[Logcheck-devel] Re: dh_installlogcheck (was: Re: Bug#350301: postgrey: logcheck file named incorrectly)

Paul Traina reportbug at st04.pst.org
Sun Jan 29 10:58:44 UTC 2006


I agree, I'm no logcheck expert, but if it behaves according to the
manpage, it doesn't take into account the way logcheck handles violations
and their corresponding ignores anymore.

As I think I understand it (feel free to correct me), if a package wants
to register security violation regexps, those should go in:

	/etc/logcheck/violations.d/<packagename>

and ignore strings for THOSE, and only THOSE, regexps should go in:

	/etc/logcheck/violations.ignore.d/<packagename>

The problem here is that logcheck-database includes a bunch of generic
regexps as well, in the file

	/etc/logcheck/violations.d/logcheck

which many packages trigger as false violations.  Those packages, if
well behaved, are responsible for installing a file:

	/etc/logcheck/violations.ignore.d/logcheck-<packagename>

to explicitly stop those false positives.  How do we do this with
dh_installlogcheck.

So, by observation, two problems:

	1) dh_installlogcheck has no documented mechanism to install
	   rules for violations.d

	2) dh_installlogcheck has no documented mechanism to install
	   rules for violations.ignore.d/logcheck-<packagename>




More information about the Logcheck-devel mailing list