[Logcheck-devel] Logcheck problem
maximilian attems
debian at sternwelten.at
Tue May 17 18:16:19 UTC 2005
On Tue, 17 May 2005, Torsten Valentin wrote:
> Hi!
>
> Is there a mailing list or so where I can get help for logcheck (woody)?
> I have a strange problem:
>
> My mail-setup causes the following entries from time to time, which is OK:
>
> May 17 11:10:48 www2 sm-mta[32066]: j4H9ATSI032066: nobody at localhost
> [127.0.0.1] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
>
> Now I want logcheck to not report these entries. Therefore I added to
> /etc/logcheck/ignore.d.server/sendmail:
>
> (sendmail|sm-(mta|msp|que)).*: .*: nobody at localhost \[.*\] did not issue
> MAIL/EXPN/VRFY/ETRN during connection to MTA
>
<snipp<
well the woody version is very old.
first try to put aboves regexes in local-foo files (prefix 'local-')
secondly in which section are aboves messages reported if it's in
security "violation" you need to put your ignores in different location
namely violations.ignore.d
third pay attention to the loglevel you are using,
if you put your rules in workstation but have server they will never
be parsed.
hope that helps,
if unclear just reask. :)
--
maks
More information about the Logcheck-devel
mailing list