[Logcheck-devel] Re: dh_installlogcheck (was: Re: Bug#350301: postgrey: logcheck file named incorrectly)
Paul Traina
reportbug at st04.pst.org
Sun Jan 29 10:58:44 UTC 2006
I agree, I'm no logcheck expert, but if it behaves according to the
manpage, it doesn't take into account the way logcheck handles violations
and their corresponding ignores anymore.
As I think I understand it (feel free to correct me), if a package wants
to register security violation regexps, those should go in:
/etc/logcheck/violations.d/<packagename>
and ignore strings for THOSE, and only THOSE, regexps should go in:
/etc/logcheck/violations.ignore.d/<packagename>
The problem here is that logcheck-database includes a bunch of generic
regexps as well, in the file
/etc/logcheck/violations.d/logcheck
which many packages trigger as false violations. Those packages, if
well behaved, are responsible for installing a file:
/etc/logcheck/violations.ignore.d/logcheck-<packagename>
to explicitly stop those false positives. How do we do this with
dh_installlogcheck.
So, by observation, two problems:
1) dh_installlogcheck has no documented mechanism to install
rules for violations.d
2) dh_installlogcheck has no documented mechanism to install
rules for violations.ignore.d/logcheck-<packagename>
More information about the Logcheck-devel
mailing list