[Logcheck-devel] Bug#241526: logcheck: Logcheck ignoring by number of occurrences
Erich Schubert
erich at debian.org
Wed Jan 4 23:30:33 UTC 2006
Package: logcheck
Version: 1.2.42
Followup-For: Bug #241526
Hi,
I'd also like to be able to ignore messages unless they occur too often,
and maybe group certain messages when they occur very often.
A typical example is
postfix/smtp: connect to mx3.mail.yahoo.com[64.156.215.18]: read timeout
(port 25)
Oh my god! This really is critical information, isn't it?
Well, when your server has like dozens of them it probably means
something is broken with your network connectivitiy; then it's useful to
know. As long as there are only single of these messages, they should
just be ignored...
Similarly:
grouping them by the number of hits - like dicitionary attacks.
For dictionary attacks, only the first and last attempt is that
interesting that I'd like to see it in the logcheck result; if I need
the complete data I can still access the original logfile.
Thanks,
Erich
More information about the Logcheck-devel
mailing list