually
> created rule files?
yes,
personaly i prefer several local-* files contra one big local file.
both are used.
local file rules won't be overwritten by newly added
packages rules.
> - are local-* files treated specially in any way?
no same as any other rule file.
> - previously, the name of the violations.ignore.d rule file had to
> be the same as the one in violations.d to be able to override
> a rule. is this still the case, or would
>
> violations.d/foo: "attack.*"
> violations.ignore.d/bar: "attack\.org"
>
> cause an occurrence of attack.org to be ignored?
well your touching the still obscure corners of logcheck.
i'm wondering if that is documented, will look later:
~/src/logcheck$ egrep raise -r docs/ || echo "nothing"
nothing
if you want to raise patterns with `violations/foo',
you have 4 choices to ignore them:
* violations.ignore.d/foo
* violations.ignore.d/logcheck-foo
* violations.ignore.d/local-*
* violations.ignore.d/local
so you are correct violations.ignore.d/bar won't be of much good.
current infos on how to write rules are documented in
/usr/share/doc/logcheck-database/README.logcheck-database.gz
hope that helps?
--
maks
More information about the Logcheck-devel
mailing list