[Logcheck-devel] Fwd: seamus.madduck.net 2006.07.23.0050 System Events
Todd Troxell
ttroxell at debian.org
Wed Jul 26 03:05:27 UTC 2006
On Sun, Jul 23, 2006 at 07:54:59AM +0100, martin f krafft wrote:
> This in today:
>
> ----- Forwarded message from logcheck at seamus.madduck.net -----
>
> System Events
> =-=-=-=-=-=-=
> Jul 23 00:45:09 seamus sshd[22983]: Address 66.132.142.188 maps to admin.trumedia.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
>
> ----- End forwarded message -----
>
> There is a violations.ignore.d rule for these files, shouldn't that
> automatically also filter them at the ignore.d level?
>
> I am not sure what the answer is, but I thought the above was the
> behaviour. I could not find a bug report about this.
>
> Since violations.d is a set of escalation filters, it would make
> sense for violations.ignore.d to be a set of de-escalation filters,
> but I don't think this is what the documentation suggests.
>
> Please advise.
Yes, yes it should. There was a bug report about this somewhere... Gah!
To be clear, the violations.ignore.d should filter things are the ignore.d
level. Currently it does not.
--
Todd Troxell
http://rapidpacket.com/~xtat
More information about the Logcheck-devel
mailing list