[Logcheck-devel] Re: logcheck
maks attems
debian at sternwelten.at
Thu Oct 21 17:56:30 UTC 2004
On Wed, 20 Oct 2004, martin f krafft wrote:
> > current infos on how to write rules are documented in
> > /usr/share/doc/logcheck-database/README.logcheck-database.gz
>
> Somehow, this seems to have evaded me. I guess because it's not in
> the logcheck package. Stupid me.
well the pointer in logcheck(8) was only added in one of our last
releases. many people missed that file.
> > it's documented in a bit different way and point of view:
> > /usr/share/doc/logcheck/README.Maintainer
>
> Okay, if I may say, then this could be clearer. Anyway, I spotted
> a couple of small errors in that file:
i agree with you that it's quite obfuscated,
will propose changes soon.
> 23c23
> < (i.e. server = server + paranoid) you should try to split your
> ---
> > (i.e. server = server + workstation) you should try to split your
that sort of diff is hard to read, but looked at verson in cvs,
no your assumptions are wrong, that's how logcheck works:
paranoid = paranoid
server = server + paranoid
workstation = workstation + server + paranoid
you are getting more rules for relaxed env.
> 39c39
> < symlinks. If your contains .'s you should replace them with _'s so
> ---
> > symlinks. If your filenames contain .'s, you should replace them with _'s so
> 51c51
> < see if we have included them first. If we allready have rules and you
> ---
> > see if we have included them first. If we already have rules and you
> 53c53
> < so we can avoid filename confilcts.
> ---
> > so we can avoid filename conflicts.
thanks fixed in current cvs!
--
maks
More information about the Logcheck-devel
mailing list