[Logcheck-devel] Fwd: seamus.madduck.net 2006.07.23.0050 System Events

martin f krafft madduck at madduck.net
Sun Jul 23 06:54:59 UTC 2006

This in today:

----- Forwarded message from logcheck at seamus.madduck.net -----

System Events
Jul 23 00:45:09 seamus sshd[22983]: Address maps to admin.trumedia.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

----- End forwarded message -----

There is a violations.ignore.d rule for these files, shouldn't that
automatically also filter them at the ignore.d level?

I am not sure what the answer is, but I thought the above was the
behaviour. I could not find a bug report about this.

Since violations.d is a set of escalation filters, it would make
sense for violations.ignore.d to be a set of de-escalation filters,
but I don't think this is what the documentation suggests.

Please advise.

martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck
spamtraps: madduck.bogus at madduck.net
no cat has eight tails.
a cat has one tail more than no cat.
therefore, a cat has nine tails.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060723/111633eb/attachment.pgp 

More information about the Logcheck-devel mailing list