[Logcheck-devel] Bug#324451: logcheck-database: rules to add to the database package
Robbert Muller
muller at muze.nl
Mon Aug 22 07:22:01 UTC 2005
Package: logcheck-database
Version: 1.2.39
Severity: wishlist
The Package mon doens't have any rules yet, but does write to the
syslog.
the problem is that one of the lsit commands triggers the security
violation which it isn't ;-)
mayme it's a good idea to add this to de default list of violation
ignore's
olympos:~# cat /etc/logcheck/violations.ignore.d/local-mon
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mon\[[0-9]+\]: client command "list failures"$
further i think list command shouldn't be in the system events logs
so we also have this rule file
cat /etc/logcheck/ignore.d.server/local-mon
# matches list commands
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mon\[[0-9]+\]: client command "list [a-z]+"$
# matches the protocol command
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ mon\[[0-9]+\]: client command "protid [0-9]+"$
i hope these rules could make the next release of logcheck even better then it already is
regards
Robbert Muller
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.11.5-olympos.11
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages logcheck-database depends on:
ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy
-- debconf information:
logcheck-database/rules-directories-note:
logcheck-database/standard-rename-note:
logcheck-database/conffile-cleanup: false
More information about the Logcheck-devel
mailing list