[Logcheck-devel] Fwd: seamus.madduck.net 2006.07.23.0050 System Events

martin f krafft madduck at madduck.net
Sun Jul 23 06:54:59 UTC 2006


This in today:

----- Forwarded message from logcheck at seamus.madduck.net -----

System Events
=-=-=-=-=-=-=
Jul 23 00:45:09 seamus sshd[22983]: Address 66.132.142.188 maps to admin.trumedia.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!

----- End forwarded message -----

There is a violations.ignore.d rule for these files, shouldn't that
automatically also filter them at the ignore.d level?

I am not sure what the answer is, but I thought the above was the
behaviour. I could not find a bug report about this.

Since violations.d is a set of escalation filters, it would make
sense for violations.ignore.d to be a set of de-escalation filters,
but I don't think this is what the documentation suggests.

Please advise.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck
 
spamtraps: madduck.bogus at madduck.net
 
no cat has eight tails.
a cat has one tail more than no cat.
therefore, a cat has nine tails.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060723/111633eb/attachment.pgp 


More information about the Logcheck-devel mailing list