[Logcheck-devel] Fwd: seamus.madduck.net 2006.07.23.0050 System Events
martin f krafft
madduck at madduck.net
Sun Jul 23 06:54:59 UTC 2006
This in today:
----- Forwarded message from logcheck at seamus.madduck.net -----
System Events
=-=-=-=-=-=-=
Jul 23 00:45:09 seamus sshd[22983]: Address 66.132.142.188 maps to admin.trumedia.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
----- End forwarded message -----
There is a violations.ignore.d rule for these files, shouldn't that
automatically also filter them at the ignore.d level?
I am not sure what the answer is, but I thought the above was the
behaviour. I could not find a bug report about this.
Since violations.d is a set of escalation filters, it would make
sense for violations.ignore.d to be a set of de-escalation filters,
but I don't think this is what the documentation suggests.
Please advise.
--
martin; (greetings from the heart of the sun.)
\____ echo mailto: !#^."<*>"|tr "<*> mailto:" net at madduck
spamtraps: madduck.bogus at madduck.net
no cat has eight tails.
a cat has one tail more than no cat.
therefore, a cat has nine tails.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature (GPG/PGP)
Url : http://lists.alioth.debian.org/pipermail/logcheck-devel/attachments/20060723/111633eb/attachment.pgp
More information about the Logcheck-devel
mailing list